Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 3rd July 2010   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

[Inactive] iexplorer.exe problem


DDS



DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 3:27:39.03 on Fri 07/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2887 [GMT 2:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

svchost.exe 4
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 4
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: עוזר הכניסה של Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [%FP%012-L2TP fts.exe] "c:\program files\012net\012net-cable dialer\fts.exe"
mRun: [%FP%012-L2TP FWPortal.exe] "c:\program files\012net\012net-cable dialer\FWPortal.exe" -no_dialog
mRun: [PRISMSVR.EXE] Prismsvr.exe /apply
mRun: [WiFiCFG.EXE] c:\program files\802.11g usb2.0 adapter\WiFiCFG.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\lyd6mmkz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15788&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-7 217032]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-7-2 30320]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-24 95872]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-5-30 22784]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-7-2 24400]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-7 112592]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-7-2 6385616]
S2 eins7295;Eset install launcher (7295);c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,rdservicestart eins7295 "c:\docume~1\admini~1\locals~1\temp\inxa.tmp" --> c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,rdservicestart eins7295 c:\docume~1\admini~1\locals~1\temp\inxA.tmp [?]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
S2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-18 68136]
S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-3-4 246520]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-1 304464]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-7-2 61624]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-7 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-7 1142224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2010-4-1 1391296]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-3-2 24504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-1 20952]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [2005-9-7 17230]

=============== Created Last 30 ================

2010-07-01 23:24:22 0 d-----w- c:\windows\system32\NtmsData
2010-07-01 23:23:50 0 d-----w- c:\docume~1\admini~1\applic~1\Avira
2010-07-01 23:22:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-01 23:22:39 0 d-----w- c:\program files\Avira
2010-07-01 23:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-01 23:17:41 319840 ----a-w- c:\windows\eins1326.dll
2010-07-01 23:06:35 0 d-----w- c:\program files\ESET
2010-07-01 22:51:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-01 22:51:26 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-07-01 22:51:22 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-01 22:26:48 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-07-01 22:26:47 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-07-01 22:26:47 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-07-01 22:26:46 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-07-01 22:26:45 0 d-----w- c:\program files\Prevx
2010-07-01 22:26:35 51 ----a-w- c:\windows\wininit.ini
2010-07-01 22:26:35 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-07-01 21:46:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-07-01 21:46:18 0 d-----w- c:\program files\Security Task Manager
2010-07-01 20:24:35 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-01 20:24:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-01 20:24:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-01 20:24:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 20:24:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-29 22:35:49 0 d-----w- c:\program files\LittleFighter2
2010-06-29 18:27:47 482 ----a-r- c:\windows\system\CmcnfgU.ini
2010-06-29 18:27:27 98304 ----a-r- c:\windows\system32\cmudau.dll
2010-06-29 18:27:27 917504 ----a-r- c:\windows\system\cmds3du.dll
2010-06-29 18:27:27 712704 ----a-r- c:\windows\system32\a3dpropu.dll
2010-06-29 18:27:27 61440 ----a-r- c:\windows\system\cmsnxeye.exe
2010-06-29 18:27:27 5341184 ----a-r- c:\windows\system\cmcnfgu.cpl
2010-06-29 18:27:26 16384 ----a-r- c:\windows\system32\cmpropu.dll
2010-06-29 18:27:18 2563 ------r- c:\windows\Cmudau.ini
2010-06-29 17:33:51 4286 ------r- c:\windows\control.ico
2010-06-29 17:33:51 1150 ------r- c:\windows\tray.ico
2010-06-29 17:33:50 0 d-----w- c:\program files\Steel Sound 5H USB
2010-06-28 16:07:43 101893 ----a-w- c:\documents and settings\administrator\AdobeFnt10.lst
2010-06-27 23:43:35 3170352 ----a-w- C:\ProMS.exe
2010-06-27 23:43:35 101 ----a-w- C:\settings.ini
2010-06-24 23:53:57 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-06-13 17:17:24 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-06-13 17:17:24 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-06-10 10:59:38 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-10 10:59:23 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 10:58:23 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-10 09:50:27 0 d-----w- c:\program files\Sony
2010-06-04 21:04:14 0 d-----w- c:\windows\system32\RTCOM
2010-06-04 21:03:53 315392 ----a-w- c:\windows\HideWin.exe

==================== Find3M ====================

2010-07-02 00:54:40 16608 ----a-w- c:\windows\gdrv.sys
2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 10:04:16 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 10:04:16 1860352 ------w- c:\windows\system32\dllcache\win32k.sys
2010-05-01 01:38:18 158 ----a-w- C:\ShockMS.zip
2010-04-20 05:37:16 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-04-07 07:53:12 50 ----a-w- C:\ChilliStory.bat
2010-04-06 02:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll
2010-03-03 11:06:00 281 ----a-w- c:\program files\aequitas.ini
2009-11-18 10:27:12 241664 ----a-w- c:\program files\aequitas.exe

============= FINISH: 3:28:05.71 ===============


attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18/02/2010 21:46:14
System Uptime: 07/02/2010 03:24:16 (3480 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-UD3
Processor: AMD Phenom(tm) II X3 710 Processor | Socket M2 | 2611/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 22.958 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 139.285 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&126B8476&0&000 1
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&126B8476&0&000 1
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ESLvnic Virtual Network 32 Bit
Device ID: ROOT\NET\0000
Manufacturer: Turtle Entertainment GmbH
Name: ESLvnic Virtual Network 32 Bit
PNP Device ID: ROOT\NET\0000
Service: ESLvnic1

==== System Restore Points ===================

RP2: 18/02/2010 21:55:23 - Installed DirectX 9.0
RP3: 18/02/2010 21:55:56 - Installed ATI AVIVO Codecs
RP5: 18/02/2010 21:57:32 - Installed ATI Parental Control & Encoder
RP6: 18/02/2010 21:57:46 - Installed ATI Problem Report Wizard
RP7: 18/02/2010 22:01:47 - Installed EasySaver B9.0205.1
RP8: 18/02/2010 22:02:03 - Installed Browser Configuration Utility
RP12: 18/02/2010 22:10:22 - Installed Steam
RP14: 18/02/2010 22:44:33 - Installed AVG 9.0
RP15: 18/02/2010 23:11:59 - Installed sClient+ Anti-Cheat
RP16: 19/02/2010 09:08:57 - Avg8 Update
RP17: 19/02/2010 10:10:50 - Installed WonderKing.
RP18: 19/02/2010 12:00:43 - Installed Microsoft Visual C++ 2005 Redistributable
RP19: 19/02/2010 12:01:06 - Installed Sony Vegas Pro 8.0
RP20: 19/02/2010 12:05:59 - Removed sClient+ Anti-Cheat
RP21: 19/02/2010 12:06:15 - Installed sClient+ Anti-Cheat
RP22: 20/02/2010 10:13:11 - Installed DirectX
RP23: 23/02/2010 08:42:38 - נקודת ביקורת של המערכת
RP24: 23/02/2010 19:40:05 - Removed sClient+ Anti-Cheat
RP25: 23/02/2010 19:40:19 - Installed sClient+ Anti-Cheat
RP26: 23/02/2010 19:40:46 - Removed sClient+ Anti-Cheat
RP27: 23/02/2010 19:41:02 - Installed sClient+ Anti-Cheat
RP28: 23/02/2010 19:54:32 - Removed sClient+ Anti-Cheat
RP29: 23/02/2010 19:55:09 - Installed sClient+ Anti-Cheat
RP30: 24/02/2010 18:59:02 - פעולת שחזור
RP31: 24/02/2010 19:02:58 - Installed sClient+ Anti-Cheat
RP32: 24/02/2010 19:05:36 - Restore Operation
RP33: 24/02/2010 19:10:31 - פעולת שחזור
RP34: 25/02/2010 09:36:47 - Avg8 Update
RP35: 26/02/2010 12:05:15 - נקודת ביקורת של המערכת
RP36: 28/02/2010 10:28:24 - נקודת ביקורת של המערכת
RP37: 01/03/2010 12:57:42 - נקודת ביקורת של המערכת
RP38: 03/03/2010 01:23:19 - נקודת ביקורת של המערכת
RP39: 04/03/2010 02:00:26 - נקודת ביקורת של המערכת
RP40: 05/03/2010 03:00:26 - נקודת ביקורת של המערכת
RP41: 05/03/2010 08:32:44 - Avg8 Update
RP42: 05/03/2010 08:34:50 - Avg Update
RP43: 06/03/2010 09:00:21 - נקודת ביקורת של המערכת
RP44: 07/03/2010 09:09:39 - נקודת ביקורת של המערכת
RP45: 07/03/2010 18:32:44 - Installed Ventrilo Client
RP46: 08/03/2010 23:05:17 - נקודת ביקורת של המערכת
RP47: 09/03/2010 08:27:13 - Avg Update
RP48: 10/03/2010 09:15:13 - נקודת ביקורת של המערכת
RP49: 11/03/2010 10:14:08 - נקודת ביקורת של המערכת
RP50: 12/03/2010 10:15:14 - נקודת ביקורת של המערכת
RP51: 13/03/2010 11:06:53 - נקודת ביקורת של המערכת
RP52: 13/03/2010 11:49:41 - Installed DirectX
RP53: 13/03/2010 15:05:03 - Installed LogMeIn Hamachi
RP54: 14/03/2010 23:42:46 - Installed Realtek High Definition Audio Driver
RP55: 14/03/2010 23:58:12 - Removed Realtek High Definition Audio Driver
RP56: 15/03/2010 00:14:17 - Installed Realtek High Definition Audio Driver
RP57: 16/03/2010 01:27:23 - נקודת ביקורת של המערכת
RP58: 17/03/2010 01:39:26 - נקודת ביקורת של המערכת
RP59: 17/03/2010 09:07:58 - Avg Update
RP60: 18/03/2010 09:40:31 - נקודת ביקורת של המערכת
RP61: 19/03/2010 10:39:26 - נקודת ביקורת של המערכת
RP62: 20/03/2010 10:39:54 - נקודת ביקורת של המערכת
RP63: 21/03/2010 11:47:08 - נקודת ביקורת של המערכת
RP64: 22/03/2010 12:39:54 - נקודת ביקורת של המערכת
RP65: 23/03/2010 13:39:54 - נקודת ביקורת של המערכת
RP66: 24/03/2010 14:12:48 - נקודת ביקורת של המערכת
RP67: 25/03/2010 14:40:30 - נקודת ביקורת של המערכת
RP68: 25/03/2010 17:38:48 - Installed Assassin's Creed II
RP69: 25/03/2010 17:43:11 - Installed DirectX
RP70: 25/03/2010 17:44:10 - Installed Ubisoft Game Launcher
RP71: 25/03/2010 18:24:31 - Removed Assassin's Creed II
RP72: 25/03/2010 18:24:44 - Installed Assassin's Creed II
RP73: 25/03/2010 18:30:07 - Installed DirectX
RP74: 25/03/2010 18:31:06 - Installed Ubisoft Game Launcher
RP75: 25/03/2010 07:10:03 - נקודת ביקורת של המערכת
RP76: 26/03/2010 07:22:47 - נקודת ביקורת של המערכת
RP77: 26/03/2010 19:25:25 - Installed DirectX
RP78: 26/03/2010 19:31:35 - Installed DirectX
RP79: 26/03/2010 19:37:04 - Installed DirectX
RP80: 26/03/2010 20:08:35 - Installed DirectX
RP81: 26/03/2010 21:49:27 - SPTD setup V1.62
RP82: 27/03/2010 23:05:23 - נקודת ביקורת של המערכת
RP83: 29/03/2010 14:09:42 - נקודת ביקורת של המערכת
RP84: 30/03/2010 20:42:29 - נקודת ביקורת של המערכת
RP85: 31/03/2010 21:03:04 - נקודת ביקורת של המערכת

==== Installed Programs ======================

%WS4_ARP_DISPLAY%
012Net
360WavesPatcher (Client setup)
802.11g USB2.0 adapter
abgx360 v1.0.2
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AMD Processor Driver
Ask Toolbar
Assassin's Creed II
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avira AntiVir Personal - Free Antivirus
Browser Configuration Utility
Browser Defender 2.0.6.15
BS.Player FREE
BS_Player Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat-Defender
Condition Zero Deleted Scenes
Counter-Strike
Counter-Strike: Source
DAEMON Tools Toolbar
EasySaver B9.0205.1
ESL Wire 1.3
Fraps
Full Tilt Poker
GameSpy Arcade
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICQ Toolbar
ICQ7
ImgBurn
Java(TM) 6 Update 13
Left 4 Dead
Little Fighter 2 version 2.0a
Madballs in... Babo:Invasion
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.6.4)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
myBabylon_English Toolbar
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
Pando Media Booster
Prevx
R.U.S.E. Beta
Razer DeathAdder(TM) Mouse
REALTEK GbE & FE Ethernet PCI-E NIC Driver
SAW - The Video Game
sClient+ Anti-Cheat
Security Task Manager 1.7h
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sony Vegas Pro 8.0
Spyware Doctor 7.0
Steam
Steel Sound 5H USB
SUPERAntiSpyware
SWAT 4
Team Fortress 2
TeamSpeak 3 Client
TrackMania Nations Forever
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
War Rock
WebFldrs XP
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
WonderKing
Yahoo! Toolbar
Zynga Toolbar
כלי ההעלאה של Windows Live
מסייע הכניסה של Windows Live

==== Event Viewer Messages From Past Week ========

30/06/2010 22:47:34, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
30/06/2010 22:38:06, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
30/06/2010 16:59:40, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 20:29:47, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\stream.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\portcls.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\drmk.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
29/06/2010 20:13:30, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 19:58:58, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 19:51:59, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 19:40:37, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
29/06/2010 19:37:09, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
29/06/2010 19:37:07, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
28/06/2010 17:17:31, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
28/06/2010 16:36:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: ‏‏בוצע ניסיון לפעולת Socket במחשב מארח שאינו נגיש. (0x80072751)
28/06/2010 16:36:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: ‏‏בוצע ניסיון לפעולת Socket במחשב מארח שאינו נגיש. (0x80072751)
28/06/2010 16:21:31, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
26/06/2010 15:26:46, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
26/06/2010 00:38:38, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 03:26:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM ehdrv Fips SASDIFSV SASKUTIL sptd sr
02/07/2010 03:24:51, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
02/07/2010 02:56:11, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a486dc7c, פרמטר4 00000000.
02/07/2010 02:55:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset install launcher (7295) service to connect.
02/07/2010 02:55:18, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 02:55:18, error: Service Control Manager [7000] - The Eset install launcher (7295) service failed to start due to the following error: ‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
02/07/2010 02:46:40, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a5e66634, פרמטר4 00000000.
02/07/2010 02:44:02, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a486dc7c, פרמטר4 00000000.
02/07/2010 02:41:45, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 01:27:34, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM avgio avipbb ehdrv Fips SASDIFSV SASKUTIL sptd sr
02/07/2010 01:26:08, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
02/07/2010 01:16:18, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 0000000c, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba14bc5b.
02/07/2010 01:15:09, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 01:12:16, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 0000000c, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba14bc5b.
02/07/2010 01:11:02, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 01:08:55, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
02/07/2010 01:01:05, error: System Error [1003] - ‏‏קוד שגיאה 000000c2, פרמטר1 00000007, פרמטר2 00000cd4, פרמטר3 35383544, פרמטר4 8a3500f0.
02/07/2010 00:59:57, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
02/07/2010 00:54:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
01/07/2010 23:56:14, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
01/07/2010 23:41:20, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 23:35:41, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 23:18:13, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 4633333d, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba2bb5f3.
01/07/2010 23:17:15, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 23:13:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 ccHP eeCtrl Fips sptd sr SRTSPX SymIRON SYMTDI
01/07/2010 23:11:57, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
01/07/2010 23:09:25, error: Service Control Manager [7022] - The LogMeIn Hamachi 2.0 Tunneling Engine service hung on starting.
01/07/2010 23:07:16, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 22:22:45, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/07/2010 21:55:26, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.101 with the system having network hardware address 00:03:0D:A1:E2:0B. Network operations on this system may be disrupted as a result.
01/07/2010 21:05:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdPPM aswSP aswTdi BHDrvx86 ccHP eeCtrl Fips sptd sr SRTSPX SymIRON SYMTDI
01/07/2010 21:04:27, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
01/07/2010 20:48:09, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 20:45:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswSP aswTdi BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd sr SRTSPX SymIRON SYMTDI Tcpip
01/07/2010 20:45:36, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
01/07/2010 20:45:36, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
01/07/2010 20:45:36, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
01/07/2010 20:45:36, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
01/07/2010 20:45:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/07/2010 20:45:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/07/2010 20:44:41, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
01/07/2010 20:40:47, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 20:37:27, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 20:24:53, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
01/07/2010 20:19:49, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 20:15:45, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 19:47:55, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 19:43:18, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 19:22:14, error: Service Control Manager [7034] - The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
01/07/2010 19:21:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sr
01/07/2010 19:21:58, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
01/07/2010 00:49:55, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.

==== End Of File ===========================


HiJackthis


Logfile of HijackThis v1.99.1
Scan saved at 03:29:57, on 02/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe"
O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe" -no_dialog
O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply
O4 - HKLM\..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Restore Service (srservice) - Duplex Secure Ltd. - (no file)


Last edited by adamexsa; 3rd July 2010 at 00:32.
adamexsa is offline  
Old 3rd July 2010   #2
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
What are your issues?
What is your current AV program?
I can see parts of Avira, Norton and Eset running.

broni is offline  
Old 3rd July 2010   #3
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

there is IEXPLORE.exe runned on my task manager twice and there is a pops that comeup everytime

adamexsa is offline  
Old 3rd July 2010   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 3rd July 2010   #5
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4271

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

02/07/2010 20:20:44
mbam-log-2010-07-02 (20-20-44).txt

Scan type: Quick scan
Objects scanned: 126430
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-02 21:27:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awnyrpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[536] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0xF9 0x76 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x7D 0x99 0x4D 0x2D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0xF9 0x76 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x7D 0x99 0x4D 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0xF9 0x76 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x7D 0x99 0x4D 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1605871432\Groups@\x5c0\5א\5י\5\xf88d\5 \0ח\5י\5ט\5 \0א\5ױ\5ב\5ה\5\xf88d\5\xf891\5 0

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B2284C50-8608-11DF-A08D-00241D2FFB5B}.dat 4608 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB1DDA8A-8608-11DF-A08D-00241D2FFB5B}.dat 4096 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JOEKGXW5\background_gradient[1] 0 bytes




Uploaded with ImageShack.us

adamexsa is offline  
Old 3rd July 2010   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is offline  
Old 3rd July 2010   #7
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

ComboFix 10-07-03.01 - Administrator 07/03/2010 1:20.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2850 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\BASSMOD.dll
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\windows\system\VB40032.DLL
c:\windows\system32\7177778.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AtapiDrv


((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 22:38 . 2010-07-02 22:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-07-02 22:38 . 2010-07-02 22:38 216 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4BB1B6CC60E4B5A41A663B175B1523B4.dll
2010-07-02 18:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 18:02 . 2010-07-02 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 18:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 03:09 . 2010-07-02 03:09 -------- d-----w- C:\VritualRoot
2010-07-02 03:09 . 2010-07-02 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-02 03:03 . 2010-07-02 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-01 23:24 . 2010-07-02 00:44 -------- d-----w- c:\windows\system32\NtmsData
2010-07-01 23:17 . 2010-07-01 23:17 319840 ----a-w- c:\windows\eins1326.dll
2010-07-01 23:06 . 2010-07-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-01 22:51 . 2010-07-01 22:51 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-01 22:51 . 2010-07-01 22:51 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 22:51 . 2010-07-01 22:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-01 22:51 . 2010-07-01 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-01 22:51 . 2010-07-01 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-01 20:24 . 2010-07-01 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-01 20:24 . 2010-07-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-01 18:21 . 2010-07-01 18:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-01 17:48 . 2010-07-01 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BS_Player
2010-07-01 17:38 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-01 17:38 . 2010-07-01 17:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\myBabylon_English
2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Zynga
2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-07-01 17:22 . 2010-07-01 17:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-30 15:01 . 2010-06-30 15:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-30 15:00 . 2010-07-02 01:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
2010-06-30 15:00 . 2010-06-30 15:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-30 15:00 . 2010-07-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-06-30 15:00 . 2010-07-02 01:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\myBabylon_English
2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-06-29 22:35 . 2010-06-29 22:35 -------- d-----w- c:\program files\LittleFighter2
2010-06-29 18:27 . 2005-01-19 01:52 61440 ----a-r- c:\windows\system\cmsnxeye.exe
2010-06-29 18:27 . 2004-02-13 07:39 98304 ----a-r- c:\windows\system32\cmudau.dll
2010-06-29 18:27 . 2002-04-29 07:04 917504 ----a-r- c:\windows\system\cmds3du.dll
2010-06-29 18:27 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3dpropu.dll
2010-06-29 18:27 . 2004-02-18 06:19 16384 ----a-r- c:\windows\system32\cmpropu.dll
2010-06-29 17:33 . 2010-06-29 18:27 -------- d-----w- c:\program files\Steel Sound 5H USB
2010-06-27 23:43 . 2008-11-11 07:27 3170352 ----a-w- C:\ProMS.exe
2010-06-24 23:53 . 2010-06-24 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-22 14:05 . 2010-06-22 17:28 4286 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_950D48DB97671A8238B0D2.exe
2010-06-22 14:05 . 2010-06-22 17:28 4286 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_6FEFF9B68218417F98F549.exe
2010-06-22 14:05 . 2010-06-22 17:28 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_79D9B9396E11781C58F99A.exe
2010-06-19 20:03 . 2010-06-19 20:03 706048 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...091-0-main.dll
2010-06-19 18:59 . 2010-02-17 16:19 71960 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
2010-06-19 18:59 . 2010-02-17 16:19 420352 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll
2010-06-19 18:59 . 2010-02-17 16:19 124184 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-apoctoshape.dll
2010-06-13 17:17 . 2008-04-13 22:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-06-13 17:17 . 2008-04-13 22:48 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-06-10 10:59 . 2010-04-20 05:37 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-10 10:59 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 10:58 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-10 09:50 . 2010-06-10 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-06-10 09:50 . 2010-06-10 09:50 -------- d-----w- c:\program files\Sony
2010-06-04 21:04 . 2010-06-29 18:24 -------- d-----w- c:\windows\system32\RTCOM
2010-06-04 21:03 . 2010-06-04 21:03 315392 ----a-w- c:\windows\HideWin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 23:26 . 2010-03-02 21:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-02 23:26 . 2010-02-18 19:59 16608 ----a-w- c:\windows\gdrv.sys
2010-07-02 22:45 . 2010-07-01 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-07-02 22:41 . 2010-02-18 19:33 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-02 22:38 . 2010-07-01 21:46 -------- d-----w- c:\program files\Security Task Manager
2010-07-02 22:28 . 2010-02-18 20:10 -------- d-----w- c:\program files\Steam
2010-07-02 15:36 . 2010-02-18 19:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:30 . 2010-03-02 15:16 -------- d-----w- c:\program files\EslWire
2010-07-02 15:26 . 2010-04-07 16:02 -------- d-----w- c:\program files\Spyware Doctor
2010-07-02 15:24 . 2010-03-12 13:53 -------- d-----w- c:\program files\GameSpy Arcade
2010-07-02 15:24 . 2010-03-26 20:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-07-01 22:59 . 2010-04-23 20:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 22:59 . 2010-04-23 20:38 -------- d-----w- c:\program files\NortonInstaller
2010-07-01 22:41 . 2010-04-23 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-01 20:23 . 2010-04-17 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-30 15:07 . 2010-02-18 20:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC
2010-06-30 15:06 . 2010-02-18 20:20 -------- d-----w- c:\program files\mIRC
2010-06-30 00:36 . 2010-03-04 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2010-06-29 01:15 . 2010-02-21 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-06-28 22:01 . 2010-02-21 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-06-28 20:06 . 2010-03-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-06-12 12:16 . 2010-03-04 14:14 -------- d-----w- c:\program files\ICQ7.0
2010-06-10 09:50 . 2010-03-02 21:59 -------- d-----w- c:\program files\VSTplugins
2010-06-10 09:49 . 2010-03-22 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
2010-06-08 02:16 . 2010-04-07 16:08 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21 . 2010-04-07 16:08 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-04 20:24 . 2010-02-18 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 20:01 . 2010-04-27 12:22 -------- d-----w- c:\program files\Ask.com
2010-05-30 18:24 . 2010-05-30 18:24 -------- d-----w- c:\program files\DIFX
2010-05-30 18:24 . 2010-05-30 18:24 -------- d-----w- c:\program files\Razer
2010-05-22 16:11 . 2010-04-23 12:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-05-21 20:27 . 2010-02-18 21:11 -------- d-----w- c:\program files\Cheat-Defender
2010-05-14 15:36 . 2010-03-29 11:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\TS3Client
2010-05-13 19:08 . 2010-04-20 17:43 -------- d-----w- c:\program files\myBabylon_English
2010-05-10 19:16 . 2010-02-18 19:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-06 10:41 . 2009-03-08 02:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 10:04 . 2009-02-09 10:08 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 01:38 . 2010-03-27 18:04 158 ----a-w- C:\ShockMS.zip
2010-04-24 19:57 . 2010-02-18 20:04 27848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-20 05:37 . 2008-05-27 16:29 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 20:43 . 2010-04-19 20:43 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-04-19 20:43 . 2010-04-19 20:43 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-04-19 20:43 . 2010-04-19 20:43 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-04-19 20:43 . 2010-04-19 20:43 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-04-19 20:43 . 2010-04-19 20:43 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-04-19 20:43 . 2010-04-19 20:43 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-04-07 07:53 . 2010-05-07 10:28 50 ----a-w- C:\ChilliStory.bat
2010-04-04 16:53 . 2010-04-04 16:53 0 ----a-w- c:\windows\nsreg.dat
2010-03-03 11:06 . 2010-03-03 11:05 281 ----a-w- c:\program files\aequitas.ini
2009-11-18 10:27 . 2010-03-02 15:23 241664 ----a-w- c:\program files\aequitas.exe
.

------- Sigcheck -------

[-] 2009-03-26 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-05-13 19:09 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-13 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-13 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"%FP%012-L2TP fts.exe"="c:\program files\012Net\012Net-Cable dialer\fts.exe" [2005-08-11 83608]
"%FP%012-L2TP FWPortal.exe"="c:\program files\012Net\012Net-Cable dialer\FWPortal.exe" [2005-12-13 801280]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:43 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-02-22 10:42 26101032 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-06 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Cheat-Defender\\Cheat-Defender.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Assassin's Creed II\\server.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Ubisoft\\server.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Assassin's Creed II\\mitm.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\dxzit\\counter-strike\\hl.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/03/2010 20:31 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/03/2010 20:33 95872]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [07/04/2010 18:08 112592]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [18/02/2010 22:01 68136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [04/03/2010 16:14 246520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 20:02 304464]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [30/05/2010 20:24 22784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 20:02 20952]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
S2 eins7295;Eset install launcher (7295);c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,RDServiceStart eins7295 "c:\docume~1\ADMINI~1\LOCALS~1\Temp\inxA.tmp" --> c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,RDServiceStart eins7295 c:\docume~1\ADMINI~1\LOCALS~1\Temp\inxA.tmp [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [01/04/2010 12:09 1391296]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [02/03/2010 17:16 24504]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [07/09/2005 11:09 17230]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/03/2010 21:49 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15788&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyng.dll
HKLM-Run-PRISMSVR.EXE - Prismsvr.exe
HKLM-Run-WiFiCFG.EXE - c:\program files\802.11g USB2.0 adapter\WiFiCFG.EXE
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-ESL Wire - c:\program files\EslWire\wire.exe
AddRemove-abgx360 - c:\program files\abgx360\uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ESL Wire_is1 - c:\program files\EslWire\unins000.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-Little Fighter 2 version 2.0a - D:\Uninstal.exe
AddRemove-SAW - The Video Game_is1 - d:\saw - the video game\unins000.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{C9BED750-1211-4480-B1A5-718A3BE15525} - c:\program files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE
AddRemove-{E8AEA11B-E60A-455E-B008-E4E763604612} - c:\program files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe
AddRemove-360WAVESPATCHERCLT - c:\program files\360WavesPatcher\WDUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 01:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8f,f4,61,84,e3,4f,4b,a2,c9,55, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8f,f4,61,84,e3,4f,4b,a2,c9,55, \

[HKEY_USERS\S-1-5-21-1202660629-515967899-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,56,69,87,e0,3a,e2,4a,92,89,0a, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,11,5b,f2,b2,50,1b,4c,9c,b4,d0, \
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,11,5b,f2,b2,50,1b,4c,9c,b4,d0, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(132)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\msiexec.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-07-03 01:29:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-02 23:29

Pre-Run: 30,594,441,216 bytes free
Post-Run: 30,717,775,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 52BBED75C347D4F38B851F1BBD551B41




Uploaded with ImageShack.us

and what you think about that?


Last edited by adamexsa; 3rd July 2010 at 23:20.
adamexsa is offline  
Old 3rd July 2010   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
You never answered my question:
Quote:
What is your current AV program?
You can run only 1 AV program.
Let me know, which one you want to keep.

==============================================================

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

broni is offline  
Old 3rd July 2010   #9
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

I wanna keep avira av.

and sorry but my windows is on hebrew
קובץ Render bgm\main.wma
‏‏לקובץ יש סוג מדיה 0xe436eb83... סוג משנה 0x6b6d0801...
‏‏clsid של מסנן המקור הוא 0x187463a0...
‏‏מסנן המקור טען את קובץ המקור
RenderFile: מסנן מקור נוסף: כתובת=38955c
‏‏RenderFile: Render פין מסנן מקור 15a7544
‏‏Render: לפין 15a7544 יש סוג ראשי 0x73647561...
‏‏Render: מנסה מסנן בכתובת 38955c
‏‏Render: בוחן מסנן בכתובת 38955c עבור פין קלט שיש לחבר לפין פלט 15a7544 אל
‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 38955c
‏‏Render: מנסה מסנן חדש עם שם תצוגה @device:dmo:{2EEB4ADF-4578-4D10-BCA7-BB955F56320A}{57F2DB8B-E6BB-4513-9D43-DCD2A6593125}...
‏‏Render: מסנן חדש נוסף. לשם התצוגה @device:dmo:{2EEB4ADF-4578-4D10-BCA7-BB955F56320A}{57F2DB8B-E6BB-4513-9D43-DCD2A6593125}... יש כתובת 15a10a4, WMAudio Decoder DMO
‏‏Render: בוחן מסנן בכתובת 15a10a4 עבור פין קלט שיש לחבר לפין פלט 15a7544 אל
‏‏Render: שוקל לחבר פין פלט 15a7544 לפין 38e38c במסנן בכתובת 15a10a4
‏‏Render: פין פלט 15a7544 חובר לפין 38e38c במסנן ב- 15a10a4
‏‏Render: מחפש פלטים לביצוע render ממסנן בכתובת 15a10a4
‏‏Render: מנסה לבצע render לפין פלט 15a798c במסנן בכתובת 15a10a4
‏‏Render: לפין 15a798c יש סוג ראשי 0x73647561...
‏‏Render: מנסה מסנן בכתובת 15a10a4
‏‏Render: בוחן מסנן בכתובת 15a10a4 עבור פין קלט שיש לחבר לפין פלט 15a798c אל
‏‏Render: שוקל לחבר פין פלט 15a798c לפין 38e38c במסנן בכתובת 15a10a4
‏‏Render: פין 38e38c כבר מחובר
‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 15a10a4
‏‏Render: מנסה מסנן בכתובת 38955c
‏‏Render: בוחן מסנן בכתובת 38955c עבור פין קלט שיש לחבר לפין פלט 15a798c אל
‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 38955c
‏‏Render: מנסה מסנן חדש עם שם תצוגה @device:cm:{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device...
‏‏Render: מסנן חדש נוסף. לשם התצוגה @device:cm:{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device... יש כתובת 15a9b14, Default DirectSound Device
‏‏Render: בוחן מסנן בכתובת 15a9b14 עבור פין קלט שיש לחבר לפין פלט 15a798c אל
‏‏Render: שוקל לחבר פין פלט 15a798c לפין 15a9cf4 במסנן בכתובת 15a9b14
‏‏Render: פין פלט 15a798c חובר לפין 15a9cf4 במסנן ב- 15a9b14
‏‏Render: מחפש פלטים לביצוע render ממסנן בכתובת 15a9b14
‏‏Render: לא נמצא מסנן. המסנן בכתובת 15a9b14 הוא a renderer
‏‏Render: ביצוע rendering לפין יציאה 15a798c במסנן בכתובת 15a10a4 הצליח
‏‏RenderFile: הצליח בביצוע render לפין 15a7544 במסנן מקור בכתובת 38955c
‏‏RenderFile הסתיים - קוד החזרה 0

adamexsa is offline  
Old 3rd July 2010   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Quote:
I wanna keep avira av.
In that case...
Run ESET NOD32 Removal Tool: http://www.nod32.nl/download/tool/nod32removal.exe
Run Norton Removal Tool: http://service1.symantec.com/Support...05033108162039

Then, it doesn't look like you posted a whole TDSSKiller log.
Please, retry.

broni is offline  
Old 3rd July 2010   #11
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

hehehe sorry my bad

02:55:58:750 3708 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
02:55:58:750 3708 =========================================================================== =====
02:55:58:750 3708 SystemInfo:

02:55:58:750 3708 OS Version: 5.1.2600 ServicePack: 3.0
02:55:58:750 3708 Product type: Workstation
02:55:58:750 3708 ComputerName: ANTON-220854676
02:55:58:750 3708 UserName: Administrator
02:55:58:750 3708 Windows directory: C:\WINDOWS
02:55:58:750 3708 System windows directory: C:\WINDOWS
02:55:58:750 3708 Processor architecture: Intel x86
02:55:58:750 3708 Number of processors: 3
02:55:58:750 3708 Page size: 0x1000
02:55:58:765 3708 Boot type: Normal boot
02:55:58:765 3708 =========================================================================== =====
02:55:59:046 3708 Initialize success
02:55:59:062 3708
02:55:59:062 3708 Scanning Services ...
02:55:59:453 3708 Raw services enum returned 350 services
02:55:59:453 3708
02:55:59:453 3708 Scanning Drivers ...
02:56:00:281 3708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:56:00:312 3708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:56:00:359 3708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:56:00:406 3708 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
02:56:00:468 3708 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
02:56:00:500 3708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:56:00:515 3708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:56:00:546 3708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:56:00:640 3708 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:56:00:687 3708 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:56:00:703 3708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:56:00:750 3708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:56:00:921 3708 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
02:56:01:000 3708 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:56:01:015 3708 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:56:01:031 3708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:56:01:078 3708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:56:01:078 3708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:56:01:125 3708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:56:01:140 3708 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:56:01:218 3708 cmudaxu (65cd0e639ddf9a98f14f784564bc2850) C:\WINDOWS\system32\drivers\cmudaxu.sys
02:56:01:250 3708 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
02:56:01:265 3708 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
02:56:01:296 3708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:56:01:312 3708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:56:01:343 3708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:56:01:375 3708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:56:01:625 3708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:56:01:718 3708 eamon (b7b3fbc5591358b89955c4189970269e) C:\WINDOWS\system32\DRIVERS\eamon.sys
02:56:01:750 3708 ehdrv (a6823c79f80c1a76ab7f3f1f425e524c) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:56:01:796 3708 epfwtdir (efa0bbfbe9096e445961d18ef70317d8) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
02:56:01:828 3708 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
02:56:01:859 3708 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
02:56:01:875 3708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:56:01:906 3708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:56:01:937 3708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:56:01:953 3708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:56:01:968 3708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:56:02:000 3708 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:56:02:015 3708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:56:02:062 3708 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
02:56:02:078 3708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:56:02:109 3708 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
02:56:02:140 3708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:56:02:171 3708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:56:02:234 3708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:56:02:281 3708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:56:02:281 3708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:56:02:328 3708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:56:02:343 3708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:56:02:343 3708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:56:02:359 3708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:56:02:375 3708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:56:02:390 3708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:56:02:421 3708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:56:02:468 3708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:56:02:500 3708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:56:02:515 3708 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
02:56:02:562 3708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:56:02:609 3708 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
02:56:02:656 3708 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
02:56:02:687 3708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:56:02:718 3708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:56:02:750 3708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:56:02:796 3708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:56:02:812 3708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:56:02:828 3708 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:56:02:859 3708 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:56:02:859 3708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:56:02:890 3708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:56:02:890 3708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:56:02:906 3708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:56:02:906 3708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:56:02:921 3708 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
02:56:02:937 3708 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
02:56:02:953 3708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:56:02:968 3708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:56:02:968 3708 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:56:02:984 3708 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
02:56:02:984 3708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:56:03:015 3708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:56:03:031 3708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:56:03:031 3708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:56:03:046 3708 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
02:56:03:093 3708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:56:03:109 3708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:56:03:109 3708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:56:03:156 3708 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:56:03:218 3708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:56:03:218 3708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:56:03:234 3708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:56:03:250 3708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:56:03:281 3708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:56:03:296 3708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:56:03:343 3708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:56:03:390 3708 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:56:03:406 3708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:56:03:406 3708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:56:03:437 3708 pxrts (58617c7e795ef846677f24424e4c89b8) C:\WINDOWS\system32\drivers\pxrts.sys
02:56:03:500 3708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:56:03:500 3708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:56:03:515 3708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:56:03:531 3708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:56:03:562 3708 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:56:03:562 3708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:56:03:593 3708 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:56:03:640 3708 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
02:56:03:687 3708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:56:03:718 3708 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
02:56:03:765 3708 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:56:03:812 3708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:56:03:828 3708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:56:03:859 3708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:56:03:859 3708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:56:03:921 3708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:56:03:968 3708 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
02:56:04:015 3708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:56:04:031 3708 Srv (30efed0c77d59ae0cacb0b5c756767ed) C:\WINDOWS\system32\DRIVERS\srv.sys
02:56:04:062 3708 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:56:04:078 3708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:56:04:093 3708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:56:04:140 3708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:56:04:187 3708 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:56:04:203 3708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:56:04:218 3708 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
02:56:04:218 3708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:56:04:234 3708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:56:04:250 3708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:56:04:281 3708 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
02:56:04:296 3708 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:56:04:312 3708 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:56:04:328 3708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:56:04:359 3708 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:56:04:390 3708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:56:04:406 3708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:56:04:437 3708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:56:04:437 3708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:56:04:468 3708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:56:04:515 3708 Wirelecf (b673d6acdc43b9c8b4f7a94e15b0a4b8) C:\WINDOWS\system32\DRIVERS\Wirelecf.SYS
02:56:04:562 3708 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:56:04:562 3708 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:56:04:593 3708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:56:04:609 3708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:56:04:609 3708
02:56:04:609 3708 Completed
02:56:04:609 3708
02:56:04:609 3708 Results:
02:56:04:609 3708 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
02:56:04:609 3708 File objects infected / cured / cured on reboot: 0 / 0 / 0
02:56:04:609 3708
02:56:04:609 3708 KLMD(ARK) unloaded successfully

adamexsa is offline  
Old 4th July 2010   #12
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Did you run those two removal tools?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

==========================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni is offline  
Old 4th July 2010   #13
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

no engough place



OTL Extras logfile created on: 03/07/2010 03:25:52 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 28.55 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 141.59 Gb Free Space | 70.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANTON-220854676
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat -- (GlobalNet)
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\server.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\server.exe:*:Enabled:server -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\server.exe" = C:\Program Files\Ubisoft\server.exe:*:Enabled:server -- ()
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\mitm.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\mitm.exe:*:Enabled:mitm -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\Steam\steamapps\dxzit\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\dxzit\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Documents and Settings\Administrator\Local Settings\temp\7zSB.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C95D52-2172-B580-CDD3-695DDAA193BC}" = CCC Help English
"{02B232C3-46A6-03C0-EEB6-2F518E329457}" = Catalyst Control Center HydraVision Full
"{035D48BB-503E-4F09-9D52-EC57D3411DDC}" = Windows Live Essentials
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{0EC8FEB1-5F6C-C110-26E3-98688B131C7B}" = Catalyst Control Center Core Implementation
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1C4B921A-724F-742D-A848-87BA42680DCA}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
"{21AA8C0C-0700-0434-A439-95A735A805D0}" = CCC Help Italian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{234305B0-B206-26E0-263D-D62F89E58493}" = CCC Help Spanish
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2AEB1EAF-9E1C-4361-8562-5AC7AE6AC177}" = ATI AVIVO Codecs
"{3008CE00-F04D-47B6-B5DB-E11F7593754D}" = sClient+ Anti-Cheat
"{318089B6-063F-5F09-F84E-742AAA512F3B}" = CCC Help Thai
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3794889D-F4E3-C5CD-D3B0-B605D137BD9E}" = CCC Help Polish
"{3C105379-729D-992E-AFF1-3AD9D9CD5847}" = ccc-utility
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F7022C8-0E0B-DD89-0424-4DDBBEAE9662}" = Catalyst Control Center Graphics Full Existing
"{3F80E737-C04B-742F-39CF-16D472780D2F}" = CCC Help Greek
"{4003780A-8579-4701-B397-C76725BB44B1}" = CCC Help Japanese
"{47B02FDB-17F9-A8BE-23C9-B080313DA1BD}" = CCC Help Portuguese
"{5192AB64-1154-5D5B-9292-E9DF51AE4759}" = Catalyst Control Center Localization All
"{533EA890-F246-66D0-DBD2-C87078C5991B}" = CCC Help Chinese Standard
"{54C1F42B-0BA1-7CB2-F175-C2B69D7FF74E}" = ccc-core-preinstall
"{5797A1D5-2C08-4FF1-B4B4-EA25760CA543}" = 802.11g USB2.0 adapter
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{634328D0-C948-4C4D-BDE9-58015B941648}" = Windows Live Messenger
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E535222-B704-F8CB-C235-70CB58C362D9}" = CCC Help Swedish
"{70B59829-7C8F-C378-B9F0-78E5C9879224}" = CCC Help Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77251F6F-90CB-C80D-D709-701517C6FF36}" = ccc-core-static
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79A3E128-DE54-2E2A-99F8-37F7872A26FD}" = CCC Help Norwegian
"{7AC64083-A73C-FA07-7BE9-BEFDBDCA393F}" = CCC Help Dutch
"{80D12CA0-52A2-4E50-9379-3B101D53B8BA}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D05DE05-5FC1-6C0C-8DA1-807BE4EE72BB}" = CCC Help Finnish
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A083E0DD-212F-F991-EC8D-673DDD3BD9F5}" = Catalyst Control Center Graphics Light
"{A1AEDF29-CC4F-CB06-227C-ACE1C3F92A8E}" = CCC Help Hungarian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A409609F-E81D-B613-B7AE-89D28DAAFD26}" = CCC Help Danish
"{ADF62610-0391-4ABA-E67C-8DF8F51F897E}" = CCC Help German
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAD68DAA-DA40-3681-996C-7B91959EC9CA}" = Catalyst Control Center Graphics Full New
"{BCBA462D-3E1B-416C-89F8-492020D4BBF4}" = מסייע הכניסה של Windows Live
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF7D89CA-6AB3-FD7E-903B-1821EE6453B5}" = CCC Help Chinese Traditional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8A6B20B-C028-9C52-41BF-CA706A666B45}" = CCC Help Czech
"{E13FD48B-341E-0A3F-5306-C407E60AB28F}" = CCC Help Turkish
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF714D4E-B503-D848-73DD-2FE18ECA7BFB}" = Catalyst Control Center Graphics Previews Common
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"012Net" = 012Net
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Cheat-Defender" = Cheat-Defender
"C-Media USB Sound" = Steel Sound 5H USB
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ESL Wire_is1" = ESL Wire 1.3
"Fraps" = Fraps
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 1.99.1
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"mIRC" = mIRC
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"SAW - The Video Game_is1" = SAW - The Video Game
"Security Task Manager" = Security Task Manager 1.7h
"Steam App 10" = Counter-Strike
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 11020" = TrackMania Nations Forever
"Steam App 240" = Counter-Strike: Source
"Steam App 25700" = Madballs in... Babo:Invasion
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33310" = R.U.S.E. Beta
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"SWAT 4" = SWAT 4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/05/2010 17:02:55 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום IEXPLORE.EXE, גירסה 8.0.6001.18702, תקלה במודול msxml3.dll,
גירסה 8.100.1051.0, כתובת התקלה 0x00005c60‏.

Error - 25/05/2010 17:12:22 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום IEXPLORE.EXE, גירסה 8.0.6001.18702, תקלה במודול msxml3.dll,
גירסה 8.100.1051.0, כתובת התקלה 0x00005c60‏.

Error - 30/05/2010 14:44:24 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום razercfg.exe, גירסה 1.0.0.1, תקלה במודול razercfg.exe,
גירסה 1.0.0.1, כתובת התקלה 0x0000da37‏.

Error - 30/05/2010 18:53:43 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום sclient.exe, גירסה 4.0.0.0, תקלה במודול sc.dll, גירסה
4.0.0.0, כתובת התקלה 0x00016d00‏.

Error - 02/06/2010 16:25:13 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב Ventrilo.exe, גירסה 2.1.4.0, מודול חוסר תגובה hungapp,
גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 02/06/2010 16:25:57 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום ts3client_win32.exe, גירסה 1.0.0.0, תקלה במודול fmodex.dll,
גירסה 0.4.29.2, כתובת התקלה 0x00074c4e‏.

Error - 03/06/2010 12:56:25 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
Description = ‏‏תקלה ביישום razercfg.exe, גירסה 1.0.0.1, תקלה במודול razercfg.exe,
גירסה 1.0.0.1, כתובת התקלה 0x0000da37‏.

Error - 06/06/2010 15:22:17 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 06/06/2010 15:22:28 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 06/06/2010 15:22:29 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

[ System Events ]
Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The COMODO Internet Security Helper Service service failed to start
due to the following error: %%3

Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%3

Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset install launcher
(7295) service to connect.

Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The Eset install launcher (7295) service failed to start due to the
following error: %%1053

Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cmdGuard cmdHlp Inspect

Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The COMODO Internet Security Helper Service service failed to start
due to the following error: %%3

Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The ESET Service service failed to start due to the following error:
%%3

Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset install launcher
(7295) service to connect.

Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
Description = The Eset install launcher (7295) service failed to start due to the
following error: %%1053

Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cmdGuard cmdHlp Inspect


< End of report >

adamexsa is offline  
Old 4th July 2010   #14
Inactive
THREAD STARTER
 
Profile:
Join Date: Jul 2010
Posts: 20
Computer Experience:
Beginner
adamexsa Reputation Level

no engough place for OTL.txt

edit:
http://rapidshare.com/files/404794669/OTL.Txt

><

adamexsa is offline  
Old 4th July 2010   #15
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,888
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Split it between couple of replies.

broni is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 21:52.


Recent Discussions
Internet connection lost in sleep m.. (10)
Outlook Rules Issues (1)
SCCM - Seeking Command Line Help Fo.. (0)
The task image is corrupt or has be.. (2)
How to repair Outlook 2003 account? (4)
Anyone try thetechme.com Facetime f.. (3)
IE8 Hangs During Initialization (1)
Problems trying to migrate mail (2)
IE 11 homepage issue (5)
[Problems installing Google plus pl.. (1)
How to start in safe mode in Window.. (9)
Error Number 0x800ccc0f (TCP/IP con.. (4)
Fill in a box with a check in Word (5)
Vista: Microsoft Services in System.. (8)
Game minimizes to Taskbar instead o.. (5)
PC new build options (17)
WD External Hard Drives not recogin.. (6)
'Open with' doesn't work (7)
Re-starting IE8 every time I change.. (3)
Windows 8.1 Update 2 (19)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.27023 seconds with 7 queries