View Full Version : Think I got some left.... (Resolved)
I have been running alot of tests lately.
My first step:was ATF Cleaner running everything except "prefetch"
2nd: Ad-Aware with the latest update, full scanned and removed everything that was detected.
3rd: Spybot Search & Destroy. I unchecked two boxes that was "Use Internet Explorer protection (SDHelper)" and "Use system settings Protection (TeaTimer)". Updated to latest version and did a full scan.
4th: MalwareBytes' Anti-Malware. Same, updated to the latest version and did a full scan.
Restarted the comp. after that one, and ran an online scan on http://www.bitdefender.com/scan8/ie.html .
Restarted again and downloaded Hijackthis. And I wonder if Anyone could help me with this, from the log.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\DNA\btdna.exe
C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [HFDF] C:\WINDOWS\system32\hf0007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent DNA
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
----------------------------------------------------------------------------------------
What makes you think that you still have problems ?
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
Thanks for answering for the first part :-) I think I still have problems cause my comp. is pretty slow than usual. I've been on random internet sites which contains alot of advertisements and pop-ups, but they usually get blocked.
I've downloaded the random as you said and here are the txt files.
LOG.TXT
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\DNA\btdna.exe
C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Toan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: "C:\Programfiler\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [HFDF] C:\WINDOWS\system32\hf0007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
--
End of file - 5660 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-10-28 335872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-05-18 577536]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-05-21 148888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"HFDF"=C:\WINDOWS\system32\hf0007.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Programfiler\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Google Update"=C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-05-18 133104]
"BitTorrent DNA"=C:\Programfiler\DNA\btdna.exe [2009-06-20 318272]
"DAEMON Tools Pro Agent"=C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe [2009-04-09 228808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\MSN Messenger\msnmsgr.exe"="C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programfiler\MSN Messenger\livecall.exe"="C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\World of Warcraft\Launcher.exe"="C:\Programfiler\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programfiler\Steam\steamapps\ninababe\counter-strike\hl.exe"="C:\Programfiler\Steam\steamapps\ninababe\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\mIRC\mirc.exe"="C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\MicrosoftUpdate.exe"="C:\WINDOWS\system32\MicrosoftUpdate.exe:*:Enabled:MICROSOFTUPDATE"
"C:\Programfiler\DNA\btdna.exe"="C:\Programfiler\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programfiler\Ventrilo\Ventrilo.exe"="C:\Programfiler\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Programfiler\Steam\steamapps\ninababe\condition zero\hl.exe"="C:\Programfiler\Steam\steamapps\ninababe\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\counter-strike\hl.exe"="C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\half-life\hl.exe"="C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Vuze\Azureus.exe"="C:\Programfiler\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Documents and Settings\Toan\Skrivebord\L4D\Left 4 Dead\left4dead.exe"="C:\Documents and Settings\Toan\Skrivebord\L4D\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Documents and Settings\Toan\Mine dokumenter\Downloads\eac_updater.exe"="C:\Documents and Settings\Toan\Mine dokumenter\Downloads\eac_updater.exe:*:Enabled:eac_updater"
"C:\Documents and Settings\Toan\Skrivebord\CoD\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Toan\Skrivebord\CoD\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Games\XIII\system\XIII.exe"="C:\Games\XIII\system\XIII.exe:*:Enabled:XIII"
"C:\Programfiler\World of Warcraft\BackgroundDownloader.exe"="C:\Programfiler\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\MSN Messenger\msnmsgr.exe"="C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programfiler\MSN Messenger\livecall.exe"="C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-08-03 21:37:58 ----D---- C:\rsit
2009-08-02 18:15:40 ----D---- C:\Programfiler\Trend Micro
2009-08-02 17:21:10 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-02 06:05:54 ----D---- C:\Programfiler\Panda Security
2009-08-02 05:01:35 ----D---- C:\Documents and Settings\Toan\Programdata\Malwarebytes
2009-08-02 05:01:28 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2009-08-02 05:01:28 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2009-08-02 04:20:47 ----D---- C:\Programfiler\Spybot - Search & Destroy
2009-08-02 04:20:47 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2009-08-02 04:17:37 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-02 02:38:30 ----HDC---- C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-02 02:37:50 ----D---- C:\Programfiler\Lavasoft
2009-08-02 02:37:50 ----D---- C:\Documents and Settings\All Users\Programdata\Lavasoft
2009-08-01 03:00:43 ----D---- C:\Programfiler\MSXML 6.0
2009-07-31 13:09:05 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-07-31 13:03:29 ----D---- C:\Programfiler\SilentMusicBand
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\java.exe
2009-07-29 12:23:32 ----D---- C:\Documents and Settings\All Users\Programdata\McAfee
2009-07-29 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-07-27 00:05:35 ----N---- C:\WINDOWS\system32\px.dll
2009-07-27 00:04:19 ----D---- C:\Programfiler\Fellesfiler\DivX Shared
2009-07-27 00:04:18 ----D---- C:\Programfiler\DivX
2009-07-26 16:17:55 ----A---- C:\WINDOWS\system32\hf0007.dll
2009-07-26 02:05:21 ----D---- C:\Programfiler\World of Warcraft
2009-07-21 09:51:06 ----RSD---- C:\WINDOWS\assembly
2009-07-21 09:49:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-20 20:39:28 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-20 20:39:28 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-20 20:39:25 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-20 20:39:22 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-20 20:38:42 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-20 08:08:09 ----D---- C:\Documents and Settings\All Users\Programdata\TrackMania
2009-07-20 07:26:21 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-20 07:26:21 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-20 01:44:43 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-20 00:53:20 ----A---- C:\WINDOWS\Burnout(TM) Paradise The Ultimate Box Patch Log.txt
2009-07-20 00:52:04 ----D---- C:\Documents and Settings\All Users\Programdata\Electronic Arts
2009-07-20 00:30:50 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-20 00:30:50 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-20 00:30:48 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-07-20 00:30:46 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-07-20 00:30:46 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-07-20 00:30:44 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-07-20 00:30:43 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-07-20 00:30:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-07-20 00:30:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-07-20 00:30:40 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-07-20 00:30:39 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-07-20 00:30:39 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-07-20 00:30:37 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-07-20 00:30:35 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-07-20 00:30:35 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-07-20 00:30:34 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-07-20 00:30:33 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-07-20 00:30:32 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-07-20 00:30:32 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-07-20 00:30:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-07-20 00:30:19 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-07-20 00:30:18 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-07-20 00:30:18 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-07-20 00:30:17 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-20 00:30:17 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-20 00:30:16 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-20 00:30:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-07-20 00:30:14 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-07-20 00:30:14 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-07-20 00:30:12 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-07-20 00:30:09 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-07-20 00:29:42 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-20 00:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-07-20 00:29:39 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-20 00:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-20 00:29:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-20 00:29:27 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-20 00:29:18 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-20 00:29:17 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-20 00:29:16 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-20 00:29:14 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-20 00:29:12 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-20 00:29:12 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-20 00:29:11 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-20 00:29:11 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-20 00:29:10 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-20 00:29:09 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-07-20 00:29:08 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-20 00:29:08 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-20 00:29:07 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-20 00:29:06 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-07-20 00:29:05 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-20 00:29:04 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-20 00:29:03 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-20 00:29:02 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-20 00:28:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-20 00:28:36 ----D---- C:\WINDOWS\Logs
2009-07-18 04:23:36 ----D---- C:\Documents and Settings\Toan\Programdata\PacificPoker
2009-07-16 13:51:13 ----D---- C:\Documents and Settings\Toan\Programdata\Microsoft Games
2009-07-16 11:41:08 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-07-16 11:41:07 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-07-16 11:41:04 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-07-16 11:41:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-16 11:41:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-16 11:40:49 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-16 11:40:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-16 11:40:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-16 11:40:40 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-15 23:53:31 ----D---- C:\Programfiler\DAEMON Tools Pro
2009-07-15 23:53:31 ----D---- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Pro
2009-07-15 23:51:23 ----D---- C:\Documents and Settings\Toan\Programdata\DAEMON Tools Pro
2009-07-15 23:15:07 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-07-15 23:04:59 ----D---- C:\Programfiler\MagicISO
2009-07-15 20:37:57 ----D---- C:\Documents and Settings\All Users\Programdata\Azureus
2009-07-15 20:37:52 ----D---- C:\Documents and Settings\Toan\Programdata\Azureus
2009-07-15 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-09 04:49:59 ----D---- C:\WINDOWS\Sun
2009-07-05 23:08:03 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-04 21:39:34 ----D---- C:\Programfiler\AMX Mod X
======List of files/folders modified in the last 1 months======
2009-08-03 21:36:11 ----RD---- C:\Programfiler
2009-08-03 21:36:11 ----D---- C:\WINDOWS\Prefetch
2009-08-03 21:32:54 ----D---- C:\Documents and Settings\Toan\Programdata\DNA
2009-08-03 18:02:41 ----D---- C:\WINDOWS\Temp
2009-08-03 18:02:33 ----D---- C:\Programfiler\DNA
2009-08-03 16:14:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 06:17:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-03 01:24:11 ----D---- C:\Documents and Settings\Toan\Programdata\Skype
2009-08-03 00:08:56 ----D---- C:\Documents and Settings\Toan\Programdata\skypePM
2009-08-02 18:30:43 ----D---- C:\WINDOWS\system32
2009-08-02 18:14:52 ----D---- C:\WINDOWS
2009-08-02 17:21:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-02 17:21:09 ----HD---- C:\WINDOWS\inf
2009-08-02 17:18:20 ----D---- C:\WINDOWS\system32\drivers
2009-08-02 02:39:56 ----SD---- C:\WINDOWS\Tasks
2009-08-02 02:39:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-02 02:38:30 ----SHD---- C:\WINDOWS\Installer
2009-08-02 02:37:44 ----D---- C:\WINDOWS\WinSxS
2009-07-31 07:11:37 ----D---- C:\Programfiler\Steam
2009-07-29 12:25:07 ----D---- C:\Programfiler\Java
2009-07-29 03:01:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 03:01:24 ----D---- C:\Programfiler\Internet Explorer
2009-07-29 00:12:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-27 00:04:19 ----D---- C:\Programfiler\Fellesfiler
2009-07-26 02:42:58 ----D---- C:\Programfiler\Fellesfiler\Blizzard Entertainment
2009-07-25 14:38:23 ----D---- C:\WINDOWS\system32\DirectX
2009-07-21 09:55:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 09:49:13 ----D---- C:\WINDOWS\system32\mui
2009-07-21 03:34:57 ----HD---- C:\Programfiler\InstallShield Installation Information
2009-07-20 00:49:19 ----SD---- C:\Documents and Settings\All Users\Programdata\Microsoft
2009-07-18 18:22:29 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 18:22:28 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 13:51:13 ----SD---- C:\Documents and Settings\Toan\Programdata\Microsoft
2009-07-15 18:49:29 ----D---- C:\Documents and Settings\Toan\Programdata\Spotify
2009-07-15 03:03:32 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 00:35:32 ----D---- C:\Documents and Settings\Toan\Programdata\Ventrilo
2009-07-14 06:31:42 ----A---- C:\WINDOWS\system.ini
2009-07-11 03:23:59 ----D---- C:\Documents and Settings\Toan\Programdata\mIRC
2009-07-11 01:23:39 ----D---- C:\Programfiler\mIRC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7-prosessordriver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41216]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 FETNDIS;NT-driver for VIA PCI 10/100Mb Fast Ethernet-kort; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-09 9600]
R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-09 12160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 aktivert hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 agdogbrw;agdogbrw; C:\WINDOWS\system32\drivers\agdogbrw.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Programfiler\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
[B]INFO.TXT
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AMX Mod X Installer 1.8.1-->C:\Programfiler\AMX Mod X\uninst.exe
ATI - Software Uninstall Utility-->C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Counter-Strike-->"C:\Programfiler\Steam\steam.exe" steam://uninstall/10
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programfiler\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 4.18.8-->"C:\Programfiler\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
mIRC-->C:\Programfiler\mIRC\uninstall.exe _?=C:\Programfiler\mIRC
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
musicshakeENG-->MsiExec.exe /I{2AC6B7A8-0199-4D13-99C0-C0BD76E41BBC}
Oppdatering for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Panda ActiveScan 2.0-->C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x14 -removeonly
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spotify-->"C:\Programfiler\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TrackMania Nations Forever-->"C:\Programfiler\Steam\steam.exe" steam://uninstall/11020
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver-->C:\Programfiler\WinRAR\uninstall.exe
World of Warcraft-->C:\Programfiler\Fellesfiler\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======System event log======
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1654
Source Name: Cdrom
Time Written: 20090621181621.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1653
Source Name: Cdrom
Time Written: 20090621181619.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1652
Source Name: Cdrom
Time Written: 20090621181617.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1651
Source Name: Cdrom
Time Written: 20090621181615.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1650
Source Name: Cdrom
Time Written: 20090621181612.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: FSAHKJ-90A12324
Event Code: 1002
Message: Hengende program chrome.exe, versjon 0.0.0.0, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.
Record Number: 1564
Source Name: Application Hang
Time Written: 20090709182142.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 1002
Message: Hengende program chrome.exe, versjon 0.0.0.0, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.
Record Number: 1563
Source Name: Application Hang
Time Written: 20090709182142.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1560
Source Name: usnjsvc
Time Written: 20090709175943.000000+120
Event Type:
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1543
Source Name: usnjsvc
Time Written: 20090709015112.000000+120
Event Type:
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1528
Source Name: usnjsvc
Time Written: 20090708181122.000000+120
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;C:\Programfiler\Fellesfiler\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
And, if u can see any sign of keylogging, I would appreciate that you say it :-)
I'm sorry if I wasn't clear in my previous post
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent DNA
LimeWire 4.18.8
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
Please delete C:\RSIT folder
Now run RSIT again and post the fresh logs.
Please DO NOT alter the logs in any way
Didn't see Limewire last time tho, but I havent bittorent :-S I had Vuze and Limewire, both are gone now.
So, new log and Info:
LOG.TXT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Toan at 2009-08-04 11:23:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (5%) free of 38 GB
Total RAM: 511 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:09, on 04.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Toan\Skrivebord\RSIT.exe
C:\Programfiler\Trend Micro\HijackThis\Toan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: "C:\Programfiler\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [HFDF] C:\WINDOWS\system32\hf0007.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 5061 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-10-28 335872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2009-05-18 577536]
"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-05-21 148888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"HFDF"=C:\WINDOWS\system32\hf0007.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Programfiler\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Google Update"=C:\Documents and Settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-05-18 133104]
"BitTorrent DNA"=C:\Programfiler\DNA\btdna.exe []
"DAEMON Tools Pro Agent"=C:\Programfiler\DAEMON Tools Pro\DTProAgent.exe [2009-04-09 228808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\MSN Messenger\msnmsgr.exe"="C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programfiler\MSN Messenger\livecall.exe"="C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\World of Warcraft\Launcher.exe"="C:\Programfiler\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programfiler\Steam\steamapps\ninababe\counter-strike\hl.exe"="C:\Programfiler\Steam\steamapps\ninababe\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\mIRC\mirc.exe"="C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\MicrosoftUpdate.exe"="C:\WINDOWS\system32\MicrosoftUpdate.exe:*:Enabled:MICROSOFTUPDATE"
"C:\Programfiler\DNA\btdna.exe"="C:\Programfiler\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programfiler\Ventrilo\Ventrilo.exe"="C:\Programfiler\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Programfiler\Steam\steamapps\ninababe\condition zero\hl.exe"="C:\Programfiler\Steam\steamapps\ninababe\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\counter-strike\hl.exe"="C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\half-life\hl.exe"="C:\Programfiler\Steam\steamapps\sjokolade11@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Programfiler\Vuze\Azureus.exe"="C:\Programfiler\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Programfiler\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Documents and Settings\Toan\Skrivebord\L4D\Left 4 Dead\left4dead.exe"="C:\Documents and Settings\Toan\Skrivebord\L4D\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Documents and Settings\Toan\Mine dokumenter\Downloads\eac_updater.exe"="C:\Documents and Settings\Toan\Mine dokumenter\Downloads\eac_updater.exe:*:Enabled:eac_updater"
"C:\Documents and Settings\Toan\Skrivebord\CoD\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Toan\Skrivebord\CoD\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Games\XIII\system\XIII.exe"="C:\Games\XIII\system\XIII.exe:*:Enabled:XIII"
"C:\Programfiler\World of Warcraft\BackgroundDownloader.exe"="C:\Programfiler\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\MSN Messenger\msnmsgr.exe"="C:\Programfiler\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programfiler\MSN Messenger\livecall.exe"="C:\Programfiler\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2009-08-04 11:23:08 ----D---- C:\rsit
2009-08-02 18:15:40 ----D---- C:\Programfiler\Trend Micro
2009-08-02 17:21:10 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-02 06:05:54 ----D---- C:\Programfiler\Panda Security
2009-08-02 05:01:35 ----D---- C:\Documents and Settings\Toan\Programdata\Malwarebytes
2009-08-02 05:01:28 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware
2009-08-02 05:01:28 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2009-08-02 04:20:47 ----D---- C:\Programfiler\Spybot - Search & Destroy
2009-08-02 04:20:47 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2009-08-02 04:17:37 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-02 02:38:30 ----HDC---- C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-02 02:37:50 ----D---- C:\Programfiler\Lavasoft
2009-08-02 02:37:50 ----D---- C:\Documents and Settings\All Users\Programdata\Lavasoft
2009-08-01 03:00:43 ----D---- C:\Programfiler\MSXML 6.0
2009-07-31 13:09:05 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-07-31 13:03:29 ----D---- C:\Programfiler\SilentMusicBand
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-29 12:25:15 ----A---- C:\WINDOWS\system32\java.exe
2009-07-29 12:23:32 ----D---- C:\Documents and Settings\All Users\Programdata\McAfee
2009-07-29 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-07-27 00:05:40 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-07-27 00:05:35 ----N---- C:\WINDOWS\system32\px.dll
2009-07-27 00:04:19 ----D---- C:\Programfiler\Fellesfiler\DivX Shared
2009-07-27 00:04:18 ----D---- C:\Programfiler\DivX
2009-07-26 16:17:55 ----A---- C:\WINDOWS\system32\hf0007.dll
2009-07-26 02:05:21 ----D---- C:\Programfiler\World of Warcraft
2009-07-21 09:51:06 ----RSD---- C:\WINDOWS\assembly
2009-07-21 09:49:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-20 20:39:30 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-20 20:39:28 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-20 20:39:28 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-20 20:39:25 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-20 20:39:22 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-20 20:38:42 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-20 08:08:09 ----D---- C:\Documents and Settings\All Users\Programdata\TrackMania
2009-07-20 07:26:21 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-20 07:26:21 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-20 01:44:43 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-20 00:53:20 ----A---- C:\WINDOWS\Burnout(TM) Paradise The Ultimate Box Patch Log.txt
2009-07-20 00:52:04 ----D---- C:\Documents and Settings\All Users\Programdata\Electronic Arts
2009-07-20 00:30:50 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-20 00:30:50 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-20 00:30:48 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-07-20 00:30:46 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-07-20 00:30:46 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-07-20 00:30:44 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-07-20 00:30:43 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-07-20 00:30:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-07-20 00:30:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-07-20 00:30:40 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-07-20 00:30:39 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-07-20 00:30:39 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-07-20 00:30:37 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-07-20 00:30:35 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-07-20 00:30:35 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-07-20 00:30:34 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-07-20 00:30:33 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-07-20 00:30:32 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-07-20 00:30:32 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-07-20 00:30:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-07-20 00:30:19 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-07-20 00:30:18 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-07-20 00:30:18 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-07-20 00:30:17 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-20 00:30:17 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-20 00:30:16 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-20 00:30:15 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-07-20 00:30:14 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-07-20 00:30:14 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-07-20 00:30:12 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-07-20 00:30:09 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-07-20 00:29:42 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-20 00:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-07-20 00:29:39 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-20 00:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-20 00:29:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-20 00:29:27 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-20 00:29:18 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-20 00:29:17 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-20 00:29:16 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-20 00:29:14 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-20 00:29:12 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-20 00:29:12 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-20 00:29:11 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-20 00:29:11 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-20 00:29:10 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-20 00:29:09 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-07-20 00:29:08 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-20 00:29:08 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-20 00:29:07 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-20 00:29:06 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-07-20 00:29:05 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-20 00:29:04 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-20 00:29:03 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-20 00:29:02 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-20 00:28:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-20 00:28:36 ----D---- C:\WINDOWS\Logs
2009-07-18 04:23:36 ----D---- C:\Documents and Settings\Toan\Programdata\PacificPoker
2009-07-16 13:51:13 ----D---- C:\Documents and Settings\Toan\Programdata\Microsoft Games
2009-07-16 11:41:08 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-07-16 11:41:07 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-07-16 11:41:04 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-07-16 11:41:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-16 11:41:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-16 11:40:49 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-16 11:40:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-16 11:40:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-16 11:40:40 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-15 23:53:31 ----D---- C:\Programfiler\DAEMON Tools Pro
2009-07-15 23:53:31 ----D---- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Pro
2009-07-15 23:51:23 ----D---- C:\Documents and Settings\Toan\Programdata\DAEMON Tools Pro
2009-07-15 23:15:07 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-07-15 23:04:59 ----D---- C:\Programfiler\MagicISO
2009-07-15 20:37:57 ----D---- C:\Documents and Settings\All Users\Programdata\Azureus
2009-07-15 20:37:52 ----D---- C:\Documents and Settings\Toan\Programdata\Azureus
2009-07-15 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-09 04:49:59 ----D---- C:\WINDOWS\Sun
2009-07-05 23:08:03 ----A---- C:\WINDOWS\system32\wmpns.dll
======List of files/folders modified in the last 1 months======
2009-08-04 11:22:42 ----RD---- C:\Programfiler
2009-08-04 11:20:56 ----D---- C:\WINDOWS\Prefetch
2009-08-04 11:18:49 ----SD---- C:\Documents and Settings\Toan\Programdata\Microsoft
2009-08-04 11:18:48 ----SHD---- C:\WINDOWS\Installer
2009-08-04 11:18:43 ----D---- C:\Programfiler\Project64 1.6
2009-08-04 11:18:26 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 11:13:48 ----D---- C:\WINDOWS\Temp
2009-08-04 11:13:40 ----D---- C:\Documents and Settings\Toan\Programdata\DNA
2009-08-04 01:23:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 06:17:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-03 01:24:11 ----D---- C:\Documents and Settings\Toan\Programdata\Skype
2009-08-03 00:08:56 ----D---- C:\Documents and Settings\Toan\Programdata\skypePM
2009-08-02 18:30:43 ----D---- C:\WINDOWS\system32
2009-08-02 18:14:52 ----D---- C:\WINDOWS
2009-08-02 17:21:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-02 17:21:09 ----HD---- C:\WINDOWS\inf
2009-08-02 02:39:56 ----SD---- C:\WINDOWS\Tasks
2009-08-02 02:39:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-02 02:37:44 ----D---- C:\WINDOWS\WinSxS
2009-07-31 07:11:37 ----D---- C:\Programfiler\Steam
2009-07-29 12:25:07 ----D---- C:\Programfiler\Java
2009-07-29 03:01:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 03:01:24 ----D---- C:\Programfiler\Internet Explorer
2009-07-29 00:12:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-27 00:04:19 ----D---- C:\Programfiler\Fellesfiler
2009-07-26 02:42:58 ----D---- C:\Programfiler\Fellesfiler\Blizzard Entertainment
2009-07-25 14:38:23 ----D---- C:\WINDOWS\system32\DirectX
2009-07-21 09:55:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 09:49:13 ----D---- C:\WINDOWS\system32\mui
2009-07-21 03:34:57 ----HD---- C:\Programfiler\InstallShield Installation Information
2009-07-20 00:49:19 ----SD---- C:\Documents and Settings\All Users\Programdata\Microsoft
2009-07-18 18:22:29 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 18:22:28 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 18:49:29 ----D---- C:\Documents and Settings\Toan\Programdata\Spotify
2009-07-15 03:03:32 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 00:35:32 ----D---- C:\Documents and Settings\Toan\Programdata\Ventrilo
2009-07-14 06:31:42 ----A---- C:\WINDOWS\system.ini
2009-07-11 03:23:59 ----D---- C:\Documents and Settings\Toan\Programdata\mIRC
2009-07-11 01:23:39 ----D---- C:\Programfiler\mIRC
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7-prosessordriver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41216]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 FETNDIS;NT-driver for VIA PCI 10/100Mb Fast Ethernet-kort; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-09 9600]
R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-09 12160]
R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 aktivert hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 a6bx1f8a;a6bx1f8a; C:\WINDOWS\system32\drivers\a6bx1f8a.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Programfiler\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
[B]INFO.TXT
info.txt logfile of random's system information tool 1.06 2009-08-04 11:23:10
======Uninstall list======
-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AMX Mod X Installer 1.8.1-->C:\Programfiler\AMX Mod X\uninst.exe
ATI - Software Uninstall Utility-->C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Counter-Strike-->"C:\Programfiler\Steam\steam.exe" steam://uninstall/10
DivX Codec-->C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programfiler\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programfiler\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Programfiler\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
mIRC-->C:\Programfiler\mIRC\uninstall.exe _?=C:\Programfiler\mIRC
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
musicshakeENG-->MsiExec.exe /I{2AC6B7A8-0199-4D13-99C0-C0BD76E41BBC}
Oppdatering for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Panda ActiveScan 2.0-->C:\Programfiler\Panda Security\ActiveScan 2.0\as2uninst.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x14 -removeonly
Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spotify-->"C:\Programfiler\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TrackMania Nations Forever-->"C:\Programfiler\Steam\steam.exe" steam://uninstall/11020
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver-->C:\Programfiler\WinRAR\uninstall.exe
World of Warcraft-->C:\Programfiler\Fellesfiler\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======System event log======
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\Harddisk0\D har en dårlig blokk.
Record Number: 1708
Source Name: Disk
Time Written: 20090623014331.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\Harddisk0\D har en dårlig blokk.
Record Number: 1707
Source Name: Disk
Time Written: 20090623012954.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1677
Source Name: Cdrom
Time Written: 20090621181718.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1676
Source Name: Cdrom
Time Written: 20090621181711.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 7
Message: Enheten \Device\CdRom1 har en dårlig blokk.
Record Number: 1675
Source Name: Cdrom
Time Written: 20090621181709.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: FSAHKJ-90A12324
Event Code: 1002
Message: Hengende program chrome.exe, versjon 0.0.0.0, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.
Record Number: 1564
Source Name: Application Hang
Time Written: 20090709182142.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 1002
Message: Hengende program chrome.exe, versjon 0.0.0.0, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.
Record Number: 1563
Source Name: Application Hang
Time Written: 20090709182142.000000+120
Event Type: error
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1560
Source Name: usnjsvc
Time Written: 20090709175943.000000+120
Event Type:
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1543
Source Name: usnjsvc
Time Written: 20090709015112.000000+120
Event Type:
User:
Computer Name: FSAHKJ-90A12324
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1528
Source Name: usnjsvc
Time Written: 20090708181122.000000+120
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;C:\Programfiler\Fellesfiler\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
Thanks :-)
==============================WARNING==============================
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.
==============================WARNING==============================
----------------------------------------------------------------------------------------
Step 1
OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop
Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Services
a6bx1f8a
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"HFDF"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\MicrosoftUpdate.exe"=-
"C:\Programfiler\DNA\btdna.exe"=-
"C:\Programfiler\Vuze\Azureus.exe"=-
:Files
C:\WINDOWS\system32\MicrosoftUpdate.exe
C:\Documents and Settings\All Users\Programdata\Azureus
C:\Documents and Settings\Toan\Programdata\Azureus
C:\Programfiler\DNA
C:\Programfiler\Vuze
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
----------------------------------------------------------------------------------------
Step 3
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
OTMove It Log
Combofix Log
Kaspersky log
How are things running now ?
OTM Log.
All processes killed
========== SERVICES/DRIVERS ==========
Service\Driver a6bx1f8a not found.
Service\Driver a6bx1f8a not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\HFDF deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\MicrosoftUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Programfiler\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Programfiler\Vuze\Azureus.exe deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\MicrosoftUpdate.exe not found.
C:\Documents and Settings\All Users\Programdata\Azureus moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\torrents moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\tmp moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\subs moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\shares moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\plugins\azupnpav moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\plugins moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\net moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\media\azpd moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\media moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\logs\save moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\logs moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\dht moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\cache moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus\active moved successfully.
C:\Documents and Settings\Toan\Programdata\Azureus moved successfully.
File/Folder C:\Programfiler\DNA not found.
File/Folder C:\Programfiler\Vuze not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
User: Toan
->Temp folder emptied: 10732957 bytes
->Temporary Internet Files folder emptied: 634007 bytes
->Java cache emptied: 16665784 bytes
->Google Chrome cache emptied: 562259577 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2114294 bytes
%systemroot%\System32 .tmp files removed: 2573 bytes
Windows Temp folder emptied: 4122368 bytes
RecycleBin emptied: 34814 bytes
Total Files Cleaned = 568,99 mb
OTM by OldTimer - Version 3.0.0.5 log created on 08042009_210138
Files moved on Reboot...
Registry entries deleted on Reboot...
COMBOFIX Log
ComboFix 09-08-04.01 - Toan 04.08.2009 21:14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.511.309 [GMT 2:00]
Running from: c:\documents and settings\Toan\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Advapi32.test
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 19:01 . 2009-08-04 19:01 -------- d-----w- C:\_OTM
2009-08-04 10:37 . 2009-08-04 10:37 3942048 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 09:23 . 2009-08-04 09:23 -------- d-----w- C:\rsit
2009-08-02 16:15 . 2009-08-02 16:15 -------- d-----w- c:\programfiler\Trend Micro
2009-08-02 15:21 . 2009-08-02 16:11 -------- d-----w- c:\windows\BDOSCAN8
2009-08-02 04:06 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-02 04:05 . 2009-08-02 04:05 -------- d-----w- c:\programfiler\Panda Security
2009-08-02 03:01 . 2009-08-02 03:01 -------- d-----w- c:\documents and settings\Toan\Programdata\Malwarebytes
2009-08-02 03:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 03:01 . 2009-08-04 10:38 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-08-02 03:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 03:01 . 2009-08-02 03:01 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-08-02 02:20 . 2009-08-02 03:01 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2009-08-02 02:20 . 2009-08-02 02:28 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2009-08-02 02:17 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-02 00:44 . 2009-08-02 00:44 -------- d-----w- c:\documents and settings\LocalService\Skrivebord
2009-08-02 00:39 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-02 00:38 . 2009-08-02 00:38 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-02 00:38 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-02 00:37 . 2009-08-02 00:39 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft
2009-08-02 00:37 . 2009-08-02 00:37 -------- d-----w- c:\programfiler\Lavasoft
2009-08-01 01:00 . 2009-08-01 01:00 -------- d-----w- c:\programfiler\MSXML 6.0
2009-07-31 11:09 . 2006-10-19 11:33 86728 ----a-w- c:\windows\system32\msxml6r.dll
2009-07-31 11:03 . 2009-07-31 11:03 -------- d-----w- c:\programfiler\SilentMusicBand
2009-07-29 10:23 . 2009-07-29 10:23 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee
2009-07-29 10:23 . 2009-07-29 10:23 152576 ----a-w- c:\documents and settings\Toan\Programdata\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-27 06:45 . 2009-07-29 10:29 -------- d-----w- c:\documents and settings\Toan\.housecall6.6
2009-07-26 22:04 . 2009-07-26 22:04 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared
2009-07-26 22:04 . 2009-07-26 22:06 -------- d-----w- c:\programfiler\DivX
2009-07-26 14:17 . 2009-08-02 15:18 18432 ----a-w- c:\windows\system32\hf0007.dll
2009-07-26 00:05 . 2009-08-04 12:38 -------- d-----w- c:\programfiler\World of Warcraft
2009-07-20 18:39 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-20 18:39 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-20 18:39 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-20 18:39 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-20 18:39 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-20 18:39 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-20 18:39 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-20 07:03 . 2009-07-20 07:17 23 ----a-w- c:\windows\popcinfot.dat
2009-07-20 06:08 . 2009-08-04 17:34 -------- d-----w- c:\documents and settings\All Users\Programdata\TrackMania
2009-07-20 05:26 . 2009-07-20 05:26 139152 ----a-w- c:\documents and settings\Toan\Programdata\PnkBstrK.sys
2009-07-20 05:26 . 2009-07-20 05:26 -------- d-----w- c:\windows\system32\LogFiles
2009-07-19 22:52 . 2009-07-19 22:52 -------- d-----w- c:\documents and settings\All Users\Programdata\Electronic Arts
2009-07-19 22:50 . 2009-07-19 22:50 1540 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-19 22:50 . 2009-07-19 22:50 -------- d-----w- c:\documents and settings\Toan\Lokale innstillinger\Programdata\Downloaded Installations
2009-07-19 22:29 . 2007-10-22 01:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-07-19 22:28 . 2009-07-19 22:28 -------- d-----w- c:\windows\Logs
2009-07-19 16:52 . 2009-07-19 16:52 -------- d-----w- c:\documents and settings\Toan\Lokale innstillinger\Programdata\Temp
2009-07-16 11:51 . 2009-07-16 11:54 -------- d-----w- c:\documents and settings\Toan\Programdata\Microsoft Games
2009-07-16 09:41 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-07-16 09:41 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-07-16 09:41 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-07-16 09:41 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-07-16 09:41 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-07-16 09:40 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-07-16 09:40 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-07-16 09:40 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-07-16 09:40 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-07-15 21:53 . 2009-07-15 21:55 -------- d-----w- c:\programfiler\DAEMON Tools Pro
2009-07-15 21:53 . 2009-07-15 21:53 -------- d-----w- c:\documents and settings\All Users\Programdata\DAEMON Tools Pro
2009-07-15 21:51 . 2009-07-15 21:51 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-15 21:51 . 2009-07-15 21:56 -------- d-----w- c:\documents and settings\Toan\Programdata\DAEMON Tools Pro
2009-07-15 21:15 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-07-15 21:04 . 2009-07-15 21:05 -------- d-----w- c:\programfiler\MagicISO
2009-07-09 02:49 . 2009-07-09 02:49 -------- d-----w- c:\windows\Sun
2009-07-05 21:08 . 2004-08-04 00:03 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 17:34 . 2009-05-18 12:22 -------- d-----w- c:\programfiler\Steam
2009-08-04 09:18 . 2009-07-03 12:04 -------- d-----w- c:\programfiler\Project64 1.6
2009-08-04 09:13 . 2009-06-19 23:27 -------- d-----w- c:\documents and settings\Toan\Programdata\DNA
2009-08-02 23:24 . 2009-05-18 12:07 -------- d-----w- c:\documents and settings\Toan\Programdata\Skype
2009-08-02 22:08 . 2009-05-18 12:09 -------- d-----w- c:\documents and settings\Toan\Programdata\skypePM
2009-07-29 10:25 . 2009-06-23 20:26 -------- d-----w- c:\programfiler\Java
2009-07-26 00:42 . 2009-05-17 23:15 -------- d-----w- c:\programfiler\Fellesfiler\Blizzard Entertainment
2009-07-21 01:34 . 2009-05-17 22:59 -------- d--h--w- c:\programfiler\InstallShield Installation Information
2009-07-15 18:38 . 2009-05-17 22:59 12328 ----a-w- c:\documents and settings\Toan\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-07-15 16:49 . 2009-05-17 23:54 -------- d-----w- c:\documents and settings\Toan\Programdata\Spotify
2009-07-14 22:35 . 2009-06-21 23:02 -------- d-----w- c:\documents and settings\Toan\Programdata\Ventrilo
2009-07-11 01:23 . 2009-06-06 22:32 -------- d-----w- c:\documents and settings\Toan\Programdata\mIRC
2009-07-10 23:23 . 2009-06-06 22:32 -------- d-----w- c:\programfiler\mIRC
2009-07-04 19:39 . 2009-07-04 19:39 -------- d-----w- c:\programfiler\AMX Mod X
2009-06-29 22:03 . 2009-06-23 20:28 -------- d-----w- c:\documents and settings\Toan\Programdata\LimeWire
2009-06-26 16:20 . 2004-08-04 00:03 658944 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:20 . 2004-08-04 00:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 20:26 . 2009-06-23 20:26 152576 ----a-w- c:\documents and settings\Toan\Programdata\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-21 23:01 . 2009-06-21 23:01 -------- d-----w- c:\programfiler\Ventrilo
2009-06-21 23:01 . 2009-06-21 23:01 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard
2009-06-16 14:55 . 2004-08-04 00:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-10-09 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 18:58 . 2009-06-09 18:58 105984 ----a-w- c:\windows\system32\c_dll.dll
2009-06-03 19:28 . 2004-08-04 00:03 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 09:33 . 2009-06-23 20:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 17:41 . 2009-05-17 22:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-18 12:09 . 2009-05-18 12:09 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-18 01:20 . 2001-10-09 12:00 46134 ----a-w- c:\windows\system32\perfc014.dat
2009-05-18 01:20 . 2001-10-09 12:00 318652 ----a-w- c:\windows\system32\perfh014.dat
2009-05-17 23:35 . 2009-05-17 23:36 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-05-17 23:35 . 2009-05-17 23:36 577536 ----a-w- c:\windows\soundman.exe
2009-05-17 23:35 . 2009-05-17 23:36 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-05-17 23:35 . 2009-05-17 23:36 217088 ----a-w- c:\windows\Alcrmv.exe
2009-05-17 23:35 . 2009-05-17 23:37 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-05-17 23:35 . 2009-05-17 23:36 315392 ----a-w- c:\windows\alcupd.exe
2009-05-17 22:46 . 2009-05-17 22:46 21704 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 21:56 . 2009-07-26 22:05 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-26 22:05 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-26 22:05 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2009-07-26 22:05 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-26 22:05 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-26 22:05 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:44 . 2004-08-04 00:03 344576 ----a-w- c:\windows\system32\localspl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Google Update"="c:\documents and settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2009-05-17 133104]
"DAEMON Tools Pro Agent"="c:\programfiler\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 335872]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2009-05-17 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\World of Warcraft\\Launcher.exe"=
"c:\\Programfiler\\Steam\\steamapps\\ninababe\\counter-strike\\hl.exe"=
"c:\\Programfiler\\mIRC\\mirc.exe"=
"c:\\Programfiler\\Ventrilo\\Ventrilo.exe"=
"c:\\Programfiler\\Steam\\steamapps\\ninababe\\condition zero\\hl.exe"=
"c:\\Programfiler\\Steam\\steamapps\\sjokolade11@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Programfiler\\Steam\\steamapps\\sjokolade11@hotmail.com\\half-life\\hl.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Programfiler\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02.08.2009 02:39 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02.08.2009 06:06 28544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003Core.job
- c:\documents and settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-05-17 23:18]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1214440339-725345543-1003UA.job
- c:\documents and settings\Toan\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-05-17 23:18]
2009-08-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-18 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 21:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-04 21:19
ComboFix-quarantined-files.txt 2009-08-04 19:18
Pre-Run: 3*402*850*304 byte ledig
Post-Run: 3*381*301*248 byte ledig
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
209 --- E O F --- 2009-08-01 01:00
KASPERSKY LOG
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, August 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 21:07:29
Records in database: 2580417
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 33041
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:49:04
File name / Threat name / Threats count
C:\Programfiler\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
The selected area was scanned.
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
I'm just wondering. Keylogging, or what I should say, is it gone? :-D
I'm just wondering. Keylogging, or what I should say, is it gone? :-D
Yes, your machine is completely clean.
Ahh, thanks man. Really love you :-) Dunno more what I should say, thanks alooooooot!