View Full Version : Nasty rootkit/rogueware
Darkebrz
2009-08-10, 19:24
I will start by saying I have no idea what I have here. On my computer something popped up saying it was Personal Antivirus, the general rogueware thing. However when searching the net, (which is hard as it blocks clicking links in google) it appeared that I don't have any of the symptoms. I had just started my computer back up, and deleted a process that I knew wasn't right. The Personal Antivirus thing went away, but I still couldn't run Spybot, malwarebytes, or even do a system restore.
Then suddenly when I checked task manager, I noticed b.exe was up, and then my computer shut down. I now restarted in safe mode, and am posting here.
While I was able to run Hijackthis yesterday, I can't today. Luckily I still have a log from yesterday, and that should be the same.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:48 AM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\mbam-setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [svhost] C:\WINDOWS\system32\svhost.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9fe562c1cd760) (gupdate1c9fe562c1cd760) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11010 bytes
Darkebrz
2009-08-10, 20:26
Okay, here is an update. I found b.exe to be running, along with msa.exe and braviax.exe. I have removed msa.exe and braviax.exe from WINDOWS. I am now hunting down b.exe, and will try to delete the registry files.
Darkebrz
2009-08-10, 20:28
I am very sorry for the triple post, but this is interesting. It seems to try and opening iexplorer.exe every little while, but I kill the process for safety. I use Chrome for most of my internet needs.
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Darkebrz
2009-08-17, 20:08
DDS (Ver_09-07-30.01) - NTFSx86
Run by Darkebrz at 13:04:53.84 on Mon 08/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.397 [GMT -4:00]
DDS is done, I will run GMER next.
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Documents and Settings\Darkebrz\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Wakoopa\Wakoopa.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Chrome Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [F.lux] "c:\documents and settings\darkebrz\local settings\apps\f.lux\flux.exe" /noshow
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Wakoopa] c:\program files\wakoopa\Wakoopa.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\darkebrz\applic~1\mozilla\firefox\profiles\cegv45td.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\darkebrz\application
data\mozilla\firefox\profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\darkebrz\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-
ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-
ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27656]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-8-7 2944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-12 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-12 25160]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-19 107272]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-12 707152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program
files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [2006-6-10 8078]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 875288]
S2 gupdate1c9fe562c1cd760;Google Update Service (gupdate1c9fe562c1cd760);c:\program files\google\update\GoogleUpdate.exe [2009-7-6 133104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys
[?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program
files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XDva035;XDva035;\??\c:\windows\system32\xdva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]
=============== Created Last 30 ================
2009-08-17 12:04 10,240 a------- c:\windows\braviax.exe
2009-08-13 03:57 197 a------- c:\windows\system32\MRT.INI
2009-08-12 23:45 0 a----r-- C:\logwmemory.bin
2009-08-12 23:43 25 a------- c:\windows\popcinfot.dat
2009-08-12 17:31 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 17:30 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-12 00:27 179,792 a------- c:\windows\system32\guard32.dll
2009-08-12 00:27 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-12 00:27 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-12 00:27 <DIR> --d----- c:\program files\COMODO
2009-08-11 12:29 <DIR> --d----- c:\program files\Steam
2009-08-11 11:26 10,240 a------- c:\windows\braviax.exv
2009-08-10 15:32 <DIR> --d----- c:\windows\ShellNew
2009-08-10 15:32 <DIR> --d----- c:\program files\AutoHotkey
2009-08-10 12:07 6,144 a------- c:\windows\system32\cru629.dat
2009-08-10 12:07 6,144 a------- c:\windows\cru629.dat
2009-08-10 12:05 15,000 a------- c:\windows\system32\hs7f3uhduhfukde.dll
2009-08-10 12:05 191,179 a------- c:\windows\system32\wisdstr.exe
2009-08-10 12:05 28,160 ac------ c:\windows\system32\dllcache\beep.sys
2009-08-10 12:05 10,240 a------- c:\windows\system32\braviax.exe
2009-08-10 11:48 <DIR> --d----- c:\program files\Spybot
2009-08-10 03:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 03:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-10 03:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 03:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-10 02:46 <DIR> --d----- c:\program files\Unlocker
2009-08-10 01:23 207,364 a------- c:\windows\system32\msxml71.dll
2009-08-10 01:23 36,864 a------- c:\windows\system32\net.net
2009-08-10 01:13 1,234,791 a------- c:\windows\system32\xa.tmp
2009-08-07 21:22 <DIR> --d----- c:\program files\Wakoopa
2009-08-07 02:40 <DIR> --d----- C:\SAVE
2009-08-07 02:27 <DIR> --d----- C:\Sierra
2009-08-01 23:34 <DIR> --d----- c:\docume~1\darkebrz\applic~1\X-Chat 2
2009-08-01 23:27 <DIR> --d----- c:\program files\X-Chat 2
2009-08-01 02:55 <DIR> --d----- c:\program files\uTorrent
2009-08-01 02:38 <DIR> --d----- c:\program files\Skulltag
2009-07-31 15:33 <DIR> --d----- c:\docume~1\darkebrz\applic~1\mIRC
2009-07-31 03:01 <DIR> --d----- C:\3871e0b31e0fd4d092
2009-07-31 03:00 <DIR> --d----- C:\34fc0db049b560bc804702843b
2009-07-30 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-30 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-30 19:51 <DIR> --d----- c:\program files\VideoLAN
2009-07-30 10:09 <DIR> --d----- c:\program files\Warrior Epic
2009-07-30 10:05 <DIR> --d----- C:\Chrome Downloads
2009-07-28 23:08 0 a------- c:\windows\VDM1B6.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B5.tmp
2009-07-28 23:08 285 a------- c:\windows\EReg072.dat
2009-07-28 23:08 0 a------- c:\windows\VDM1B3.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B2.tmp
2009-07-28 23:08 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-07-28 23:08 140,800 a------- c:\windows\system32\tm20dec.ax
2009-07-28 23:08 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-07-28 23:08 0 a------- c:\windows\VDM1A2.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1A1.tmp
2009-07-28 23:07 63,488 a------- c:\windows\system32\unam4ie.exe
2009-07-28 23:07 194,320 a------- c:\windows\system32\qcut.dll
2009-07-28 23:07 11,776 a------- c:\windows\system32\mciqtz.drv
2009-07-28 23:07 10,240 a------- c:\windows\system32\vidx16.dll
2009-07-28 23:07 5,672 a------- c:\windows\system32\quartz.vxd
2009-07-28 23:07 0 a------- c:\windows\VDM16F.tmp
2009-07-28 23:07 4,608 a------- c:\windows\system32\w95inf32.dll
2009-07-28 23:07 2,272 a------- c:\windows\system32\w95inf16.dll
2009-07-28 23:07 0 a------- c:\windows\VDM166.tmp
2009-07-28 23:07 0 a------- c:\windows\VDM165.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM163.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM162.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM161.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15F.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15E.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM159.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM153.tmp
2009-07-28 23:04 0 a------- c:\windows\VDM152.tmp
2009-07-28 22:57 <DIR> --d----- c:\documents and settings\darkebrz\WINDOWS
2009-07-27 12:12 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-07-27 12:12 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-07-23 21:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-23 16:53 <DIR> --d----- c:\program files\UrbanTerror4.1
2009-07-23 10:20 1,071,088 a------- c:\windows\system32\mscomctl.ocx
2009-07-23 00:23 <DIR> --d----- c:\program files\OpenAL
2009-07-23 00:21 <DIR> --d----- c:\program files\AssaultCube_v1.0
2009-07-21 19:50 <DIR> --d----- c:\program files\Zachtronics Industries
2009-07-20 12:11 <DIR> --d----- c:\docume~1\darkebrz\applic~1\JCreator
==================== Find3M ====================
2009-08-10 13:35 63,620 a---h--- c:\windows\system32\mlfcache.dat
2009-08-10 12:34 7,912 a------- c:\windows\system32\d3d9caps.dat
2009-08-10 12:05 28,160 a------- c:\windows\system32\drivers\beep.sys
2009-08-07 23:11 139,072 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 22:54 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-23 00:23 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-23 00:23 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 21:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-23 01:36 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 17:15 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-12 17:10 139,152 a------- c:\docume~1\darkebrz\applic~1\PnkBstrK.sys
2009-06-12 17:10 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-08 18:22 144 a------- c:\docume~1\darkebrz\applic~1\wklnhst.dat
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-07 13:20 34 a------- c:\documents and settings\darkebrz\jagex_runescape_preferences.dat
2007-12-15 18:25 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-03-30 12:21 4,760,576 ac-sh--- c:\program files\ehthumbs.db
============= FINISH: 13:07:07.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2006 2:30:43 PM
System Uptime: 8/17/2009 12:48:47 PM (1 hours ago)
Motherboard: Intel Corporation | | PRAGUE
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 226 GiB total, 34.027 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Sansa Media Converter
µTorrent
7-Zip 4.65
7500_7600_7700_Help
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertisement Service
Agere Systems PCI Soft Modem
AIM 6
Alien Arena 2008 7.21
Allied Intent Xtended 2.0
Apple Software Update
AruaROSE
AssaultCube v1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoHotkey 1.0.48.03
AutoUpdate
AVG Free 8.0
balldroppings
Battlefield 2(TM)
Battlefield 2142 Deluxe Edition
Battlefield Heroes
Battlefield Heroes (PTE)
Belarc Advisor 7.2
BF2 Editor
Bikez_II
Bontago
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Bridge Builder
Bridge Building Game
BufferChm
Build Your Own Net Dream (remove only)
Call of Combat
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CGoban 3
Cheat Engine 5.4
Click to DVD 2.4.10
COMODO Internet Security
Cottage Of Doom 1.0
Crayon Physics Deluxe - release 51
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D-Link VGA Webcam
Destinations
Detritus 1.3.08
DeviceManagementQFolder
Digsby
DivX Codec
DivX Web Player
DocProc
DocProcQFolder
DVgate Plus
Dyson v1.10
EA Download Manager
Easytoon 1.9.5
eSupportQFolder
F.lux
Fallout 3
FileZilla Client 3.2.6.1
Finale NotePad 2009
First Strike Launcher (remove only)
Form Fill (Windows Live Toolbar)
FoxyTunes for Firefox
Fraps (remove only)
Freeciv 2.0.9 (GTK+ client)
Frets On Fire
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU
(KB960089)
GearDrvs
GIMP 2.4.7
Give4Free Plugin
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google SketchUp 7
Google Toolbar for Firefox
Google Update Helper
Google Updater
Google Web Accelerator
GraphicsGale FreeEdition version 1.93
GTA San Andreas
GTA2
GTK+ 2.10.6-1 runtime environment
GTK+ Runtime 2.12.1 rev a (remove only)
Half-Life
Half-Life 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Memories Disc
hp officejet 6100 series
HP Officejet Pro All-In-One Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HyperCam 2
IceChat 7.63 (Build 20080417)
Image Converter 2
Infiniminer
Instant Eyedropper 1.75
InstantShareDevicesMFC
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for VAIO
IrfanView (remove only)
ISScript
J2SE Runtime Environment 5.0 Update 3
Jailbreak Source v0.4.1
Java(TM) 6 Update 14
Java(TM) 6 Update 7
JCreator LE 4.50
L7500
La Tale
LimeWire 5.1.3
Line Rider 2
Liquid War 5.6.4
Little Fighter 2 v1.9
Logitech iTouch Software
Mabinogi
Map Button (Windows Live Toolbar)
MapleStory
MarketResearch
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
Microsoft WSE 3.0 Runtime
Miners4k
mIRC
MoodLogic
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.14)
MPlugin
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musicnotes Player V1.23.1
Napster
Napster Burn Engine
Need for Speed™ Undercover
Netscape Internet Service Setup
Network Play System (Patching)
Noitu Love 2: Devolution
Notepad++
NVIDIA PhysX v8.09.04
ObjectDock
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
OpenAL
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.2.00
OpenOffice.org 3.0
Opera 9.20
Opera 9.27
Oregon Trail 5
Paint.NET v3.35
Pando Media Booster
PanoStandAlone
PDF Settings
PeerGuardian 2.0
Pharaoh and Cleopatra
Phun beta 4.13
Pivot Stickfigure Animator
Poke
Polychromatic Funk Monkey 1.4
Popup Blocker (Windows Live Toolbar)
ProductContext
Project64 1.6
PunkBuster Services
Python 2.6
Quicken 2005
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Risk
ROM CHECK FAIL 1.0
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Rumble Box Tournament Edition
Safari
Scan
Secret Maryo Chronicles
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Simple Port Forwarding
Skins
Skulltag
Skype™ 3.6
Smart Menus (Windows Live Toolbar)
Soldat 1.4.2
Soldat 1.5.0
Soldat BOT Creator/Editor 1.2.0
SolutionCenter
Sonic Encoders
SonicStage 3.2
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony TV Tuner Library 1.0
Sony Video Shared Library
SpeedFan (remove only)
Spybot - Search & Destroy
Star Wars Galactic Battlegrounds: Saga
Starcraft
Status
Steam
StepMania (remove only)
Stunt Playground
System Shock2
TeqDemo
TeqTaunt
The Sims
TI Connect 1.6
Toolbox
Toribash 3.06
Transparent Windows
TrayApp
Tremulous 1.1.0
Undelete Plus 2.98
UniTaunt 1.0
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Urban Terror 4.1
VAIO Central
VAIO Entertainment Platform
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Normal Contents
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO Update 2
Vegas Movie Studio Platinum 9.0
Vektor Space
VeohTV BETA
Video Edit Magic Express 4.11
Viewpoint Media Player
Virtools 3D Life Player
VLC media player 1.0.1
Wakoopa
WebFldrs XP
WebReg
West Point Bridge Designer 2007
Winamp (remove only)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
World of Warcraft FREE Trial
X-Chat 2.8.6-2
Xfire (remove only)
XviD MPEG-4 Video Codec
==== Event Viewer Messages From Past Week ========
8/13/2009 9:43:29 PM, error: Tcpip [4199] - The system detected an address
conflict for IP address 192.168.1.100 with the system having network
hardware address 00:17:AB:EE:C4:74. Network operations on this system may
be disrupted as a result.
8/13/2009 4:06:54 AM, error: Windows Update Agent [20] - Installation
Failure: Windows failed to install the following update with error
0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3
(KB955706).
8/12/2009 12:14:44 PM, error: Service Control Manager [7006] - The
ScRegSetValueExW call failed for Type with the following error: Access is
denied.
8/12/2009 12:14:26 PM, error: Service Control Manager [7006] - The
ScRegSetValueExW call failed for Start with the following error: Access is
denied.
8/12/2009 10:09:48 PM, error: System Error [1003] - Error code 100000d1,
parameter1 e25a8000, parameter2 00000002, parameter3 00000000, parameter4
ae0060a5.
8/11/2009 11:35:29 AM, error: Service Control Manager [7034] - The VAIO
Entertainment Database Service service terminated unexpectedly. It has
done this 1 time(s).
8/10/2009 9:56:51 PM, error: Service Control Manager [7031] - The AVG
Free8 WatchDog service terminated unexpectedly. It has done this 1 time
(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
8/10/2009 4:32:03 PM, information: Windows File Protection [64002] - File
replacement was attempted on the protected system file c:\program
files\internet explorer\iexplore.exe. This file was restored to the
original version to maintain system stability. The file version of the
system file is 7.0.6000.16876.
8/10/2009 2:59:43 AM, error: DCOM [10005] - DCOM got error "%1084"
attempting to start the service StiSvc with arguments "" in order to run
the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/10/2009 10:39:47 PM, error: Service Control Manager [7034] - The
npkcmsvc service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 1:30:01 AM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: AvgLdx86
AvgMfx86 BANTExt DMICall Fips intelppm
8/10/2009 1:30:01 AM, error: Service Control Manager [7001] - The VAIO
Entertainment File Import Service service depends on the VAIO Entertainment
Database Service service which failed to start because of the following
error: The dependency service or group failed to start.
8/10/2009 1:29:55 AM, error: DCOM [10005] - DCOM got error "%1084"
attempting to start the service EventSystem with arguments "" in order to
run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2009 1:19:46 PM, error: Service Control Manager [7023] - The System
Restore Service service terminated with the following error: The system
cannot find the file specified.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout
(30000 milliseconds) waiting for the Viewpoint Manager Service service to
connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout
(30000 milliseconds) waiting for the Google Update Service
(gupdate1c9fe562c1cd760) service to connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7009] - Timeout
(30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to
connect.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The
Viewpoint Manager Service service failed to start due to the following
error: The service did not respond to the start or control request in a
timely fashion.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The Google
Update Service (gupdate1c9fe562c1cd760) service failed to start due to the
following error: The service did not respond to the start or control
request in a timely fashion.
8/10/2009 1:19:46 PM, error: Service Control Manager [7000] - The AVG
Free8 E-mail Scanner service failed to start due to the following error:
The service did not respond to the start or control request in a timely
fashion.
8/10/2009 1:17:50 PM, error: SRService [104] - The System Restore
initialization process failed.
==== End Of File ===========================
Darkebrz
2009-08-17, 20:46
GMER won't work. The first 2 times I ran it it crashed my computer, and the third time it just crashed.
Hi,
Are you able to reboot into safe mode (http://www.computerhope.com/issues/chsafe.htm#02) and run GMER there?
Darkebrz
2009-08-17, 23:40
Er, I have gotten GMER to run, but the log file is HUGE! How do I post it in sections?
You may archive it into a zip file and attach it to your reply :)
Darkebrz
2009-08-17, 23:48
Okay, thanks for the quick response!
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Darkebrz
2009-08-18, 21:01
Combofix is generating a logfile right now, but something was happening during the search. I got a huge amount of seemingly completely random error messages from PEV.exe about corrupt files and told to run Chkdsk. Anything I should know about this?
Darkebrz
2009-08-18, 21:18
Ah, all is good as combofix has finished. There are no longer error messages :).
DDS will be up in a bit.
ComboFix 09-08-10.06 - Darkebrz 08/18/2009 13:17.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.544 [GMT -4:00]
Running from: c:\documents and settings\Darkebrz\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\DRIVERS\beep.sys
c:\windows\Installer\143dcf4.msp
c:\windows\Installer\143dcf5.msp
c:\windows\Installer\143dcf6.msp
c:\windows\Installer\143dcf7.msp
c:\windows\Installer\143dcf8.msp
c:\windows\Installer\143dcf9.msp
c:\windows\Installer\143dcfa.msp
c:\windows\Installer\143dcfb.msp
c:\windows\Installer\143dcfc.msp
c:\windows\Installer\1479f9f0.msi
c:\windows\Installer\1888d2.msp
c:\windows\Installer\1888d3.msp
c:\windows\Installer\1888d4.msp
c:\windows\Installer\1888d5.msp
c:\windows\Installer\1888d6.msp
c:\windows\Installer\1888d7.msp
c:\windows\Installer\1888d8.msp
c:\windows\Installer\1888d9.msp
c:\windows\Installer\1888da.msp
c:\windows\Installer\1888db.msp
c:\windows\Installer\18a0801b.msi
c:\windows\Installer\18a0802c.msp
c:\windows\Installer\18a0803e.msp
c:\windows\Installer\18a0804e.msp
c:\windows\Installer\18a08055.msi
c:\windows\Installer\1b745d.msp
c:\windows\Installer\1b745e.msp
c:\windows\Installer\1b745f.msp
c:\windows\Installer\1b7460.msp
c:\windows\Installer\1b7461.msp
c:\windows\Installer\1b7462.msp
c:\windows\Installer\1b7463.msp
c:\windows\Installer\1b7464.msp
c:\windows\Installer\1b7465.msp
c:\windows\Installer\1b7466.msp
c:\windows\Installer\2999db79.msi
c:\windows\Installer\2a4163e9.msi
c:\windows\Installer\30228523.msi
c:\windows\Installer\39e1c901.msi
c:\windows\Installer\39e56.msi
c:\windows\Installer\3e57bd4b.msp
c:\windows\Installer\3e57bd4c.msp
c:\windows\Installer\3e57bd4d.msp
c:\windows\Installer\3e57bd4e.msp
c:\windows\Installer\3e57bd4f.msp
c:\windows\Installer\3e57bd50.msp
c:\windows\Installer\3e57bd51.msp
c:\windows\Installer\3e57bd52.msp
c:\windows\Installer\3e57bd53.msp
c:\windows\Installer\3e57bd54.msp
c:\windows\Installer\62e828d0.msp
c:\windows\Installer\62e828e2.msp
c:\windows\Installer\62e828f3.msp
c:\windows\Installer\62e82904.msp
c:\windows\Installer\c10c5fa.msi
c:\windows\Installer\e846566.msp
c:\windows\Installer\WinRMSrv.msi
c:\windows\kb913800.exe
c:\windows\run.log
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\drivers\UACjkutyopicb.sys
c:\windows\system32\hs7f3uhduhfukde.dll
c:\windows\system32\msxml71.dll
c:\windows\system32\net.net
c:\windows\system32\uacinit.dll
c:\windows\system32\UACldlyarscpe.dat
c:\windows\system32\UAColwmiqxuxo.db
c:\windows\system32\UACveaaydcnex.dll
c:\windows\system32\UACvmpfemeqws.dll
c:\windows\system32\UACwrnugidvfl.dll
c:\windows\system32\UACxgipjpiiql.dll
c:\windows\system32\wisdstr.exe
c:\windows\system32\drivers\beep.sys . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.
2009-08-18 17:49 . 2004-08-10 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-18 17:49 . 2004-08-10 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-18 08:38 . 2009-08-18 08:38 -------- d--ha-w- C:\$clean_tmp
2009-08-18 07:05 . 2009-08-18 07:05 -------- d-----w- c:\program files\File Shredder
2009-08-18 03:23 . 2009-08-18 03:23 -------- d-----w- c:\program files\AutoIt3
2009-08-17 23:54 . 2009-08-18 00:05 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\gtk-2.0
2009-08-17 23:54 . 2009-08-17 23:54 -------- d-----w- c:\documents and settings\Darkebrz\.thumbnails
2009-08-17 19:14 . 2009-08-17 19:14 -------- d-----w- C:\cac54d4aa302d6719b1613
2009-08-13 03:45 . 2009-08-13 03:45 0 ----a-r- C:\logwmemory.bin
2009-08-13 03:43 . 2009-08-13 03:43 25 ----a-w- c:\windows\popcinfot.dat
2009-08-12 21:30 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 04:27 . 2009-08-12 16:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Comodo
2009-08-12 04:27 . 2009-08-12 04:27 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-12 04:27 . 2009-08-12 04:27 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-12 04:27 . 2009-08-12 04:27 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-12 04:27 . 2009-08-12 04:27 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-12 04:27 . 2009-08-12 04:27 -------- d-----w- c:\program files\COMODO
2009-08-11 16:29 . 2009-08-18 16:42 -------- d-----w- c:\program files\Steam
2009-08-10 19:32 . 2009-08-18 03:23 -------- d-----w- c:\windows\ShellNew
2009-08-10 19:32 . 2009-08-10 19:32 -------- d-----w- c:\program files\AutoHotkey
2009-08-10 15:48 . 2009-08-10 15:48 -------- d-----w- c:\program files\Spybot
2009-08-10 07:00 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 07:00 . 2009-08-11 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 07:00 . 2009-08-10 07:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-10 07:00 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 06:46 . 2009-08-10 06:46 -------- d-----w- c:\program files\Unlocker
2009-08-10 06:09 . 2009-08-10 06:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Notepad++
2009-08-10 05:56 . 2009-08-10 05:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-10 05:38 . 2009-08-10 05:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\IceChat
2009-08-10 05:36 . 2009-08-10 06:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\X-Chat 2
2009-08-10 05:29 . 2009-08-10 05:29 20480 ----a-w- c:\windows\system32\UACvtstmqxcsb.dll
2009-08-10 05:29 . 2009-08-10 05:29 18432 ----a-w- c:\windows\system32\UACqxnkbdbtde.dll
2009-08-10 05:29 . 2009-08-10 05:29 30208 ----a-w- c:\windows\system32\UACowpsecbvla.dll
2009-08-10 05:29 . 2009-08-10 05:29 310 ----a-w- c:\windows\system32\UACuyavnqqori.dat
2009-08-10 05:29 . 2009-08-10 05:29 74240 ----a-w- c:\windows\system32\UACpegnwmkjtp.dll
2009-08-08 03:45 . 2009-08-08 05:06 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\FileZilla
2009-08-08 03:44 . 2009-08-08 03:44 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-08 01:22 . 2009-08-08 01:22 -------- d-----w- c:\program files\Wakoopa
2009-08-07 06:40 . 2009-08-07 06:40 -------- d-----w- C:\SAVE
2009-08-07 06:27 . 2009-08-07 06:27 -------- d-----w- C:\Sierra
2009-08-05 23:17 . 2009-08-05 23:17 -------- d-----w- c:\program files\7-Zip
2009-08-02 03:34 . 2009-08-18 05:17 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\X-Chat 2
2009-08-02 03:27 . 2009-08-02 03:27 -------- d-----w- c:\program files\X-Chat 2
2009-08-01 06:38 . 2009-08-03 00:12 -------- d-----w- c:\program files\Skulltag
2009-07-31 19:33 . 2009-08-12 17:23 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\mIRC
2009-07-31 07:01 . 2009-07-31 07:01 -------- d-----w- C:\3871e0b31e0fd4d092
2009-07-31 07:00 . 2009-07-31 07:00 -------- d-----w- C:\34fc0db049b560bc804702843b
2009-07-31 01:44 . 2009-07-31 01:44 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\dvdcss
2009-07-30 23:55 . 2009-08-18 06:40 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\vlc
2009-07-30 23:51 . 2009-07-30 23:51 -------- d-----w- c:\program files\VideoLAN
2009-07-30 14:09 . 2009-07-30 15:40 -------- d-----w- c:\program files\Warrior Epic
2009-07-30 14:05 . 2009-08-18 16:49 -------- d-----w- C:\Chrome Downloads
2009-07-29 03:08 . 2009-07-29 03:08 285 ----a-w- c:\windows\EReg072.dat
2009-07-29 03:08 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-07-29 03:08 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-07-29 03:07 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-07-29 03:07 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-07-29 03:07 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-07-29 03:07 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-07-29 03:07 . 2009-07-29 03:07 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-07-29 03:07 . 2009-07-29 03:07 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-07-29 02:57 . 2009-07-29 02:57 -------- d-----w- c:\documents and settings\Darkebrz\WINDOWS
2009-07-27 16:12 . 2009-07-27 18:01 -------- d-----w- c:\program files\Simple Port Forwarding
2009-07-27 16:12 . 2009-07-27 16:12 -------- d-----w- c:\windows\Simple Port Forwarding
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-23 20:53 . 2009-07-23 21:05 -------- d-----w- c:\program files\UrbanTerror4.1
2009-07-23 04:23 . 2009-07-23 04:23 -------- d-----w- c:\program files\OpenAL
2009-07-23 04:21 . 2009-07-23 04:22 -------- d-----w- c:\program files\AssaultCube_v1.0
2009-07-21 23:50 . 2009-07-21 23:50 -------- d-----w- c:\program files\Zachtronics Industries
2009-07-20 16:11 . 2009-07-20 16:11 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\JCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 21:52 . 2009-03-22 17:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-17 20:55 . 2009-02-02 23:56 -------- d-----w- c:\program files\Digsby
2009-08-12 20:12 . 2009-02-08 00:37 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Digsby
2009-08-12 17:22 . 2008-06-25 20:09 -------- d-----w- c:\program files\mIRC
2009-08-11 15:45 . 2009-07-04 02:22 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-08-11 01:56 . 2009-01-19 21:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-11 01:33 . 2007-07-24 14:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-10 17:35 . 2007-07-24 18:07 63620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-10 16:34 . 2008-12-09 19:06 7912 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-10 15:51 . 2005-08-19 22:19 77160 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 15:46 . 2007-07-24 14:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 15:29 . 2009-07-12 01:47 -------- d-----w- c:\program files\PeerGuardian2
2009-08-10 05:22 . 2009-05-23 03:48 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\uTorrent
2009-08-10 05:13 . 2009-08-10 05:13 1234791 ----a-w- c:\windows\system32\xa.tmp
2009-08-08 07:07 . 2009-05-18 01:04 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\IceChat
2009-08-08 03:11 . 2007-11-11 02:05 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-08 02:54 . 2007-11-11 02:05 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-07 01:32 . 2009-05-03 23:11 -------- d-----w- c:\program files\Xfire
2009-08-05 09:01 . 2005-08-18 20:20 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 00:45 . 2008-07-01 02:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 17:31 . 2009-05-03 23:11 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Xfire
2009-07-30 14:09 . 2009-05-10 04:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-30 03:59 . 2008-11-22 18:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files
2009-07-30 01:00 . 2006-12-25 21:28 -------- d-----w- c:\program files\EA GAMES
2009-07-30 01:00 . 2005-08-19 18:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1B6.tmp
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1B5.tmp
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1B3.tmp
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1B2.tmp
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1A2.tmp
2009-07-29 03:08 . 2009-07-29 03:08 0 ----a-w- c:\windows\VDM1A1.tmp
2009-07-29 03:07 . 2009-07-29 03:07 0 ----a-w- c:\windows\VDM16F.tmp
2009-07-29 03:07 . 2009-07-29 03:07 0 ----a-w- c:\windows\VDM166.tmp
2009-07-29 03:07 . 2009-07-29 03:07 0 ----a-w- c:\windows\VDM165.tmp
2009-07-29 03:06 . 2009-07-29 03:06 0 ----a-w- c:\windows\VDM163.tmp
2009-07-29 03:06 . 2009-07-29 03:06 0 ----a-w- c:\windows\VDM162.tmp
2009-07-29 03:06 . 2009-07-29 03:06 0 ----a-w- c:\windows\VDM161.tmp
2009-07-29 03:06 . 2009-07-29 03:06 0 ----a-w- c:\windows\VDM15F.tmp
2009-07-29 03:06 . 2009-07-29 03:06 0 ----a-w- c:\windows\VDM15E.tmp
2009-07-29 03:05 . 2009-07-29 03:05 0 ----a-w- c:\windows\VDM159.tmp
2009-07-29 03:05 . 2009-07-29 03:05 0 ----a-w- c:\windows\VDM153.tmp
2009-07-29 03:04 . 2009-07-29 03:04 0 ----a-w- c:\windows\VDM152.tmp
2009-07-27 20:10 . 2009-06-09 20:00 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\LimeWire
2009-07-23 20:28 . 2008-08-24 03:07 -------- d-----w- c:\program files\UrbanTerror
2009-07-23 14:20 . 2007-05-20 13:34 -------- d-----w- c:\program files\IceChat7
2009-07-23 04:23 . 2007-01-12 01:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-23 04:23 . 2007-01-12 01:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-19 01:05 . 2009-07-12 02:31 -------- d-----w- c:\program files\World of Warcraft
2009-07-17 19:01 . 2005-08-18 20:20 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 15:12 . 2009-07-15 15:11 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Braid
2009-07-14 17:06 . 2008-05-22 20:33 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-14 03:43 . 2005-08-18 20:21 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:57 . 2009-07-14 02:41 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Sony
2009-07-14 02:42 . 2009-07-14 02:42 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Publish Providers
2009-07-14 02:39 . 2009-07-14 02:39 -------- d-----w- c:\program files\Vstplugins
2009-07-14 02:39 . 2009-07-14 02:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sony
2009-07-14 02:39 . 2005-08-19 19:35 -------- d-----w- c:\program files\Sony
2009-07-14 02:37 . 2009-07-14 02:37 -------- d-----w- c:\program files\Sony Setup
2009-07-13 01:14 . 2009-07-13 01:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 01:13 . 2005-08-19 19:04 -------- d-----w- c:\program files\Java
2009-07-13 01:13 . 2009-07-13 01:13 152576 ----a-w- c:\documents and settings\Darkebrz\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-12 03:17 . 2009-07-12 02:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-11 23:16 . 2009-07-03 05:42 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\.minecraft
2009-07-11 21:36 . 2009-07-11 21:36 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\InstallShield Installation Information
2009-07-11 21:36 . 2009-07-11 21:36 -------- d-----w- c:\program files\Bethesda Softworks
2009-07-11 21:33 . 2009-07-11 21:49 147456 ----a-w- c:\documents and settings\Darkebrz\Application Data\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll
2009-07-11 03:19 . 2005-08-19 22:03 -------- d-----w- c:\program files\Google
2009-07-11 02:37 . 2009-04-30 23:33 98304 ----a-w- c:\documents and settings\Darkebrz\Application Data\Soldat\Battleye\BEClient.dll
2009-07-10 17:19 . 2009-07-10 17:06 -------- d-----w- c:\program files\Braid
2009-07-09 02:29 . 2006-12-31 16:04 685 -c--a-w- c:\windows\eReg.dat
2009-07-06 14:34 . 2009-07-06 14:34 -------- d-----w- c:\program files\Data Realms
2009-07-05 02:19 . 2009-07-05 02:19 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Humanbalance
2009-07-04 02:57 . 2009-07-04 02:23 -------- d-----w- c:\documents and settings\Darkebrz\Application Data\Crayon Physics Deluxe
2009-06-29 16:12 . 2005-08-18 20:20 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-18 20:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-18 20:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 20:36 . 2009-06-27 18:50 1291640 ----a-w- c:\documents and settings\Darkebrz\Application Data\Mozilla\Firefox\Profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 20:36 . 2009-06-27 18:50 729088 ----a-w- c:\documents and settings\Darkebrz\Application Data\Mozilla\Firefox\Profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-23 05:36 . 2005-08-18 20:32 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-22 16:49 . 2009-04-05 22:10 -------- d-----w- c:\program files\Activision
2009-06-20 22:11 . 2009-06-01 22:36 180768 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-16 14:36 . 2005-08-18 20:20 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-18 20:20 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 21:15 . 2007-11-11 02:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-12 21:10 . 2009-05-25 21:16 139152 ----a-w- c:\documents and settings\Darkebrz\Application Data\PnkBstrK.sys
2009-06-12 21:10 . 2009-05-25 21:16 139152 ----a-w- c:\documents and settings\Darkebrz\Application Data\PnkBstrK.sys
2009-06-12 21:10 . 2009-05-25 21:16 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-12 12:31 . 2005-08-18 20:20 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-18 20:20 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-08-18 20:20 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-08-18 20:29 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2005-08-18 20:20 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 22:22 . 2009-06-08 22:22 144 ----a-w- c:\documents and settings\Darkebrz\Application Data\wklnhst.dat
2009-06-08 22:20 . 2009-05-04 02:02 1 ----a-w- c:\documents and settings\Darkebrz\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-07 18:21 . 2009-06-07 18:21 10134 ----a-r- c:\documents and settings\Darkebrz\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-06 03:18 . 2009-02-07 16:13 131 ----a-w- c:\documents and settings\Darkebrz\Local Settings\Application Data\fusioncache.dat
2009-06-03 19:09 . 2005-08-18 20:20 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-03-30 16:21 . 2007-03-30 16:20 4760576 -csha-w- c:\program files\ehthumbs.db
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\documents and settings\Darkebrz\Local Settings\Apps\F.lux\flux.exe" [2009-02-25 962560]
"Wakoopa"="c:\program files\Wakoopa\Wakoopa.exe" [2009-03-25 573440]
"SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088]
"Steam"="c:\program files\Steam\Steam.exe" [2009-08-11 1217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-19 1261336]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-08-12 1793808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Hello\Start Menu\Programs\Startup\
ehthumbs.db [2007-3-30 1536]
c:\documents and settings\Yay\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-29 3450608]
Transparent Windows.lnk - c:\documents and settings\Yay\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe [2007-10-30 1078]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-06 03:21 10520 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Darkebrz^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Darkebrz\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darkebrz^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Darkebrz\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\IceChat7\\IceChat7.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Yay\\Desktop\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\soldatbeta5\\Soldat.exe"=
"c:\\Documents and Settings\\Yay\\Desktop\\Assorted\\Games\\L4D\\Left4Dead\\hl2.exe"=
"c:\\Documents and Settings\\Yay\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Soldats\\Soldat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\FirstStrike.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\UrbanTerror4.1\\ioUrbanTerror.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skulltag\\Skulltag.exe"=
"c:\\Program Files\\Skulltag\\Idese.exe"=
"c:\\Program Files\\Skulltag\\Rcon_utility.exe"=
"c:\\Program Files\\X-Chat 2\\xchat.exe"=
"c:\\Documents and Settings\\Darkebrz\\My Documents\\Downloads\\Garry's-Mod 11\\Game\\hl2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56164:TCP"= 56164:TCP:Pando Media Booster
"56164:UDP"= 56164:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56629:TCP"= 56629:TCP:Pando Media Booster
"56629:UDP"= 56629:UDP:Pando Media Booster
"56257:TCP"= 56257:TCP:Pando Media Booster
"56257:UDP"= 56257:UDP:Pando Media Booster
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/19/2009 5:58 PM 325128]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [8/7/2007 5:46 PM 2944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8/12/2009 12:27 AM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8/12/2009 12:27 AM 25160]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/19/2009 5:57 PM 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/19/2009 5:58 PM 107272]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 8:43 AM 24652]
R3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [6/10/2006 5:41 AM 8078]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/19/2009 5:57 PM 875288]
S2 gupdate1c9fe562c1cd760;Google Update Service (gupdate1c9fe562c1cd760);c:\program files\Google\Update\GoogleUpdate.exe [7/6/2009 12:23 PM 133104]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XDva035;XDva035;\??\c:\windows\system32\XDva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\XDva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-braviax - braviax.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\docume~1\Darkebrz\APPLIC~1\Mozilla\Firefox\Profiles\cegv45td.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Darkebrz\Application Data\Mozilla\Firefox\Profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Darkebrz\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 13:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-18 14:10
ComboFix-quarantined-files.txt 2009-08-18 18:10
ComboFix2.txt 2008-12-14 17:03
Pre-Run: 15,751,376,896 bytes free
Post-Run: 22,610,313,216 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
530 --- E O F --- 2009-08-13 08:09
Darkebrz
2009-08-18, 21:26
All appears to be well, though I realize we probably have a bit of cleanup followed by the removal of these tools to do :). There are no longer any Google search redirects, and iexplore.exe no longer starts up in the background >_<.
DDS.txt and attach.txt follow. :thanks:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Darkebrz at 14:23:03.10 on Tue 08/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.339 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Darkebrz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Chrome Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [F.lux] "c:\documents and settings\darkebrz\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Wakoopa] c:\program files\wakoopa\Wakoopa.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\darkebrz\applic~1\mozilla\firefox\profiles\cegv45td.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\darkebrz\application data\mozilla\firefox\profiles\cegv45td.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\darkebrz\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-19 27656]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-8-7 2944]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-12 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-12 25160]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-19 107272]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-8-12 707152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [2006-6-10 8078]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-19 875288]
S2 gupdate1c9fe562c1cd760;Google Update Service (gupdate1c9fe562c1cd760);c:\program files\google\update\GoogleUpdate.exe [2009-7-6 133104]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XDva035;XDva035;\??\c:\windows\system32\xdva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\xdva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]
=============== Created Last 30 ================
2009-08-18 14:09 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-18 13:49 4,224 ac------ c:\windows\system32\dllcache\beep.sys
2009-08-18 13:49 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-08-18 12:57 216,064 a------- c:\windows\PEV.exe
2009-08-18 04:38 <DIR> a-d-h--- C:\$clean_tmp
2009-08-18 03:05 <DIR> --d----- c:\program files\File Shredder
2009-08-17 23:23 <DIR> --d----- c:\program files\AutoIt3
2009-08-17 19:54 <DIR> --d----- c:\documents and settings\darkebrz\.thumbnails
2009-08-17 15:14 <DIR> --d----- C:\cac54d4aa302d6719b1613
2009-08-13 03:57 197 a------- c:\windows\system32\MRT.INI
2009-08-12 23:45 0 a----r-- C:\logwmemory.bin
2009-08-12 23:43 25 a------- c:\windows\popcinfot.dat
2009-08-12 17:31 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 17:30 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-08-12 00:27 179,792 a------- c:\windows\system32\guard32.dll
2009-08-12 00:27 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-12 00:27 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-12 00:27 <DIR> --d----- c:\program files\COMODO
2009-08-11 12:29 <DIR> --d----- c:\program files\Steam
2009-08-11 11:26 10,240 a------- c:\windows\braviax.exv
2009-08-10 15:32 <DIR> --d----- c:\windows\ShellNew
2009-08-10 15:32 <DIR> --d----- c:\program files\AutoHotkey
2009-08-10 11:48 <DIR> --d----- c:\program files\Spybot
2009-08-10 03:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 03:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-10 03:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 03:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-10 02:46 <DIR> --d----- c:\program files\Unlocker
2009-08-10 01:29 20,480 a------- c:\windows\system32\UACvtstmqxcsb.dll
2009-08-10 01:29 18,432 a------- c:\windows\system32\UACqxnkbdbtde.dll
2009-08-10 01:29 30,208 a------- c:\windows\system32\UACowpsecbvla.dll
2009-08-10 01:29 1,110,399 a------- c:\windows\system32\UACkternpfbpu.db
2009-08-10 01:29 310 a------- c:\windows\system32\UACuyavnqqori.dat
2009-08-10 01:29 74,240 a------- c:\windows\system32\UACpegnwmkjtp.dll
2009-08-10 01:13 1,234,791 a------- c:\windows\system32\xa.tmp
2009-08-07 21:22 <DIR> --d----- c:\program files\Wakoopa
2009-08-07 02:40 <DIR> --d----- C:\SAVE
2009-08-07 02:27 <DIR> --d----- C:\Sierra
2009-08-01 23:34 <DIR> --d----- c:\docume~1\darkebrz\applic~1\X-Chat 2
2009-08-01 23:27 <DIR> --d----- c:\program files\X-Chat 2
2009-08-01 02:38 <DIR> --d----- c:\program files\Skulltag
2009-07-31 15:33 <DIR> --d----- c:\docume~1\darkebrz\applic~1\mIRC
2009-07-31 03:01 <DIR> --d----- C:\3871e0b31e0fd4d092
2009-07-31 03:00 <DIR> --d----- C:\34fc0db049b560bc804702843b
2009-07-30 23:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-30 23:41 1,409 a------- c:\windows\QTFont.for
2009-07-30 19:51 <DIR> --d----- c:\program files\VideoLAN
2009-07-30 10:09 <DIR> --d----- c:\program files\Warrior Epic
2009-07-30 10:05 <DIR> --d----- C:\Chrome Downloads
2009-07-28 23:08 0 a------- c:\windows\VDM1B6.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B5.tmp
2009-07-28 23:08 285 a------- c:\windows\EReg072.dat
2009-07-28 23:08 0 a------- c:\windows\VDM1B3.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1B2.tmp
2009-07-28 23:08 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-07-28 23:08 140,800 a------- c:\windows\system32\tm20dec.ax
2009-07-28 23:08 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-07-28 23:08 0 a------- c:\windows\VDM1A2.tmp
2009-07-28 23:08 0 a------- c:\windows\VDM1A1.tmp
2009-07-28 23:07 63,488 a------- c:\windows\system32\unam4ie.exe
2009-07-28 23:07 194,320 a------- c:\windows\system32\qcut.dll
2009-07-28 23:07 11,776 a------- c:\windows\system32\mciqtz.drv
2009-07-28 23:07 10,240 a------- c:\windows\system32\vidx16.dll
2009-07-28 23:07 5,672 a------- c:\windows\system32\quartz.vxd
2009-07-28 23:07 0 a------- c:\windows\VDM16F.tmp
2009-07-28 23:07 4,608 a------- c:\windows\system32\w95inf32.dll
2009-07-28 23:07 2,272 a------- c:\windows\system32\w95inf16.dll
2009-07-28 23:07 0 a------- c:\windows\VDM166.tmp
2009-07-28 23:07 0 a------- c:\windows\VDM165.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM163.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM162.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM161.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15F.tmp
2009-07-28 23:06 0 a------- c:\windows\VDM15E.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM159.tmp
2009-07-28 23:05 0 a------- c:\windows\VDM153.tmp
2009-07-28 23:04 0 a------- c:\windows\VDM152.tmp
2009-07-28 22:57 <DIR> --d----- c:\documents and settings\darkebrz\WINDOWS
2009-07-27 12:12 <DIR> --d----- c:\windows\Simple Port Forwarding
2009-07-27 12:12 <DIR> --d----- c:\program files\Simple Port Forwarding
2009-07-23 21:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-23 16:53 <DIR> --d----- c:\program files\UrbanTerror4.1
2009-07-23 10:20 1,071,088 a------- c:\windows\system32\mscomctl.ocx
2009-07-23 00:23 <DIR> --d----- c:\program files\OpenAL
2009-07-23 00:21 <DIR> --d----- c:\program files\AssaultCube_v1.0
2009-07-21 19:50 <DIR> --d----- c:\program files\Zachtronics Industries
2009-07-20 12:11 <DIR> --d----- c:\docume~1\darkebrz\applic~1\JCreator
==================== Find3M ====================
2009-08-10 13:35 63,620 a---h--- c:\windows\system32\mlfcache.dat
2009-08-10 12:34 7,912 a------- c:\windows\system32\d3d9caps.dat
2009-08-07 23:11 139,072 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 22:54 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-23 00:23 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-23 00:23 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-12 21:14 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-23 01:36 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 17:15 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-12 17:10 139,152 a------- c:\docume~1\darkebrz\applic~1\PnkBstrK.sys
2009-06-12 17:10 794,408 a------- c:\windows\system32\pbsvc.exe
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-08 18:22 144 a------- c:\docume~1\darkebrz\applic~1\wklnhst.dat
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-02-07 13:20 34 a------- c:\documents and settings\darkebrz\jagex_runescape_preferences.dat
2007-12-15 18:25 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-03-30 12:21 4,760,576 ac-sh--- c:\program files\ehthumbs.db
============= FINISH: 14:23:54.93 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2006 2:30:43 PM
System Uptime: 8/18/2009 1:13:52 PM (1 hours ago)
Motherboard: Intel Corporation | | PRAGUE
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 226 GiB total, 21.112 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Sansa Media Converter
7-Zip 4.65
7500_7600_7700_Help
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AIM 6
Apple Software Update
AruaROSE
AssaultCube v1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoHotkey 1.0.48.03
AutoIt v3.3.0.0
AutoUpdate
AVG Free 8.0
Battlefield 2(TM)
Battlefield 2142 Deluxe Edition
Battlefield Heroes
Battlefield Heroes (PTE)
Belarc Advisor 7.2
BF2 Editor
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CGoban 3
Click to DVD 2.4.10
COMODO Internet Security
Cottage Of Doom 1.0
Crayon Physics Deluxe - release 51
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D-Link VGA Webcam
Destinations
Detritus 1.3.08
DeviceManagementQFolder
Digsby
DivX Codec
DivX Web Player
DocProc
DocProcQFolder
DVgate Plus
Dyson v1.10
EA Download Manager
eSupportQFolder
F.lux
Fallout 3
File Shredder 2.0
FileZilla Client 3.2.6.1
Finale NotePad 2009
Form Fill (Windows Live Toolbar)
FoxyTunes for Firefox
Fraps (remove only)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
GearDrvs
GIMP 2.4.7
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google SketchUp 7
Google Toolbar for Firefox
Google Update Helper
Google Updater
Google Web Accelerator
GraphicsGale FreeEdition version 1.93
GTA San Andreas
GTA2
GTK+ 2.10.6-1 runtime environment
GTK+ Runtime 2.12.1 rev a (remove only)
Half-Life
Half-Life 2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Memories Disc
hp officejet 6100 series
HP Officejet Pro All-In-One Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HyperCam 2
IceChat 7.63 (Build 20080417)
Image Converter 2
Infiniminer
Instant Eyedropper 1.75
InstantShareDevicesMFC
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for VAIO
IrfanView (remove only)
ISScript
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 14
Java(TM) 6 Update 7
JCreator LE 4.50
L7500
La Tale
Line Rider 2
Logitech iTouch Software
Mabinogi
Map Button (Windows Live Toolbar)
MapleStory
MarketResearch
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
Microsoft WSE 3.0 Runtime
Miners4k
mIRC
MoodLogic
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.14)
MPlugin
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musicnotes Player V1.23.1
Napster
Napster Burn Engine
Need for Speed™ Undercover
Netscape Internet Service Setup
Network Play System (Patching)
Noitu Love 2: Devolution
Notepad++
NVIDIA PhysX v8.09.04
ObjectDock
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
OpenAL
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.2.00
OpenOffice.org 3.0
Opera 9.20
Opera 9.27
Oregon Trail 5
Paint.NET v3.35
Pando Media Booster
PanoStandAlone
PDF Settings
PeerGuardian 2.0
Pharaoh and Cleopatra
Pivot Stickfigure Animator
Poke
Popup Blocker (Windows Live Toolbar)
ProductContext
Project64 1.6
PunkBuster Services
Python 2.6
Quicken 2005
QuickTime
RealPlayer Basic
Rhapsody Player Engine
Risk
ROM CHECK FAIL 1.0
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Simple Port Forwarding
Skins
Skulltag
Skype™ 3.6
Smart Menus (Windows Live Toolbar)
Soldat 1.5.0
Soldat BOT Creator/Editor 1.2.0
SolutionCenter
Sonic Encoders
SonicStage 3.2
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony TV Tuner Library 1.0
Sony Video Shared Library
SpeedFan (remove only)
Spybot - Search & Destroy
Star Wars Galactic Battlegrounds: Saga
Starcraft
Status
Steam
StepMania (remove only)
Stunt Playground
System Shock2
TeqDemo
TeqTaunt
The Sims
TI Connect 1.6
Toolbox
Transparent Windows
TrayApp
Undelete Plus 2.98
UniTaunt 1.0
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Urban Terror 4.1
VAIO Central
VAIO Entertainment Platform
VAIO Light Flo Wallpaper
VAIO Long Battery Life Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.2
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Normal Contents
VAIO Registration
VAIO Support Central
VAIO Survey Standalone
VAIO Update 2
Vegas Movie Studio Platinum 9.0
Vektor Space
VeohTV BETA
Video Edit Magic Express 4.11
Viewpoint Media Player
Virtools 3D Life Player
VLC media player 1.0.1
Wakoopa
WebFldrs XP
WebReg
West Point Bridge Designer 2007
Winamp (remove only)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
World of Warcraft FREE Trial
X-Chat 2.8.6-2
Xfire (remove only)
XviD MPEG-4 Video Codec
==== Event Viewer Messages From Past Week ========
8/18/2009 12:58:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/18/2009 12:43:19 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 12:43:19 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
8/18/2009 1:49:28 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
8/18/2009 1:16:28 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/17/2009 4:20:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/17/2009 4:20:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/17/2009 4:19:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2009 4:18:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 BANTExt cmdGuard cmdHlp DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2009 4:18:19 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2009 12:08:16 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
8/17/2009 12:08:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
8/17/2009 12:08:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9fe562c1cd760) service to connect.
8/17/2009 12:08:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
8/17/2009 12:08:16 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
8/17/2009 12:08:16 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2009 12:08:16 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c9fe562c1cd760) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2009 12:08:16 PM, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/17/2009 12:06:21 PM, error: SRService [104] - The System Restore initialization process failed.
8/16/2009 4:53:05 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/14/2009 2:00:34 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
8/13/2009 9:43:29 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00:17:AB:EE:C4:74. Network operations on this system may be disrupted as a result.
8/13/2009 4:06:54 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).
8/12/2009 10:09:48 PM, error: System Error [1003] - Error code 100000d1, parameter1 e25a8000, parameter2 00000002, parameter3 00000000, parameter4 ae0060a5.
8/11/2009 11:35:29 AM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
Hi,
Let's clean remaining mess :)
Upload following file to Virustotal (http://www.virustotal.com) and post back the results or a link to the results:
c:\windows\system32\drivers\beep.sys
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
http://forums.spybot.info/showthread.php?t=50689&page=2
Collect::
c:\windows\system32\UACvtstmqxcsb.dll
c:\windows\system32\UACqxnkbdbtde.dll
c:\windows\system32\UACowpsecbvla.dll
c:\windows\system32\UACuyavnqqori.dat
c:\windows\system32\UACpegnwmkjtp.dll
File::
c:\windows\system32\xa.tmp
c:\windows\braviax.exv
Folder::
c:\documents and settings\Darkebrz\Application Data\uTorrent
c:\documents and settings\Darkebrz\Application Data\LimeWire
c:\Program Files\DNA
DDS::
BHO: 1 (0x1) - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into Combo-Fix.exe. You'll be asked to submit some samples. Please have internet access enabled and follow the prompts to carry out submitting successfully.
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one (9.1 + separate updates 9.1.2 & 9.1.3 for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date. If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Darkebrz
2009-08-18, 22:11
Here is beep.sys. It seems like it is a leftover from Symantec...
http://www.virustotal.com/analisis/5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d-1250613103
I think that the virus screwed with Spybot, so I will simply uninstall it for now and reinstall when everything is done.
Darkebrz
2009-08-18, 23:09
And combofix, which was to big to post.
Kapersky is next.
Darkebrz
2009-08-18, 23:12
Er, Kasperksy is completely unusable, and shows up in some foreign language.
I have no idea what to do here.
Hi,
Did you use this (http://www.kaspersky.com/virusscanner) link for Kaspersky? In which point did it show foreign language?
Darkebrz
2009-08-19, 17:53
Strange, it seems as if it has decided to work now.
I guess I don't have all the requirements.
I guess I don't have all the requirements.
Could you elaborate that?
Darkebrz
2009-08-19, 18:30
It is working on Firefox now, so I should be able to post the results when they are done.
Great. Shall wait for the results :)
Darkebrz
2009-08-19, 21:24
Ugh, it's taking an extremely long time... It's been going for over 3 hours and has only scanned 31% and it's lagging down my computer.
I suppose I will have to post the results tomorrow 0_0.
Darkebrz
2009-08-19, 21:54
In the mean time, I will run Spybot, Malewarebytes, and AVG. Just to save my comp from being eaten alive, I will run Kaspersky overnight.
This topic has been closed due to inactivity.
If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thanks Blade81. :)