Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer randomly locks up


  • This topic is locked This topic is locked
27 replies to this topic

#1 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 September 2009 - 02:58 PM

Lately my computer has been completely locking up randomly and I end up having to turn it off and on. I'm not sure if it's because my computer is old and dying or if it's something I could get help with. Also, whenever I try to scan with RootRepeal, my computer freezes and I have to turn it on and off, so I won't have that report.. DDS (Ver_09-06-26.01) - NTFSx86 Run by Edward at 16:43:23.39 on Sun 09/20/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 127.0.0.1:8118 BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [<NO NAME>] uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [Google Update] "c:\documents and settings\edward\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [nwiz] nwiz.exe /install mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h dRunOnce: [RunNarrator] Narrator.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: tenderfoot.com Trusted Zone: wowace.com\www DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://fishingchamp.gamescampus.com/luncher/GamesCampus.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176515726406 DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\edward\applic~1\mozilla\firefox\profiles\4zh2edl5.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\edward\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\byond\bin\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-09-20 16:39 69,632 a------- c:\windows\system32\drivers\ixftefxgoicfjuxy.sys 2009-09-19 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon 2009-09-19 13:28 515,416 a------- c:\windows\system32\XAudio2_5.dll 2009-09-19 13:28 238,936 a------- c:\windows\system32\xactengine3_5.dll 2009-09-19 13:28 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll 2009-09-19 13:28 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll 2009-09-19 13:28 235,344 a------- c:\windows\system32\d3dx11_42.dll 2009-09-19 13:28 453,456 a------- c:\windows\system32\d3dx10_42.dll 2009-09-19 13:28 1,892,184 a------- c:\windows\system32\D3DX9_42.dll 2009-09-19 05:21 69,632 a------- c:\windows\system32\drivers\bdwqecxtyectfgoi.sys 2009-09-18 18:33 73,728 a------- c:\windows\system32\diamondback.cpl 2009-09-18 15:47 64,000 a------- c:\windows\system32\usbctl.exe 2009-09-13 18:52 <DIR> --d----- c:\documents and settings\edward\.lostlaby 2009-09-13 18:49 <DIR> --d----- c:\program files\Castlevania - The Bloodletting V.1.3 BETA 2009-09-09 13:16 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-06 19:57 <DIR> --d----- c:\program files\GOG.com 2009-08-30 17:44 <DIR> --d----- c:\program files\1964 2009-08-22 11:34 <DIR> --d----- c:\program files\Shiny ==================== Find3M ==================== 2009-09-19 13:12 179,792 a------- c:\windows\system32\guard32.dll 2009-09-19 13:12 132,296 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll 2009-08-21 01:08 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-08-21 01:08 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-08-09 22:30 5,120 a------- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs 2009-08-07 05:00 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 23:46 34 a------- c:\documents and settings\edward\jagex_runescape_preferences.dat 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-01 04:13 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-08-01 04:09 94,208 a------- c:\docume~1\edward\applic~1\ezplay.sys 2009-08-01 04:09 87,608 a------- c:\docume~1\edward\applic~1\inst.exe 2009-08-01 04:08 47,360 a------- c:\docume~1\edward\applic~1\pcouffin.sys 2009-08-01 04:03 94,208 a------- c:\windows\system32\drivers\ezplay.sys 2009-08-01 04:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-07-23 16:20 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-07-23 15:44 2,368 a------- c:\windows\system32\SVKP.sys 2009-07-23 14:18 21,840 a------- c:\windows\system32\SIntfNT.dll 2009-07-23 14:18 17,212 a------- c:\windows\system32\SIntf32.dll 2009-07-23 14:18 12,067 a------- c:\windows\system32\SIntf16.dll 2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 14:55 4 ---shr-- C:\WINOS.SYS 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 22:04 24,540 a---h--- c:\windows\system32\mlfcache.dat 2009-07-10 21:28 139,152 a------- c:\docume~1\edward\applic~1\PnkBstrK.sys 2009-06-26 12:18 659,456 a------- c:\windows\system32\wininet.dll 2009-06-26 12:18 81,920 a------- c:\windows\system32\ieencode.dll 2009-06-25 19:38 52,736 a------- c:\windows\ipuninst.exe 2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll 2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll 2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll 2009-06-24 19:53 48,640 a------- C:\dse.exe 2008-07-22 15:33 1,568 a------- c:\docume~1\edward\applic~1\mpauth.dat 2008-07-03 23:24 64,269 a------- c:\documents and settings\edward\bncache.dat 2008-05-26 23:51 197 ac-sh--- c:\program files\common files\maxtreme.dat 2007-10-11 23:53 140,202,521 a------- c:\documents and settings\edward\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe 2007-08-17 17:29 32 a----r-- c:\documents and settings\all users\hash.dat 2007-06-16 17:59 29 a------- c:\documents and settings\edward\break.dat 2007-06-16 17:59 0 ac------ c:\documents and settings\edward\Break.bat 2009-02-07 20:38 56 ---shr-- c:\windows\system32\3D2D32B15E.sys 2009-02-07 20:38 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 16:44:39.82 ===============

Attached Files


    Advertisements

Register to Remove


#2 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 21 September 2009 - 10:10 AM

Well, I definitely have a virus and it's not just my old computer. Every now and then Nod32 pops up a dialog saying something about a Kryptic trojan located in C:\Windows\TEMP\~D81.exe and 23.exe..

#3 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 23 September 2009 - 08:02 PM

Hello and welcome to WTT!

Sorry for the delay in response.

If you still require help please do the following to see the condition of your machine.

Please read the instructions here first: http://forums.whatth...rs_t106388.html

Post the results once done. Any problems/questions you can let me know.

~Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#4 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 September 2009 - 09:55 AM

Whenever I try to scan for Hidden Services with RootAppeal, my computer locks up. I'm able to scan for everything else though. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/24 11:53 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_nvata.sys Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys Address: 0xECA30000 Size: 94208 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B6C000 Size: 8192 File Visible: No Signed: - Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7BA5000 Size: 1664 File Visible: No Signed: - Status: - Name: PCI_PNP5850 Image Path: \Driver\PCI_PNP5850 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA1EE000 Size: 49152 File Visible: No Signed: - Status: - Name: spgy.sys Image Path: spgy.sys Address: 0xF73DA000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46d46 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x867eb8a0 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46250 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee468ea #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee472c2 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46132 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee48254 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee4852c #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee45cf8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46f2c #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee470dc #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee45a5a #: 071 Function Name: NtEnumerateKey Status: Hooked by "spgy.sys" at address 0xf73f9ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spgy.sys" at address 0xf73fa032 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee47ed6 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee464d4 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46b2e #: 119 Function Name: NtOpenKey Status: Hooked by "spgy.sys" at address 0xf73db0c0 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x867eacb0 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46764 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x867eb0d0 #: 160 Function Name: NtQueryKey Status: Hooked by "spgy.sys" at address 0xf73fa10a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spgy.sys" at address 0xf73f9f8a #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee47688 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee479f0 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee47c72 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee48084 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee47488 #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee4646e #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x867eb6d0 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x867eb4f0 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xeee46658 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x867eaee0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x867eb310 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Edward at 11:41:50.46 on Thu 09/24/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = 127.0.0.1:8118 BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [<NO NAME>] uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [Google Update] "c:\documents and settings\edward\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [nwiz] nwiz.exe /install mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h dRunOnce: [RunNarrator] Narrator.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: tenderfoot.com Trusted Zone: wowace.com\www DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://fishingchamp.gamescampus.com/luncher/GamesCampus.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176515726406 DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\edward\applic~1\mozilla\firefox\profiles\4zh2edl5.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\edward\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\byond\bin\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-09-22 12:08 <DIR> --d----- c:\program files\BlackIsle 2009-09-21 12:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-20 16:39 69,632 a------- c:\windows\system32\drivers\ixftefxgoicfjuxy.sys 2009-09-19 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon 2009-09-19 13:28 515,416 a------- c:\windows\system32\XAudio2_5.dll 2009-09-19 13:28 238,936 a------- c:\windows\system32\xactengine3_5.dll 2009-09-19 13:28 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll 2009-09-19 13:28 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll 2009-09-19 13:28 235,344 a------- c:\windows\system32\d3dx11_42.dll 2009-09-19 13:28 453,456 a------- c:\windows\system32\d3dx10_42.dll 2009-09-19 13:28 1,892,184 a------- c:\windows\system32\D3DX9_42.dll 2009-09-19 05:21 69,632 a------- c:\windows\system32\drivers\bdwqecxtyectfgoi.sys 2009-09-18 18:33 73,728 a------- c:\windows\system32\diamondback.cpl 2009-09-18 15:47 64,000 a------- c:\windows\system32\usbctl.exe 2009-09-13 18:52 <DIR> --d----- c:\documents and settings\edward\.lostlaby 2009-09-13 18:49 <DIR> --d----- c:\program files\Castlevania - The Bloodletting V.1.3 BETA 2009-09-09 13:16 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-06 19:57 <DIR> --d----- c:\program files\GOG.com 2009-08-30 17:44 <DIR> --d----- c:\program files\1964 ==================== Find3M ==================== 2009-09-22 12:09 52,736 a------- c:\windows\ipuninst.exe 2009-09-19 13:12 179,792 a------- c:\windows\system32\guard32.dll 2009-09-19 13:12 132,296 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll 2009-08-21 01:08 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-08-21 01:08 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-08-09 22:30 5,120 a------- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs 2009-08-07 05:00 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 23:46 34 a------- c:\documents and settings\edward\jagex_runescape_preferences.dat 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-01 04:13 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-08-01 04:09 94,208 a------- c:\docume~1\edward\applic~1\ezplay.sys 2009-08-01 04:09 87,608 a------- c:\docume~1\edward\applic~1\inst.exe 2009-08-01 04:08 47,360 a------- c:\docume~1\edward\applic~1\pcouffin.sys 2009-08-01 04:03 94,208 a------- c:\windows\system32\drivers\ezplay.sys 2009-08-01 04:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-07-23 16:20 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-07-23 15:44 2,368 a------- c:\windows\system32\SVKP.sys 2009-07-23 14:18 21,840 a------- c:\windows\system32\SIntfNT.dll 2009-07-23 14:18 17,212 a------- c:\windows\system32\SIntf32.dll 2009-07-23 14:18 12,067 a------- c:\windows\system32\SIntf16.dll 2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 14:55 4 ---shr-- C:\WINOS.SYS 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 22:04 24,540 a---h--- c:\windows\system32\mlfcache.dat 2009-07-10 21:28 139,152 a------- c:\docume~1\edward\applic~1\PnkBstrK.sys 2009-06-26 12:18 659,456 a------- c:\windows\system32\wininet.dll 2009-06-26 12:18 81,920 a------- c:\windows\system32\ieencode.dll 2008-07-22 15:33 1,568 a------- c:\docume~1\edward\applic~1\mpauth.dat 2008-07-03 23:24 64,269 a------- c:\documents and settings\edward\bncache.dat 2008-05-26 23:51 197 ac-sh--- c:\program files\common files\maxtreme.dat 2007-10-11 23:53 140,202,521 a------- c:\documents and settings\edward\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe 2007-08-17 17:29 32 a----r-- c:\documents and settings\all users\hash.dat 2007-06-16 17:59 29 a------- c:\documents and settings\edward\break.dat 2007-06-16 17:59 0 ac------ c:\documents and settings\edward\Break.bat 2009-02-07 20:38 56 ---shr-- c:\windows\system32\3D2D32B15E.sys 2009-02-07 20:38 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 11:42:48.84 ===============

Attached Files



#5 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 24 September 2009 - 04:16 PM

Hello.

There are several hooks, I would like you to try GMER.

Download and Run Scan with GMER

We will use GMER to scan for rootkits. This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Download and run OTL

  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#6 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 26 September 2009 - 10:06 AM

I tried downloading OTL but my scanner picked it up as a virus. Should I just ignore the warning?

#7 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 27 September 2009 - 11:52 AM

Er, nevermind.


GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-26 12:07:05
Windows 5.1.2600 Service Pack 2
Running: cdy6otfx.exe; Driver: C:\DOCUME~1\Edward\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEBC9DD46]
SSDT 863818A0 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEBC9D250]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEBC9D8EA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xEBC9E2C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEBC9D132]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEBC9F254]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEBC9F52C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEBC9CCF8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEBC9DF2C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xEBC9E0DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xEBC9CA5A]
SSDT spls.sys ZwEnumerateKey [0xF7479CA4]
SSDT spls.sys ZwEnumerateValueKey [0xF747A032]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEBC9EED6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEBC9D4D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEBC9DB2E]
SSDT spls.sys ZwOpenKey [0xF745B0C0]
SSDT 86380CB0 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEBC9D764]
SSDT 863810D0 ZwOpenThread
SSDT spls.sys ZwQueryKey [0xF747A10A]
SSDT spls.sys ZwQueryValueKey [0xF7479F8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEBC9E688]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEBC9E9F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEBC9EC72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEBC9F084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xEBC9E488]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEBC9D46E]
SSDT 863816D0 ZwSuspendProcess
SSDT 863814F0 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEBC9D658]
SSDT 86380EE0 ZwTerminateProcess
SSDT 86381310 ZwTerminateThread

INT 0x62 ? 8736CBF8
INT 0x63 ? 87172F00
INT 0x73 ? 8736CBF8
INT 0x82 ? 8736CBF8
INT 0x83 ? 8736CBF8
INT 0xB4 ? 87172F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8736B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 86444500

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\usbohci \Device\USBPDO-0 871BD1F8
Device \Driver\sptd \Device\1320800978 spls.sys
Device \Driver\usbehci \Device\USBPDO-1 871B91F8

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8736D1F8
Device \Driver\Cdrom \Device\CdRom0 871311F8
Device \Driver\Cdrom \Device\CdRom1 871311F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C4E0FC34-E59A-409D-8D9A-07B94A9AC5C2} 8649D500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8649D500
Device \Driver\NetBT \Device\NetbiosSmb 8649D500
Device \Driver\PCI_PNP5978 \Device\0000005a spls.sys

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\NetBT \Device\NetBT_Tcpip_{CFD068B8-6990-4C76-AC73-5F1398231440} 8649D500
Device \Driver\usbohci \Device\USBFDO-0 871BD1F8
Device \Driver\nvata \Device\0000007a 8736C1F8
Device \Driver\nvata \Device\NvAta0 8736C1F8
Device \Driver\usbehci \Device\USBFDO-1 871B91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 87190500
Device \Driver\nvata \Device\NvAta1 8736C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 87190500
Device \Driver\nvata \Device\NvAta2 8736C1F8
Device \Driver\nvata \Device\0000007c 8736C1F8
Device \Driver\Ftdisk \Device\FtControl 8736D1F8
Device \Driver\aaycmal2 \Device\Scsi\aaycmal21 870071F8
Device \Driver\aaycmal2 \Device\Scsi\aaycmal21Port3Path0Target0Lun0 870071F8
Device \FileSystem\Fastfat \Fat 86444500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 864A2500

---- Threads - GMER 1.0.15 ----

Thread System [4:392] 8637F930

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 9/27/2009 1:45:18 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Edward\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 401.59 Mb Available Physical Memory | 39.24% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.68 Gb Free Space | 36.79% Space Free | Partition Type: NTFS
Drive D: | 16.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDDIE
Current User Name: Edward
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/09/19 13:10:21 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/19 13:10:59 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/09/18 18:33:26 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usbctl.exe
PRC - [2009/06/28 15:45:08 | 00,045,091 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/22 10:10:50 | 00,640,240 | ---- | M] (Piriform Ltd) -- C:\Program Files\Defraggler\df.exe
PRC - [2009/07/01 12:38:40 | 01,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/06/04 06:28:42 | 03,670,016 | ---- | M] () -- C:\Program Files\SoulseekNS\slsk.exe
PRC - [2009/09/27 13:44:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/08/16 07:58:05 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Unknown | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Unknown | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Unknown | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Unknown | Stopped])
SRV - [2009/09/19 13:10:21 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Unknown | Running])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [Unknown | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Unknown | Running])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Unknown | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Unknown | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Unknown | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (iPod Service [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Unknown | Running])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Unknown | Stopped])
SRV - [2009/06/22 11:44:00 | 03,087,772 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [Unknown | Stopped])
SRV - [2007/08/02 13:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Unknown | Stopped])
SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Unknown | Running])
SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Unknown | Running])
SRV - [2009/09/18 18:33:26 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usbctl.exe -- (usbctl [Unknown | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Unknown | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Unknown | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Unknown | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/05/19 15:44:52 | 03,965,056 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [Unknown | Running])
DRV - [2005/11/21 01:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Unknown | Running])
DRV - [2007/11/09 20:54:52 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Unknown | Running])
DRV - [2009/09/19 13:12:06 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [Unknown | Running])
DRV - [2009/09/19 13:12:06 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [Unknown | Running])
DRV - [2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys -- (DAdderFltr [Unknown | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Unknown | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [Unknown | Running])
DRV - [2009/05/14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [Unknown | Running])
DRV - [2009/08/01 04:03:28 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\ezplay.sys -- (ezplay [Unknown | Stopped])
DRV - [2005/12/29 02:03:00 | 00,043,008 | R--- | M] (Best Buy Corporation ) -- C:\WINDOWS\System32\DRIVERS\dxe1015b.sys -- (FETNDISB [Unknown | Stopped])
DRV - [2004/08/03 19:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [Unknown | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [Unknown | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys -- (giveio [Unknown | Running])
DRV - [2007/06/03 18:32:10 | 00,069,905 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [Unknown | Stopped])
DRV - [2009/05/20 15:43:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [Unknown | Running])
DRV - [2009/09/19 13:12:08 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Unknown | Running])
DRV - [2007/11/09 20:54:52 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Unknown | Running])
DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [Unknown | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [Unknown | Running])
DRV - [2005/01/04 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2 [Unknown | Stopped])
DRV - [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [Unknown | Running])
DRV - [2005/05/17 05:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Unknown | Running])
DRV - [2005/04/05 15:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [Unknown | Running])
DRV - [2005/04/05 15:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [Unknown | Running])
DRV - [2007/09/04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Unknown | Running])
DRV - [2009/08/01 04:02:59 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [Unknown | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [Unknown | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Unknown | Running])
DRV - [2005/04/24 23:43:58 | 00,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\Drivers\DB3G.sys -- (Razerlow [Unknown | Stopped])
DRV - [2006/10/10 14:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [Unknown | Running])
DRV - [2006/02/16 18:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [Unknown | Stopped])
DRV - [2007/02/27 13:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [Unknown | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Unknown | Running])
DRV - [2007/08/14 19:02:08 | 00,037,088 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\System32\Drivers\SIVX32.sys -- (SIVDRIVER [Unknown | Stopped])
DRV - [2009/08/01 04:13:27 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Unknown | Running])
DRV - [2009/07/23 15:44:04 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\SVKP.sys -- (SVKP [Unknown | Running])
DRV - [2008/06/20 05:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [Unknown | Running])
DRV - [2005/11/02 10:54:44 | 00,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\copperhd.sys -- (UsbFltr [Unknown | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Disable Script Debugger Default = yes
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,DisableScriptDebuggerIE Default = yes
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\S-1-5-21-746137067-152049171-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\S-1-5-21-746137067-152049171-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\S-1-5-21-746137067-152049171-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {190b412f-3273-4922-9954-56e8bcb5e113}:0.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.9
FF - prefs.js..extensions.enabledItems: sabnzbdstatus@dq5studios.com:1.0.10
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/23 21:36:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 01:01:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 13:16:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/06/18 03:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Extensions
[2008/06/18 03:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/17 19:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions
[2009/08/07 12:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/10/29 15:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}
[2008/06/18 12:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{1ebc69c0-92ff-11dc-8314-0800200c9a66}
[2009/08/07 13:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2008/06/18 12:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/08/07 13:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2009/08/07 13:07:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/06/18 04:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/08/07 12:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/07 12:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/04/14 18:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}(2)
[2009/08/07 13:07:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/08/07 12:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/07 13:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2007/04/15 01:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{caad1bbc-cf5d-9b9b-3a37-a1061684b0a7}
[2007/04/14 18:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{caad1bbc-cf5d-9b9b-3a37-a1061684b0a7}(2)
[2009/08/07 12:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/07 13:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/18 03:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2009/08/07 13:07:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/07 13:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/07 12:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2009/01/25 19:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/07/10 21:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com
[2009/08/07 13:47:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\cfxe@Triton
[2009/09/17 19:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\chromifox@altmusictv.com
[2008/06/26 17:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\iaplayer@instantaction.com
[2009/06/15 15:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com
[2009/08/01 02:43:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\sabnzbdstatus@dq5studios.com
[2009/09/17 19:45:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/07 13:06:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/25 01:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/26 20:00:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/28 17:44:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/23 21:37:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/26 18:09:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/24 15:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/07/08 17:07:06 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 20:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/05/07 17:32:56 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/03 23:10:49 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/01/08 19:13:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (331873 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.163.145.86 nprotect.roseonlinegame.com
O1 - Hosts: 89.163.145.86 update.nprotect.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 11367 more lines...
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-746137067-152049171-725345543-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-746137067-152049171-725345543-1004..\Run: [Google Update] C:\Documents and Settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-746137067-152049171-725345543-1004..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-746137067-152049171-725345543-1004\..Trusted Domains: tenderfoot.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-152049171-725345543-1004\..Trusted Domains: wowace.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-746137067-152049171-725345543-1004\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://fishingchamp....GamesCampus.cab (GamesCampus Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176515726406 (WUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimateb...o/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-746137067-152049171-725345543-1004 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/15 22:09:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/12 16:31:44 | 00,622,632 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2006/08/21 05:24:10 | 00,000,041 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/27 13:43:46 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2009/09/27 02:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\The Shivah
[2009/09/26 15:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Firaxis Games
[2009/09/26 15:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\love_alpha
[2009/09/26 00:56:13 | 00,000,453 | ---- | C] () -- C:\WINDOWS\fred2_open_3_6_10d.INI
[2009/09/25 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009/09/25 19:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\GOG.com Downloader
[2009/09/25 19:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/09/25 19:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/24 18:18:03 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\cdy6otfx.exe
[2009/09/24 12:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/09/24 12:55:58 | 00,022,784 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys
[2009/09/24 12:55:54 | 00,031,104 | ---- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\drivers\CYUSB.sys
[2009/09/24 12:55:43 | 00,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdder.cpl
[2009/09/22 12:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\BlackIsle
[2009/09/21 12:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/20 16:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/20 16:39:10 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ixftefxgoicfjuxy.sys
[2009/09/19 18:04:51 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2009/09/19 16:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/09/19 13:28:12 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/09/19 13:28:11 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/09/19 13:28:10 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/09/19 13:28:08 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/09/19 13:28:07 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/09/19 13:28:06 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/09/19 13:28:05 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/09/19 05:21:23 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdwqecxtyectfgoi.sys
[2009/09/18 15:47:00 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbctl.exe
[2009/09/17 02:12:59 | 00,010,129 | ---- | C] () -- C:\Documents and Settings\Edward\My Documents\Picture0007.jpg
[2009/09/15 23:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Rawr v2.2.16
[2009/09/13 19:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\Spelunky
[2009/09/13 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Castlevania - The Bloodletting V.1.3 BETA
[2009/09/09 13:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/09/06 19:57:46 | 00,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2009/08/30 17:44:50 | 00,000,000 | ---D | C] -- C:\Program Files\1964
[2009/08/07 21:19:10 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/07/23 14:18:17 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/07/23 14:18:17 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/07/23 14:18:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/03 19:36:31 | 00,001,009 | ---- | C] () -- C:\WINDOWS\msvideo.dll
[2009/06/03 19:36:31 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tango.ini
[2009/02/13 02:43:24 | 00,000,078 | ---- | C] () -- C:\WINDOWS\CheetaChat.INI
[2009/02/07 20:38:45 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\3D2D32B15E.sys
[2009/02/07 20:38:40 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/02 23:33:17 | 00,003,710 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2009/01/20 20:31:07 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/01/02 00:13:05 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 23:11:40 | 00,000,107 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/07/06 13:37:28 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/07/06 13:31:16 | 00,000,074 | ---- | C] () -- C:\WINDOWS\System32\config.ini
[2008/07/03 04:39:02 | 00,103,424 | ---- | C] ( ) -- C:\WINDOWS\System32\nUI_nat.dll
[2008/06/26 16:10:46 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/06/22 16:36:54 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/13 15:22:03 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamthWDM.sys
[2008/01/08 16:26:10 | 00,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2007/12/17 14:03:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/09 20:54:52 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/09 20:54:52 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/06/03 18:32:13 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2007/06/03 18:32:10 | 00,573,503 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2007/05/28 14:06:35 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/24 13:08:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/03/19 18:01:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/03/09 11:15:22 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\ELVideoCapture.dll
[2006/12/17 14:49:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/16 17:27:42 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/10/11 17:26:15 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/06 21:59:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/07/09 16:33:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/15 22:19:12 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/05/15 22:17:23 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/15 22:16:42 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/15 22:16:42 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/15 22:16:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/13 11:30:06 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2005/12/10 07:06:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 07:06:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 07:06:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 07:06:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 07:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 07:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/30 01:00:00 | 00,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 01:00:00 | 00,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 01:00:00 | 00,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/04 08:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 08:00:00 | 00,000,952 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/05 00:42:42 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/27 13:44:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2009/09/27 13:16:09 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
[2009/09/27 13:16:02 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
[2009/09/27 12:39:00 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2009/09/27 11:40:41 | 00,198,464 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/27 11:39:09 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/27 11:38:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 11:38:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/26 22:50:40 | 02,075,170 | -H-- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\IconCache.db
[2009/09/26 00:56:13 | 00,000,453 | ---- | M] () -- C:\WINDOWS\fred2_open_3_6_10d.INI
[2009/09/26 00:52:57 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/09/26 00:52:57 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/09/24 18:18:07 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\cdy6otfx.exe
[2009/09/22 20:22:10 | 00,002,425 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Paint Shop Pro 7.lnk
[2009/09/22 12:09:31 | 00,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2009/09/20 16:39:10 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\ixftefxgoicfjuxy.sys
[2009/09/20 14:34:37 | 00,331,873 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/20 14:33:50 | 00,331,873 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090920-143437.backup
[2009/09/19 18:04:51 | 00,000,139 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2009/09/19 13:12:09 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/19 13:12:08 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/19 13:12:06 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/19 13:12:06 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/19 05:21:23 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\bdwqecxtyectfgoi.sys
[2009/09/18 18:33:26 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usbctl.exe
[2009/09/18 13:34:01 | 00,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 02:27:20 | 00,028,024 | ---- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/17 02:12:59 | 00,010,129 | ---- | M] () -- C:\Documents and Settings\Edward\My Documents\Picture0007.jpg
[2009/09/15 18:07:02 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\Edward\My Documents\My Sharing Folders.lnk
[2009/09/06 15:54:38 | 00,110,592 | ---- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 17:44:40 | 00,515,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/09/04 17:44:40 | 00,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/09/04 17:44:40 | 00,069,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/09/04 17:29:34 | 00,453,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/09/04 17:29:34 | 00,235,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/09/04 17:29:32 | 05,501,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/09/04 17:29:32 | 01,974,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/09/04 17:29:30 | 01,892,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTL Extras logfile created on: 9/27/2009 1:45:18 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Edward\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 401.59 Mb Available Physical Memory | 39.24% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.68 Gb Free Space | 36.79% Space Free | Partition Type: NTFS
Drive D: | 16.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDDIE
Current User Name: Edward
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56126:TCP" = 56126:TCP:*:Enabled:Pando Media Booster
"56126:UDP" = 56126:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56804:TCP" = 56804:TCP:*:Enabled:Pando Media Booster
"56804:UDP" = 56804:UDP:*:Enabled:Pando Media Booster
"56126:TCP" = 56126:TCP:*:Enabled:Pando Media Booster
"56126:UDP" = 56126:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\KartRider\NMService.exe" = C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX00.828\Nemesis\Nemesis.exe" = C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX00.828\Nemesis\Nemesis.exe:*:Enabled:Nemesis Online -- File not found
"C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX10.422\Nemesis\Nemesis.exe" = C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX10.422\Nemesis\Nemesis.exe:*:Enabled:Nemesis Online -- File not found
"C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX13.6500\Nemesis\Nemesis.exe" = C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX13.6500\Nemesis\Nemesis.exe:*:Enabled:Nemesis Online -- File not found
"C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX00.657\Nemesis\Nemesis.exe" = C:\Documents and Settings\Edward\Local Settings\Temp\Rar$EX00.657\Nemesis\Nemesis.exe:*:Enabled:Nemesis Online -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- File not found
"C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{0ED5576B-7AFC-426D-B1D3-3E5FE36DE083}" = GTA San Andreas
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{326A2DF2-7823-45D0-BFCC-31B6A5E38095}" = Rose Online Evolution
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}" = Arx Fatalis
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Instant Messenger" = AOL Instant Messenger
"Arx Fatalis_is1" = Arx Fatalis
"Beneath a Steel Sky_is1" = Beneath a Steel Sky
"Bink and Smacker" = Bink and Smacker
"CCleaner" = CCleaner (remove only)
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"COMODO Internet Security" = COMODO Internet Security
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler (remove only)
"DFO" = DFOLauncher
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.25
"Fallout2" = Fallout2
"FLIQLO" = FLIQLO Screen Saver
"FLV Player" = FLV Player 2.0, build 24
"foobar2000" = foobar2000 v0.9.4
"Foxit Reader" = Foxit Reader
"Freespace 2_is1" = Freespace 2
"Graphical Enhancement" = Graphical Enhancement 2.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"Hunting Unlimited 2010_is1" = Hunting Unlimited 2010
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"Last.fm Player_is1" = Last.fm Player 1.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"mIRC" = mIRC
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Panda ActiveScan" = Panda ActiveScan
"PeerGuardian_is1" = PeerGuardian 2.0
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"SABnzbd" = SABnzbd (remove only)
"SCDNAS" = SHOUTcast DNAS (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SMAC 2.0" = SMAC 2.0
"Softnyx Launcher_is1" = Softnyx Launcher
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SShockDeinstallKey" = System Shock2
"Steam App 17550" = Eternal Silence
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"SystemRequirementsLab" = System Requirements Lab
"The Shivah_is1" = The Shivah v1.2
"Thumbplug TGA" = Thumbplug TGA
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WoWscape Server Browser1.1" = WoWscape Server Browser
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XiphQT" = Xiph QuickTime Components
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CF028E5-705D-4B62-AC1D-A59593B7C0BB}" = Sid Meier's Civilization 4
"11cebbe48da6d8c6" = SoulSeekkor's TQ Defiler .NET
"727d1ea1876aa06e" = WowAceUpdater
"Google Chrome" = Google Chrome
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 6530" = Lost Planet: Extreme Conditions Demo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2008 11:28:01 PM | Computer Name = EDDIE | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 12/27/2008 11:28:02 PM | Computer Name = EDDIE | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 12/28/2008 4:29:30 AM | Computer Name = EDDIE | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 12/28/2008 4:29:30 AM | Computer Name = EDDIE | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 12/28/2008 6:00:59 PM | Computer Name = EDDIE | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 12/28/2008 6:01:00 PM | Computer Name = EDDIE | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 12/29/2008 3:29:33 PM | Computer Name = EDDIE | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 12/29/2008 3:29:33 PM | Computer Name = EDDIE | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 12/29/2008 8:14:37 PM | Computer Name = EDDIE | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 12/29/2008 8:14:37 PM | Computer Name = EDDIE | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 5/26/2009 4:34:58 PM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.106.55.200 on
the Network Card with network address 7A79056A37C8.

Error - 6/12/2009 6:37:07 PM | Computer Name = EDDIE | Source = Dhcp | ID = 1002
Description = The IP address lease 69.14.173.2 for the Network Card with network
address 0C0C0C6315BA has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 6/12/2009 6:37:33 PM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0C0C0C6315BA.

Error - 7/8/2009 1:38:50 PM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.106.55.200 on
the Network Card with network address 7A79056A37C8.

Error - 8/7/2009 4:35:24 AM | Computer Name = EDDIE | Source = Dhcp | ID = 1002
Description = The IP address lease 69.14.173.2 for the Network Card with network
address 0C0C0C6315BA has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/7/2009 4:36:38 AM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0C0C0C6315BA.

Error - 8/7/2009 4:36:59 AM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0C0C0C6315BA.

Error - 8/7/2009 4:37:48 AM | Computer Name = EDDIE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0C0C0C6315BA.

Error - 8/31/2009 2:07:15 PM | Computer Name = EDDIE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 9/14/2009 12:02:18 PM | Computer Name = EDDIE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >

#8 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 27 September 2009 - 03:24 PM

Hello.

I want you to run a scan with Combofix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#9 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 27 September 2009 - 03:49 PM

ComboFix 09-09-25.01 - Edward 09/27/2009 17:35.3.1 - NTFSx86
Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Edward\Application Data\.#
c:\documents and settings\Edward\Application Data\inst.exe
c:\documents and settings\Edward\My Documents\cc_20090802_1223.reg
c:\documents and settings\Edward\Start Menu\Programs\Uninstall.lnk
c:\windows\Installer\115e12.msp
c:\windows\Installer\115e29.msp
c:\windows\Installer\949edb1.msi
c:\windows\Installer\b38193.msp
c:\windows\Installer\b381a2.msp
c:\windows\Installer\b381a8.msp
c:\windows\msvideo.dll
c:\windows\system32\Config.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\e
c:\windows\system32\Ijl11.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 06:50 . 2009-09-27 16:35 -------- d-----w- c:\program files\The Shivah
2009-09-26 19:38 . 2009-09-26 19:38 -------- d-----w- c:\documents and settings\Edward\Application Data\Firaxis Games
2009-09-25 23:56 . 2009-09-25 23:56 -------- d-----w- c:\documents and settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-09-25 23:54 . 2009-09-25 23:54 -------- d-----w- c:\program files\GOG.com Downloader
2009-09-25 23:53 . 2009-09-25 23:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 16:56 . 2009-09-24 16:56 -------- d-----w- c:\program files\DIFX
2009-09-24 16:55 . 2007-08-02 21:32 22784 ----a-w- c:\windows\system32\drivers\dadder.sys
2009-09-24 16:55 . 2005-03-03 23:47 31104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2009-09-22 16:08 . 2009-09-22 16:08 -------- d-----w- c:\program files\BlackIsle
2009-09-21 16:12 . 2009-09-21 16:12 -------- d-----w- c:\program files\Trend Micro
2009-09-20 20:42 . 2009-09-24 15:39 -------- d-----w- c:\program files\ERUNT
2009-09-20 20:39 . 2009-09-20 20:39 69632 ----a-w- c:\windows\system32\drivers\ixftefxgoicfjuxy.sys
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2009-09-19 17:28 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-19 17:28 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-19 17:28 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-19 09:21 . 2009-09-19 09:21 69632 ----a-w- c:\windows\system32\drivers\bdwqecxtyectfgoi.sys
2009-09-18 19:47 . 2009-09-18 22:33 64000 ----a-w- c:\windows\system32\usbctl.exe
2009-09-13 22:52 . 2009-09-13 23:01 -------- d-----w- c:\documents and settings\Edward\.lostlaby
2009-09-13 22:49 . 2009-09-15 19:41 -------- d-----w- c:\program files\Castlevania - The Bloodletting V.1.3 BETA
2009-09-09 17:16 . 2009-09-09 17:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-06 23:57 . 2009-09-27 19:14 -------- d-----w- c:\program files\GOG.com
2009-08-30 21:44 . 2009-08-30 21:44 -------- d-----w- c:\program files\1964

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 21:43 . 2008-06-08 02:49 -------- d-----w- c:\documents and settings\Edward\Application Data\.purple
2009-09-27 17:17 . 2009-07-21 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-09-26 21:34 . 2007-04-27 03:36 -------- d-----w- c:\documents and settings\Edward\Application Data\uTorrent
2009-09-26 19:38 . 2006-08-12 00:47 -------- d-----w- c:\documents and settings\Edward\Application Data\InstallShield Installation Information
2009-09-26 04:52 . 2008-06-12 23:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-26 04:52 . 2008-06-12 23:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-25 21:32 . 2007-04-19 17:54 -------- d-----w- c:\program files\Steam
2009-09-25 17:42 . 2007-04-14 22:25 -------- d-----w- c:\program files\World of Warcraft
2009-09-24 16:55 . 2007-09-26 21:57 -------- d-----w- c:\program files\Razer
2009-09-24 16:55 . 2006-05-16 02:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 18:07 . 2006-05-17 00:49 -------- d-----w- c:\program files\mIRC
2009-09-22 16:22 . 2007-04-06 17:06 -------- d-----w- c:\program files\Turbine
2009-09-22 16:19 . 2008-10-08 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-22 16:09 . 2008-06-26 22:21 52736 ----a-w- c:\windows\ipuninst.exe
2009-09-20 17:09 . 2007-05-24 17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 17:07 . 2007-05-24 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 17:12 . 2009-08-07 16:40 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 17:12 . 2009-08-07 16:40 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-19 17:12 . 2009-08-07 16:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 17:12 . 2009-08-07 16:40 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 06:27 . 2006-05-16 02:15 28024 ----a-w- c:\documents and settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 06:24 . 2008-06-08 02:51 -------- d-----w- c:\documents and settings\Edward\Application Data\gtk-2.0
2009-09-15 19:48 . 2007-12-26 21:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 17:16 . 2006-08-04 20:07 -------- d-----w- c:\program files\DivX
2009-09-04 21:44 . 2009-07-05 19:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:16 . 2009-01-19 16:53 -------- d-----w- c:\program files\Project64 1.6
2009-09-03 00:38 . 2006-05-18 02:06 -------- d-----w- c:\documents and settings\Edward\Application Data\Ventrilo
2009-08-31 18:08 . 2008-02-02 07:56 -------- d-----w- c:\program files\Electronic Arts
2009-08-25 18:08 . 2006-05-27 17:46 -------- d-----w- c:\program files\Soulseek
2009-08-22 15:34 . 2009-08-22 15:34 -------- d-----w- c:\program files\Shiny
2009-08-21 21:07 . 2009-08-21 18:29 -------- d-----w- c:\documents and settings\Edward\Application Data\RayV
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\program files\Osmos
2009-08-19 22:02 . 2009-08-19 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 21:52 . 2008-01-25 05:44 -------- d-----w- c:\documents and settings\Edward\Application Data\OpenOffice.org2
2009-08-12 15:56 . 2009-08-12 15:56 -------- d-----w- c:\documents and settings\Edward\Application Data\Acreon
2009-08-10 02:48 . 2009-08-10 02:36 -------- d-----w- c:\program files\Image-Line
2009-08-10 02:47 . 2009-08-10 02:41 -------- d-----w- c:\program files\VstPlugins
2009-08-10 02:38 . 2009-08-10 02:38 -------- d-----w- c:\program files\Outsim
2009-08-10 02:30 . 2009-08-10 02:30 5120 ----a-w- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs
2009-08-09 23:57 . 2009-08-07 07:29 -------- d-----w- c:\program files\PeerGuardian2
2009-08-07 18:14 . 2009-05-20 19:46 -------- d-----w- c:\documents and settings\Edward\Application Data\Hamachi
2009-08-07 16:49 . 2009-08-07 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\program files\COMODO
2009-08-07 09:00 . 2007-05-25 03:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-07 08:33 . 2008-06-08 02:32 -------- d-----w- c:\program files\ESET
2009-08-07 08:11 . 2009-08-07 08:11 -------- d-----w- c:\documents and settings\Edward\Application Data\ESET
2009-08-07 08:09 . 2008-06-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-07 07:51 . 2009-08-07 07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 16:45 . 2006-05-16 02:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-05 15:47 . 2006-05-16 04:25 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:09 . 2008-07-06 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-08-04 03:46 . 2009-08-04 03:43 34 ----a-w- c:\documents and settings\Edward\jagex_runescape_preferences.dat
2009-08-04 03:11 . 2009-01-11 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-08-04 02:53 . 2009-08-04 02:52 -------- d-----w- c:\documents and settings\Edward\Application Data\Tenderfoot Games
2009-08-03 17:36 . 2009-08-07 07:50 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-08-07 07:50 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 19:51 . 2006-08-08 21:54 -------- d-----w- c:\program files\EA GAMES
2009-08-02 16:32 . 2009-08-02 16:32 -------- d-----w- c:\program files\Defraggler
2009-08-02 16:28 . 2007-05-24 17:52 -------- d-----w- c:\program files\CCleaner
2009-08-01 20:14 . 2009-08-01 18:28 763 ----a-w- c:\windows\eReg.dat
2009-08-01 18:18 . 2009-08-01 18:18 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Pro
2009-08-01 15:32 . 2009-08-01 08:25 -------- d-----w- c:\program files\MagicISO
2009-08-01 08:56 . 2009-08-01 08:56 -------- d-----w- c:\program files\Codemasters
2009-08-01 08:22 . 2009-08-01 08:13 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Lite
2009-08-01 08:22 . 2008-06-22 20:36 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-01 08:18 . 2009-02-27 22:18 -------- d-----w- c:\documents and settings\Edward\Application Data\id Software
2009-08-01 08:13 . 2008-06-22 20:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 08:09 . 2009-08-01 08:02 -------- d-----w- c:\documents and settings\Edward\Application Data\Vso
2009-08-01 08:09 . 2009-08-01 08:03 94208 ----a-w- c:\documents and settings\Edward\Application Data\ezplay.sys
2009-08-01 08:08 . 2009-08-01 08:02 47360 ----a-w- c:\documents and settings\Edward\Application Data\pcouffin.sys
2009-08-01 08:03 . 2009-08-01 08:03 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2009-08-01 08:02 . 2009-08-01 08:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-01 04:33 . 2009-08-01 03:33 -------- d-----w- c:\program files\Gpotato
2009-07-31 20:34 . 2009-01-02 04:13 285 ----a-w- c:\windows\EReg072.dat
2009-07-23 20:20 . 2006-08-22 23:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-23 19:44 . 2009-07-23 19:44 2368 ----a-w- c:\windows\system32\SVKP.sys
2009-07-23 18:18 . 2009-07-23 18:18 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-23 18:18 . 2009-07-23 18:18 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-23 18:18 . 2009-07-23 18:18 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:55 . 2009-07-14 18:55 4 --sh--r- C:\WINOS.SYS
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:04 . 2009-07-14 02:04 24540 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-11 01:28 . 2009-02-27 22:15 139152 ----a-w- c:\documents and settings\Edward\Application Data\PnkBstrK.sys
2008-05-27 03:51 . 2008-04-13 22:20 197 -csha-w- c:\program files\Common Files\maxtreme.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 00:38 . 2009-02-08 00:38 56 --sh--r- c:\windows\system32\3D2D32B15E.sys
2009-02-08 00:38 . 2009-02-08 00:38 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 1799952]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56804:TCP"= 56804:TCP:Pando Media Booster
"56804:UDP"= 56804:UDP:Pando Media Booster
"56126:TCP"= 56126:TCP:Pando Media Booster
"56126:UDP"= 56126:UDP:Pando Media Booster

R0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys [x]
R3 adxapie;adxapie;c:\docume~1\Edward\LOCALS~1\Temp\adxapie.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-19 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-19 25160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:8118
Trusted Zone: tenderfoot.com
Trusted Zone: wowace.com\www
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 17:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,c4,b9,9f,3f,38,78,b9,1b,12,4d,22,65,c4,6f,0c,aa,ce,f5,94,e3,2b,ea,
c0,21,96,7f,44,bc,75,54,b6,4e,76,d8,18,c6,9d,28,5a,37,de,8b,14,00,19,64,27,\
"??"=hex:c5,76,78,e6,2c,d6,d2,a1,d9,73,52,64,12,8a,09,82

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3b,4b,d2,dc,7e,db,f1,5f,d0,c9,2c,36,80,e9,b8,a7,bc,1e,1d,04,94,
6f,1e,67,79,37,09,18,ff,0a,ed,a1,ae,f9,aa,d7,39,21,c4,c6,da,e0,88,69,e5,62,\
"rkeysecu"=hex:ce,d2,dd,a6,01,7d,51,2f,f8,21,09,58,c7,13,5a,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
.
Completion time: 2009-09-27 17:46
ComboFix-quarantined-files.txt 2009-09-27 21:46
ComboFix2.txt 2008-01-13 18:35

Pre-Run: 95,573,557,248 bytes free
Post-Run: 100,871,655,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

301 --- E O F --- 2009-09-14 16:04

#10 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 28 September 2009 - 02:34 PM

Hello.
Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    DDS::
    uInternet Settings,ProxyServer = 127.0.0.1:8118
    Trusted Zone: tenderfoot.com
    Trusted Zone: wowace.com\www
    Driver::
    adxapie
    FGXSCSI
    File::
    c:\docume~1\Edward\LOCALS~1\Temp\adxapie.sys
    c:\windows\system32\DRIVERS\fgxscsi.sys
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

    Advertisements

Register to Remove


#11 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 28 September 2009 - 03:25 PM

Earlier, Firefox kept crashing. I restarted and that seemed to have fixed the crashing. I opened Autoruns to see if anything weird is running on startup, and I see.. Jkezivajiyuh c:\windows\okedifexemexiz.dll Also, USBCTL.exe will randomly crash.. I don't know what this is.


ComboFix 09-09-27.05 - Edward 09/28/2009 16:44.4.1 - NTFSx86
Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Edward\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active


FILE ::
"c:\docume~1\Edward\LOCALS~1\Temp\adxapie.sys"
"c:\windows\system32\DRIVERS\fgxscsi.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\bdwqecxtyectfgoi.sys
c:\windows\system32\drivers\ixftefxgoicfjuxy.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Service_adxapie
-------\Service_FGXSCSI


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 04:22 . 2009-09-28 04:27 -------- d-----w- c:\program files\Ootake
2009-09-27 06:50 . 2009-09-27 16:35 -------- d-----w- c:\program files\The Shivah
2009-09-26 19:38 . 2009-09-26 19:38 -------- d-----w- c:\documents and settings\Edward\Application Data\Firaxis Games
2009-09-25 23:56 . 2009-09-25 23:56 -------- d-----w- c:\documents and settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-09-25 23:54 . 2009-09-25 23:54 -------- d-----w- c:\program files\GOG.com Downloader
2009-09-25 23:53 . 2009-09-25 23:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 16:56 . 2009-09-24 16:56 -------- d-----w- c:\program files\DIFX
2009-09-24 16:55 . 2007-08-02 21:32 22784 ----a-w- c:\windows\system32\drivers\dadder.sys
2009-09-24 16:55 . 2005-03-03 23:47 31104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2009-09-22 16:08 . 2009-09-22 16:08 -------- d-----w- c:\program files\BlackIsle
2009-09-21 16:12 . 2009-09-21 16:12 -------- d-----w- c:\program files\Trend Micro
2009-09-20 20:42 . 2009-09-24 15:39 -------- d-----w- c:\program files\ERUNT
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2009-09-19 17:28 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-19 17:28 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-19 17:28 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-18 19:47 . 2009-09-18 22:33 64000 ----a-w- c:\windows\system32\usbctl.exe
2009-09-13 22:52 . 2009-09-13 23:01 -------- d-----w- c:\documents and settings\Edward\.lostlaby
2009-09-13 22:49 . 2009-09-15 19:41 -------- d-----w- c:\program files\Castlevania - The Bloodletting V.1.3 BETA
2009-09-09 17:16 . 2009-09-09 17:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-06 23:57 . 2009-09-27 19:14 -------- d-----w- c:\program files\GOG.com
2009-08-30 21:44 . 2009-08-30 21:44 -------- d-----w- c:\program files\1964

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 20:55 . 2008-06-08 02:49 -------- d-----w- c:\documents and settings\Edward\Application Data\.purple
2009-09-28 17:20 . 2007-04-14 22:25 -------- d-----w- c:\program files\World of Warcraft
2009-09-27 17:17 . 2009-07-21 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-09-26 21:34 . 2007-04-27 03:36 -------- d-----w- c:\documents and settings\Edward\Application Data\uTorrent
2009-09-26 19:38 . 2006-08-12 00:47 -------- d-----w- c:\documents and settings\Edward\Application Data\InstallShield Installation Information
2009-09-26 04:52 . 2008-06-12 23:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-26 04:52 . 2008-06-12 23:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-25 21:32 . 2007-04-19 17:54 -------- d-----w- c:\program files\Steam
2009-09-24 16:55 . 2007-09-26 21:57 -------- d-----w- c:\program files\Razer
2009-09-24 16:55 . 2006-05-16 02:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 18:07 . 2006-05-17 00:49 -------- d-----w- c:\program files\mIRC
2009-09-22 16:22 . 2007-04-06 17:06 -------- d-----w- c:\program files\Turbine
2009-09-22 16:19 . 2008-10-08 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-22 16:09 . 2008-06-26 22:21 52736 ----a-w- c:\windows\ipuninst.exe
2009-09-20 17:09 . 2007-05-24 17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 17:07 . 2007-05-24 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 17:12 . 2009-08-07 16:40 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 17:12 . 2009-08-07 16:40 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-19 17:12 . 2009-08-07 16:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 17:12 . 2009-08-07 16:40 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 06:27 . 2006-05-16 02:15 28024 ----a-w- c:\documents and settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 06:24 . 2008-06-08 02:51 -------- d-----w- c:\documents and settings\Edward\Application Data\gtk-2.0
2009-09-15 19:48 . 2007-12-26 21:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 17:16 . 2006-08-04 20:07 -------- d-----w- c:\program files\DivX
2009-09-04 21:44 . 2009-07-05 19:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:16 . 2009-01-19 16:53 -------- d-----w- c:\program files\Project64 1.6
2009-09-03 00:38 . 2006-05-18 02:06 -------- d-----w- c:\documents and settings\Edward\Application Data\Ventrilo
2009-08-31 18:08 . 2008-02-02 07:56 -------- d-----w- c:\program files\Electronic Arts
2009-08-25 18:08 . 2006-05-27 17:46 -------- d-----w- c:\program files\Soulseek
2009-08-22 15:34 . 2009-08-22 15:34 -------- d-----w- c:\program files\Shiny
2009-08-21 21:07 . 2009-08-21 18:29 -------- d-----w- c:\documents and settings\Edward\Application Data\RayV
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\program files\Osmos
2009-08-19 22:02 . 2009-08-19 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 21:52 . 2008-01-25 05:44 -------- d-----w- c:\documents and settings\Edward\Application Data\OpenOffice.org2
2009-08-12 15:56 . 2009-08-12 15:56 -------- d-----w- c:\documents and settings\Edward\Application Data\Acreon
2009-08-10 02:48 . 2009-08-10 02:36 -------- d-----w- c:\program files\Image-Line
2009-08-10 02:47 . 2009-08-10 02:41 -------- d-----w- c:\program files\VstPlugins
2009-08-10 02:38 . 2009-08-10 02:38 -------- d-----w- c:\program files\Outsim
2009-08-10 02:30 . 2009-08-10 02:30 5120 ----a-w- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs
2009-08-09 23:57 . 2009-08-07 07:29 -------- d-----w- c:\program files\PeerGuardian2
2009-08-07 18:14 . 2009-05-20 19:46 -------- d-----w- c:\documents and settings\Edward\Application Data\Hamachi
2009-08-07 16:49 . 2009-08-07 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\program files\COMODO
2009-08-07 09:00 . 2007-05-25 03:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-07 08:33 . 2008-06-08 02:32 -------- d-----w- c:\program files\ESET
2009-08-07 08:11 . 2009-08-07 08:11 -------- d-----w- c:\documents and settings\Edward\Application Data\ESET
2009-08-07 08:09 . 2008-06-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-07 07:51 . 2009-08-07 07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 16:45 . 2006-05-16 02:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-05 15:47 . 2006-05-16 04:25 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:09 . 2008-07-06 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-08-04 03:46 . 2009-08-04 03:43 34 ----a-w- c:\documents and settings\Edward\jagex_runescape_preferences.dat
2009-08-04 03:11 . 2009-01-11 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-08-04 02:53 . 2009-08-04 02:52 -------- d-----w- c:\documents and settings\Edward\Application Data\Tenderfoot Games
2009-08-03 17:36 . 2009-08-07 07:50 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-08-07 07:50 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 19:51 . 2006-08-08 21:54 -------- d-----w- c:\program files\EA GAMES
2009-08-02 16:32 . 2009-08-02 16:32 -------- d-----w- c:\program files\Defraggler
2009-08-02 16:28 . 2007-05-24 17:52 -------- d-----w- c:\program files\CCleaner
2009-08-01 20:14 . 2009-08-01 18:28 763 ----a-w- c:\windows\eReg.dat
2009-08-01 18:18 . 2009-08-01 18:18 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Pro
2009-08-01 15:32 . 2009-08-01 08:25 -------- d-----w- c:\program files\MagicISO
2009-08-01 08:56 . 2009-08-01 08:56 -------- d-----w- c:\program files\Codemasters
2009-08-01 08:22 . 2009-08-01 08:13 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Lite
2009-08-01 08:22 . 2008-06-22 20:36 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-01 08:18 . 2009-02-27 22:18 -------- d-----w- c:\documents and settings\Edward\Application Data\id Software
2009-08-01 08:13 . 2008-06-22 20:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 08:09 . 2009-08-01 08:02 -------- d-----w- c:\documents and settings\Edward\Application Data\Vso
2009-08-01 08:09 . 2009-08-01 08:03 94208 ----a-w- c:\documents and settings\Edward\Application Data\ezplay.sys
2009-08-01 08:08 . 2009-08-01 08:02 47360 ----a-w- c:\documents and settings\Edward\Application Data\pcouffin.sys
2009-08-01 08:03 . 2009-08-01 08:03 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2009-08-01 08:02 . 2009-08-01 08:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-01 04:33 . 2009-08-01 03:33 -------- d-----w- c:\program files\Gpotato
2009-07-31 20:34 . 2009-01-02 04:13 285 ----a-w- c:\windows\EReg072.dat
2009-07-23 20:20 . 2006-08-22 23:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-23 19:44 . 2009-07-23 19:44 2368 ----a-w- c:\windows\system32\SVKP.sys
2009-07-23 18:18 . 2009-07-23 18:18 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-23 18:18 . 2009-07-23 18:18 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-23 18:18 . 2009-07-23 18:18 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:55 . 2009-07-14 18:55 4 --sh--r- C:\WINOS.SYS
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:04 . 2009-07-14 02:04 24540 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-11 01:28 . 2009-02-27 22:15 139152 ----a-w- c:\documents and settings\Edward\Application Data\PnkBstrK.sys
2008-05-27 03:51 . 2008-04-13 22:20 197 -csha-w- c:\program files\Common Files\maxtreme.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 00:38 . 2009-02-08 00:38 56 --sh--r- c:\windows\system32\3D2D32B15E.sys
2009-02-08 00:38 . 2009-02-08 00:38 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-27_21.43.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 20:58 . 2009-09-28 20:58 16384 c:\windows\TEMP\Perflib_Perfdata_708.dat
+ 2009-09-28 20:58 . 2009-09-28 20:58 16384 c:\windows\TEMP\Perflib_Perfdata_6b0.dat
+ 2009-09-28 20:58 . 2009-09-28 20:58 50688 c:\windows\TEMP\~6.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 1799952]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli msldex.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56804:TCP"= 56804:TCP:Pando Media Booster
"56804:UDP"= 56804:UDP:Pando Media Booster
"56126:TCP"= 56126:TCP:Pando Media Booster
"56126:UDP"= 56126:UDP:Pando Media Booster

R3 GR;GR;c:\documents and settings\Edward\Desktop\Bot\Aimbot\GR.sys [x]
R3 NOOB;NOOB;c:\docume~1\Edward\LOCALS~1\Temp\Rar$EX00.922\NOOB ENGINE\NXPDriver.sys [x]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-25 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-08-14 37088]
R3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-19 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-19 25160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-07-23 2368]
S2 usbctl;Microsoft USB Bus Controller;c:\windows\system32\usbctl.exe [2009-09-18 64000]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 16:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,c4,b9,9f,3f,38,78,b9,1b,12,4d,22,65,c4,6f,0c,aa,ce,f5,94,e3,2b,ea,
c0,21,96,7f,44,bc,75,54,b6,4e,76,d8,18,c6,9d,28,5a,37,de,8b,14,00,19,64,27,\
"??"=hex:c5,76,78,e6,2c,d6,d2,a1,d9,73,52,64,12,8a,09,82

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3b,4b,d2,dc,7e,db,f1,5f,d0,c9,2c,36,80,e9,b8,a7,bc,1e,1d,04,94,
6f,1e,67,79,37,09,18,ff,0a,ed,a1,ae,f9,aa,d7,39,21,c4,c6,da,e0,88,69,e5,62,\
"rkeysecu"=hex:ce,d2,dd,a6,01,7d,51,2f,f8,21,09,58,c7,13,5a,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1260)
c:\windows\IME\SPGRMR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-09-28 17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 21:08
ComboFix2.txt 2009-09-27 21:46
ComboFix3.txt 2008-01-13 18:35

Pre-Run: 100,911,153,152 bytes free
Post-Run: 100,791,279,616 bytes free

309 --- E O F --- 2009-09-14 16:04



Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 5.1.2600 Service Pack 2

9/28/2009 5:25:26 PM
mbam-log-2009-09-28 (17-25-26).txt

Scan type: Quick Scan
Objects scanned: 99891
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: msldex.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\msldex.dll (Trojan.Vundo.H) -> Delete on reboot.

Edited by relaxtomato, 29 September 2009 - 11:14 AM.


#12 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 29 September 2009 - 02:39 PM

Hello. Please reboot the machine and run a new scan with malwarebytes. Update it first. Post the log once done. Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#13 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 29 September 2009 - 03:06 PM

I scanned once with Malware and it found the same two things it did last time. I let Malware delete them, rebooted, scanned again and they seem to be gone. Computer seems to be running okay. I wanna know what that is running on startup though, it's still in Autoruns.. Jkezivajiyuh c:\windows\okedifexemexiz.dll Malwarebytes' Anti-Malware 1.41 Database version: 2873 Windows 5.1.2600 Service Pack 2 9/29/2009 4:59:10 PM mbam-log-2009-09-29 (16-59-10).txt Scan type: Quick Scan Objects scanned: 99873 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_09-06-26.01) - NTFSx86 Run by Edward at 17:02:22.53 on Tue 09/29/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [Google Update] "c:\documents and settings\edward\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [nwiz] nwiz.exe /install mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Jkezivajiyuh] rundll32.exe "c:\windows\okedifexemexiz.dll",Startup dRunOnce: [RunNarrator] Narrator.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://fishingchamp.gamescampus.com/luncher/GamesCampus.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176515726406 DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\edward\applic~1\mozilla\firefox\profiles\4zh2edl5.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\edward\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: XULRunner: {355914F4-88B0-47F9-AF83-F7800AFB0892} - c:\documents and settings\edward\local settings\application data\{355914F4-88B0-47F9-AF83-F7800AFB0892} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-09-28 18:08 120 a------- c:\windows\Fhedakohodopuvon.dat 2009-09-28 18:08 0 a------- c:\windows\Bxemojiy.bin 2009-09-28 00:38 1,048,576 a------- C:\BS Super E.D.F. (J).smc 2009-09-28 00:22 <DIR> --d----- c:\program files\Ootake 2009-09-27 17:32 <DIR> a-dshr-- C:\cmdcons 2009-09-27 17:29 229,888 a------- c:\windows\PEV.exe 2009-09-27 17:29 161,792 a------- c:\windows\SWREG.exe 2009-09-27 17:29 98,816 a------- c:\windows\sed.exe 2009-09-27 02:50 <DIR> --d----- c:\program files\The Shivah 2009-09-26 15:38 <DIR> --d----- c:\docume~1\edward\applic~1\Firaxis Games 2009-09-26 00:56 453 a------- c:\windows\fred2_open_3_6_10d.INI 2009-09-25 19:56 <DIR> --d----- c:\docume~1\edward\applic~1\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 2009-09-25 19:54 <DIR> --d----- c:\program files\GOG.com Downloader 2009-09-24 12:55 22,784 a------- c:\windows\system32\drivers\dadder.sys 2009-09-24 12:55 31,104 a------- c:\windows\system32\drivers\CYUSB.sys 2009-09-24 12:55 73,728 a------- c:\windows\system32\DeathAdder.cpl 2009-09-22 12:08 <DIR> --d----- c:\program files\BlackIsle 2009-09-21 12:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-19 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon 2009-09-19 13:28 515,416 a------- c:\windows\system32\XAudio2_5.dll 2009-09-19 13:28 238,936 a------- c:\windows\system32\xactengine3_5.dll 2009-09-19 13:28 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll 2009-09-19 13:28 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll 2009-09-19 13:28 235,344 a------- c:\windows\system32\d3dx11_42.dll 2009-09-19 13:28 453,456 a------- c:\windows\system32\d3dx10_42.dll 2009-09-19 13:28 1,892,184 a------- c:\windows\system32\D3DX9_42.dll 2009-09-18 15:47 64,000 a------- c:\windows\system32\usbctl.exe 2009-09-13 18:52 <DIR> --d----- c:\documents and settings\edward\.lostlaby 2009-09-13 18:49 <DIR> --d----- c:\program files\Castlevania - The Bloodletting V.1.3 BETA 2009-09-09 13:16 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-06 19:57 <DIR> --d----- c:\program files\GOG.com 2009-08-30 17:44 <DIR> --d----- c:\program files\1964 ==================== Find3M ==================== 2009-09-26 00:52 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-09-26 00:52 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-09-22 12:09 52,736 a------- c:\windows\ipuninst.exe 2009-09-19 13:12 179,792 a------- c:\windows\system32\guard32.dll 2009-09-19 13:12 132,296 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll 2009-08-09 22:30 5,120 a------- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs 2009-08-07 05:00 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 23:46 34 a------- c:\documents and settings\edward\jagex_runescape_preferences.dat 2009-08-01 04:13 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-08-01 04:09 94,208 a------- c:\docume~1\edward\applic~1\ezplay.sys 2009-08-01 04:08 47,360 a------- c:\docume~1\edward\applic~1\pcouffin.sys 2009-08-01 04:03 94,208 a------- c:\windows\system32\drivers\ezplay.sys 2009-08-01 04:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-07-23 16:20 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-07-23 15:44 2,368 a------- c:\windows\system32\SVKP.sys 2009-07-23 14:18 21,840 a------- c:\windows\system32\SIntfNT.dll 2009-07-23 14:18 17,212 a------- c:\windows\system32\SIntf32.dll 2009-07-23 14:18 12,067 a------- c:\windows\system32\SIntf16.dll 2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 14:55 4 ---shr-- C:\WINOS.SYS 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 22:04 24,540 a---h--- c:\windows\system32\mlfcache.dat 2009-07-10 21:28 139,152 a------- c:\docume~1\edward\applic~1\PnkBstrK.sys 2008-07-22 15:33 1,568 a------- c:\docume~1\edward\applic~1\mpauth.dat 2008-07-03 23:24 64,269 a------- c:\documents and settings\edward\bncache.dat 2008-05-26 23:51 197 ac-sh--- c:\program files\common files\maxtreme.dat 2007-10-11 23:53 140,202,521 a------- c:\documents and settings\edward\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe 2007-08-17 17:29 32 a----r-- c:\documents and settings\all users\hash.dat 2007-06-16 17:59 29 a------- c:\documents and settings\edward\break.dat 2007-06-16 17:59 0 ac------ c:\documents and settings\edward\Break.bat 2009-02-07 20:38 56 ---shr-- c:\windows\system32\3D2D32B15E.sys 2009-02-07 20:38 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 17:03:10.50 ===============

Attached Files



#14 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 29 September 2009 - 04:10 PM

Hello.

That error you get is indeed a bad file. However, it seems to just appeared recently as it was not there before.

Please run a new run with Combofix.

Delete the Combofix.exe you currently have and re-download it from one of the 2 links below.
Link 1
Link 2

Save it to your desktop.

Run it and then once it's done, post the log. If Combofix doesn't automatically remove it, we will do it manually next post..

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#15 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 29 September 2009 - 04:33 PM

ComboFix 09-09-28.01 - Edward 09/29/2009 18:17.5.1 - NTFSx86
Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-28 22:08 . 2009-09-29 21:25 120 ----a-w- c:\windows\Fhedakohodopuvon.dat
2009-09-28 22:08 . 2009-09-29 15:49 0 ----a-w- c:\windows\Bxemojiy.bin
2009-09-28 22:08 . 2009-09-28 22:08 -------- d-----w- c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}
2009-09-28 04:22 . 2009-09-29 21:25 -------- d-----w- c:\program files\Ootake
2009-09-27 06:50 . 2009-09-27 16:35 -------- d-----w- c:\program files\The Shivah
2009-09-26 19:38 . 2009-09-26 19:38 -------- d-----w- c:\documents and settings\Edward\Application Data\Firaxis Games
2009-09-25 23:56 . 2009-09-25 23:56 -------- d-----w- c:\documents and settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-09-25 23:54 . 2009-09-25 23:54 -------- d-----w- c:\program files\GOG.com Downloader
2009-09-25 23:53 . 2009-09-25 23:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 16:56 . 2009-09-24 16:56 -------- d-----w- c:\program files\DIFX
2009-09-24 16:55 . 2007-08-02 21:32 22784 ----a-w- c:\windows\system32\drivers\dadder.sys
2009-09-24 16:55 . 2005-03-03 23:47 31104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2009-09-22 16:08 . 2009-09-22 16:08 -------- d-----w- c:\program files\BlackIsle
2009-09-21 16:12 . 2009-09-21 16:12 -------- d-----w- c:\program files\Trend Micro
2009-09-20 20:42 . 2009-09-24 15:39 -------- d-----w- c:\program files\ERUNT
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2009-09-19 17:28 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-19 17:28 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-19 17:28 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-18 19:47 . 2009-09-18 22:33 64000 ----a-w- c:\windows\system32\usbctl.exe
2009-09-13 22:52 . 2009-09-13 23:01 -------- d-----w- c:\documents and settings\Edward\.lostlaby
2009-09-13 22:49 . 2009-09-15 19:41 -------- d-----w- c:\program files\Castlevania - The Bloodletting V.1.3 BETA
2009-09-09 17:16 . 2009-09-09 17:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-06 23:57 . 2009-09-27 19:14 -------- d-----w- c:\program files\GOG.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:28 . 2008-06-08 02:49 -------- d-----w- c:\documents and settings\Edward\Application Data\.purple
2009-09-28 21:13 . 2009-08-07 07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 17:20 . 2007-04-14 22:25 -------- d-----w- c:\program files\World of Warcraft
2009-09-27 17:17 . 2009-07-21 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-09-26 21:34 . 2007-04-27 03:36 -------- d-----w- c:\documents and settings\Edward\Application Data\uTorrent
2009-09-26 19:38 . 2006-08-12 00:47 -------- d-----w- c:\documents and settings\Edward\Application Data\InstallShield Installation Information
2009-09-26 04:52 . 2008-06-12 23:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-26 04:52 . 2008-06-12 23:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-25 21:32 . 2007-04-19 17:54 -------- d-----w- c:\program files\Steam
2009-09-24 16:55 . 2007-09-26 21:57 -------- d-----w- c:\program files\Razer
2009-09-24 16:55 . 2006-05-16 02:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 18:07 . 2006-05-17 00:49 -------- d-----w- c:\program files\mIRC
2009-09-22 16:22 . 2007-04-06 17:06 -------- d-----w- c:\program files\Turbine
2009-09-22 16:19 . 2008-10-08 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-22 16:09 . 2008-06-26 22:21 52736 ----a-w- c:\windows\ipuninst.exe
2009-09-20 17:09 . 2007-05-24 17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 17:07 . 2007-05-24 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 17:12 . 2009-08-07 16:40 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 17:12 . 2009-08-07 16:40 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-19 17:12 . 2009-08-07 16:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 17:12 . 2009-08-07 16:40 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 06:27 . 2006-05-16 02:15 28024 ----a-w- c:\documents and settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 06:24 . 2008-06-08 02:51 -------- d-----w- c:\documents and settings\Edward\Application Data\gtk-2.0
2009-09-15 19:48 . 2007-12-26 21:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-08-07 07:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-07 07:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 17:16 . 2006-08-04 20:07 -------- d-----w- c:\program files\DivX
2009-09-04 21:44 . 2009-07-05 19:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:16 . 2009-01-19 16:53 -------- d-----w- c:\program files\Project64 1.6
2009-09-03 00:38 . 2006-05-18 02:06 -------- d-----w- c:\documents and settings\Edward\Application Data\Ventrilo
2009-08-31 18:08 . 2008-02-02 07:56 -------- d-----w- c:\program files\Electronic Arts
2009-08-30 21:44 . 2009-08-30 21:44 -------- d-----w- c:\program files\1964
2009-08-25 18:08 . 2006-05-27 17:46 -------- d-----w- c:\program files\Soulseek
2009-08-22 15:34 . 2009-08-22 15:34 -------- d-----w- c:\program files\Shiny
2009-08-21 21:07 . 2009-08-21 18:29 -------- d-----w- c:\documents and settings\Edward\Application Data\RayV
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\program files\Osmos
2009-08-19 22:02 . 2009-08-19 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 21:52 . 2008-01-25 05:44 -------- d-----w- c:\documents and settings\Edward\Application Data\OpenOffice.org2
2009-08-12 15:56 . 2009-08-12 15:56 -------- d-----w- c:\documents and settings\Edward\Application Data\Acreon
2009-08-10 02:48 . 2009-08-10 02:36 -------- d-----w- c:\program files\Image-Line
2009-08-10 02:47 . 2009-08-10 02:41 -------- d-----w- c:\program files\VstPlugins
2009-08-10 02:38 . 2009-08-10 02:38 -------- d-----w- c:\program files\Outsim
2009-08-10 02:30 . 2009-08-10 02:30 5120 ----a-w- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs
2009-08-09 23:57 . 2009-08-07 07:29 -------- d-----w- c:\program files\PeerGuardian2
2009-08-07 18:14 . 2009-05-20 19:46 -------- d-----w- c:\documents and settings\Edward\Application Data\Hamachi
2009-08-07 16:49 . 2009-08-07 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\program files\COMODO
2009-08-07 09:00 . 2007-05-25 03:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-07 08:33 . 2008-06-08 02:32 -------- d-----w- c:\program files\ESET
2009-08-07 08:11 . 2009-08-07 08:11 -------- d-----w- c:\documents and settings\Edward\Application Data\ESET
2009-08-07 08:09 . 2008-06-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 16:45 . 2006-05-16 02:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-05 15:47 . 2006-05-16 04:25 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:09 . 2008-07-06 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-08-04 03:46 . 2009-08-04 03:43 34 ----a-w- c:\documents and settings\Edward\jagex_runescape_preferences.dat
2009-08-04 03:11 . 2009-01-11 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-08-04 02:53 . 2009-08-04 02:52 -------- d-----w- c:\documents and settings\Edward\Application Data\Tenderfoot Games
2009-08-02 19:51 . 2006-08-08 21:54 -------- d-----w- c:\program files\EA GAMES
2009-08-02 16:32 . 2009-08-02 16:32 -------- d-----w- c:\program files\Defraggler
2009-08-02 16:28 . 2007-05-24 17:52 -------- d-----w- c:\program files\CCleaner
2009-08-01 20:14 . 2009-08-01 18:28 763 ----a-w- c:\windows\eReg.dat
2009-08-01 18:18 . 2009-08-01 18:18 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Pro
2009-08-01 15:32 . 2009-08-01 08:25 -------- d-----w- c:\program files\MagicISO
2009-08-01 08:56 . 2009-08-01 08:56 -------- d-----w- c:\program files\Codemasters
2009-08-01 08:22 . 2009-08-01 08:13 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Lite
2009-08-01 08:22 . 2008-06-22 20:36 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-01 08:20 . 2009-08-01 08:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-01 08:18 . 2009-02-27 22:18 -------- d-----w- c:\documents and settings\Edward\Application Data\id Software
2009-08-01 08:13 . 2008-06-22 20:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 08:09 . 2009-08-01 08:02 -------- d-----w- c:\documents and settings\Edward\Application Data\Vso
2009-08-01 08:09 . 2009-08-01 08:03 94208 ----a-w- c:\documents and settings\Edward\Application Data\ezplay.sys
2009-08-01 08:08 . 2009-08-01 08:02 47360 ----a-w- c:\documents and settings\Edward\Application Data\pcouffin.sys
2009-08-01 08:03 . 2009-08-01 08:03 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2009-08-01 08:02 . 2009-08-01 08:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-01 04:33 . 2009-08-01 03:33 -------- d-----w- c:\program files\Gpotato
2009-07-31 20:34 . 2009-01-02 04:13 285 ----a-w- c:\windows\EReg072.dat
2009-07-23 20:20 . 2006-08-22 23:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-23 19:44 . 2009-07-23 19:44 2368 ----a-w- c:\windows\system32\SVKP.sys
2009-07-23 18:18 . 2009-07-23 18:18 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-23 18:18 . 2009-07-23 18:18 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-23 18:18 . 2009-07-23 18:18 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:55 . 2009-07-14 18:55 4 --sh--r- C:\WINOS.SYS
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:04 . 2009-07-14 02:04 24540 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-11 01:28 . 2009-02-27 22:15 139152 ----a-w- c:\documents and settings\Edward\Application Data\PnkBstrK.sys
2008-05-27 03:51 . 2008-04-13 22:20 197 -csha-w- c:\program files\Common Files\maxtreme.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 00:38 . 2009-02-08 00:38 56 --sh--r- c:\windows\system32\3D2D32B15E.sys
2009-02-08 00:38 . 2009-02-08 00:38 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-27_21.43.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-29 20:53 . 2009-09-29 20:53 16384 c:\windows\TEMP\Perflib_Perfdata_79c.dat
+ 2004-08-04 12:00 . 2007-03-08 15:36 163840 c:\windows\okedifexemexiz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 1799952]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Jkezivajiyuh"="c:\windows\okedifexemexiz.dll" [2007-03-08 163840]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56804:TCP"= 56804:TCP:Pando Media Booster
"56804:UDP"= 56804:UDP:Pando Media Booster
"56126:TCP"= 56126:TCP:Pando Media Booster
"56126:UDP"= 56126:UDP:Pando Media Booster

R3 GR;GR;c:\documents and settings\Edward\Desktop\Bot\Aimbot\GR.sys [x]
R3 NOOB;NOOB;c:\docume~1\Edward\LOCALS~1\Temp\Rar$EX00.922\NOOB ENGINE\NXPDriver.sys [x]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-25 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-08-14 37088]
R3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
R3 XDva219;XDva219;c:\windows\system32\XDva219.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-19 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-19 25160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-07-23 2368]
S2 usbctl;Microsoft USB Bus Controller;c:\windows\system32\usbctl.exe [2009-09-18 64000]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: XULRunner: {355914F4-88B0-47F9-AF83-F7800AFB0892} - c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 18:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,c4,b9,9f,3f,38,78,b9,1b,12,4d,22,65,c4,6f,0c,aa,ce,f5,94,e3,2b,ea,
c0,21,96,7f,44,bc,75,54,b6,4e,76,d8,18,c6,9d,28,5a,37,de,8b,14,00,19,64,27,\
"??"=hex:c5,76,78,e6,2c,d6,d2,a1,d9,73,52,64,12,8a,09,82

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3b,4b,d2,dc,7e,db,f1,5f,d0,c9,2c,36,80,e9,b8,a7,bc,1e,1d,04,94,
6f,1e,67,79,37,09,18,ff,0a,ed,a1,ae,f9,aa,d7,39,21,c4,c6,da,e0,88,69,e5,62,\
"rkeysecu"=hex:ce,d2,dd,a6,01,7d,51,2f,f8,21,09,58,c7,13,5a,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(216)
c:\windows\IME\SPGRMR.DLL
.
Completion time: 2009-09-29 18:32
ComboFix-quarantined-files.txt 2009-09-29 22:31
ComboFix2.txt 2009-09-28 21:10
ComboFix3.txt 2009-09-27 21:46
ComboFix4.txt 2008-01-13 18:35

Pre-Run: 100,657,635,328 bytes free
Post-Run: 100,619,182,080 bytes free

291 --- E O F --- 2009-09-14 16:04

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users