Jump to content

POD1167

Members
  • Content Count

    164
  • Joined

  • Last visited

About POD1167

  • Rank
    Member
  • Birthday November 12

Profile Information

  • Gender
    Female

Previous Fields

  • System Specifications:
    old out of the ark thing that i'm sure runs via a couple of hamsters on exercise wheels
  • Teams:
    Nothing Selected
  1. Cheers, been loads of help. AV fully updated, run, found 8 detections 2 warnings...something in the java folder. Its online and running but keeps dropping connection and have to repair the network adaptor, its been on for about 20 minutes now so maybe finally sorted! If it starts again i'll try reconnecting the hard drive. Thanks for all your help...I won't bug you all with the vista one just yet, having the rest of the day without having to touch another laptop...hate laptops, know NOTHING about vista, had to google how to get msconfig up...this will be fun and I pity the person that winds up helping me! Thanks Again, I love you guys and gals!!!
  2. the topic quoted is this one...an acer one. the virused laptop is a hp...and I will deal with that one once the acer is sorted
  3. Tried safe mode, safe mode with networking...I got it up and running, wireless light was on, web pages were loading and updated spybot and mbam, it wouldn't update my avira av...then it froze. Gave up at 4am and went to bed...this morning, there is no sign of a wireless network again, spybot and mbam find nothing new, running them again in safe mode. Is it possible that a loose connection on something is causing this...it is the kids machine and has taken a tumble off a couple of laps before now. I got another one that is working but virused to clean up yet and if you think I seem like a thicko working on this just wait til i'm working on the vista machine...give me a PC on xp any day!
  4. Just restarted it, its now connected with excellent strength signal but its frozen...apparently this happened the only other time we've managed to get it to connect...ok, off to run some scans and worry about connection after. MBAM scan run, found a couple of things, deleted them. Unfortunately the database is old, how would i download updates and transfer them? Now.... network is found, its connected, signal strength is quoted as excellent but no web pages load (this web page is not available, might be temporarily down or moved to a new web address blah blah) This is for all sites, google, ebay, pcpitstop. The wireless light is also still not on. Any thoughts? Cheers for your input so far Pod
  5. Just tried, still the same. I'm getting "no wireless networks within range" I'm a few feet away from the modem, its working for the other wireless devices so is it still possible that its my modem at fault?
  6. done that, still saying cannot connect to the internet. When I press the wireless button i'm getting the tower and signal sign in a crossed through red circle but the playstation, xbox and other laptop are not having a problem with the wireless connection
  7. Cheers for the reply it says acer aspire one model number (chinese/japanese figures) ZA3 there is a white sticker on there that says AO751h-52bk....if these arent correct where will i find the correct info? (sorry, said my brain was mush) I've downloaded the Wireless LAN Driver Atheros for HB63orHB95 driver but it will not let me uninstall the old driver...just restarting the machine to see if it makes a difference. On restarting the computer it found our (and 3 neighbours) modems but as soon as I tried to connect it said it was out of range (all of 6ft away) Restarted again, uninstalled the drivers but it wont let me install the new ones. Restated again, found and failed to connect to our wireless so tried to update the driver and it says, failed.. that the one currently installed is better than the one i'm trying to install. The wireless light has not lit up at all during any of this........argh! Thanks again POD
  8. Hi all I'm pulling my hair out here...one laptop with virus (will post seperately) and one that just wont connect either wired or wirelessly and i'm just about to throw the things through the darned window. I have an acer aspire one (za3) loaded with xpsp2 It was working fine until the charger died on us...got a new charger and now it just wont connect to the net. The wireless light is not coming on and when wired it just says "local area connection network cable is unplugged" It has an atheros ar5b95 wireless network adapter, not sure what to try, i've been working on the virused laptop for a couple of days and my brain feels like its exploding on computer terminology and has turned to absolute mush! The wireless must be working as the virused machine isnt having a problem connecting and have tried the same wire as using on the pc with the laptop so I don't think its the cables or modem Any help/suggestions appreciated Pod
  9. Sorry for the delay in replying guys and gals. Right about the time I was posting some B*[email protected]%ds were in my back garden robbing my sons bikes, or rather what they could silently strip off the bikes as they were well secured and this problem kind of went out my head. It was a school laptop and although my responsibility the IT guys there said they'd sort it, so its been taken back for them to deal with. Thanks for the replies and once again sorry for the delay Pod
  10. My son was browsing bike pics (hes just got himself a bmx!) when up popped a box telling him he was infected and to click here to clean...silly sod did just that and now his laptop is pretty much unusable When ever I try to open anything I get this pop up in the toolbar "application cannot be executed the file XXXX is infected please activate your anti virus software" The pop ups are all from "system tool" which wants you to buy there av. Can fire up firefox without this message but not chrome or IE. Have tried downloading the utility to run a trend micro scan but "system tool" pops up "application cannot be executed the file XXXX is infected please activate your anti virus software" Can anyone tell me what to try next please. His laptop is a HP2133 with vista business installed. I know NOTHING about vista so any help will have to be in very simple terms as i'm used to XP Cheers Pod
  11. Pc seems to be running sweet. Spybot - Search & Destroy ....already use MalwareBytes Anti-malware...already use superantispyware..................already use SpywareBlaster........already use ATF Cleaner.............already use CCleaner.................already use I will be looking into some of the others you mentioned especially the 2 firefox addons, there were so many I hadn't a clue what to choose from so cheers for that. Thanks for all your help...hope not to have reason to come again but I think I've said that twice to Juliet now. Polly
  12. Here are the logs as requested ComboFix 09-05-07.06 - POLSKI 08/05/2009 10:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.262 [GMT 1:00] Running from: c:\documents and settings\POLSKI\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\POLSKI\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FILE :: c:\windows\system32\jdvoabfa.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BBXZASZ -------\Legacy_KFTTVFK -------\Service_bbxzasz -------\Service_kfttvfk ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))))) . 2009-05-07 07:50 . 2009-05-07 07:50 -------- dc----w C:\USBNoRisk 2009-05-06 18:22 . 2009-05-06 18:20 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys 2009-05-04 19:42 . 2009-05-07 19:53 -------- dc----w c:\documents and settings\POLSKI\Tracing 2009-05-04 19:41 . 2009-05-04 19:41 -------- dc----w c:\program files\Microsoft 2009-05-04 19:40 . 2009-05-04 19:40 -------- dc----w c:\program files\Windows Live SkyDrive 2009-05-04 19:40 . 2009-05-04 19:40 -------- dc----w c:\program files\Windows Live 2009-05-04 19:25 . 2009-05-04 19:25 -------- dc----w c:\program files\Common Files\Windows Live 2009-04-29 10:37 . 2009-04-29 14:07 -------- dc----w c:\documents and settings\POLSKI\Application Data\Winamp 2009-04-29 08:24 . 2008-08-20 17:58 129520 -c----w c:\windows\system32\pxafs.dll 2009-04-29 08:24 . 2009-04-29 10:39 -------- dc----w c:\program files\Winamp 2009-04-26 05:33 . 2009-04-26 05:33 -------- dc----w c:\windows\system32\drivers\umdf 2009-04-26 05:32 . 2009-04-26 05:32 -------- dc----w C:\ca93a1612cb9dcbc7bbe57 2009-04-26 03:47 . 2009-01-28 19:49 974848 -c--a-w c:\windows\system32\mfc70.dll 2009-04-26 03:47 . 2009-01-28 19:49 1700352 -c--a-w c:\windows\system32\GdiPlus.dll 2009-04-26 03:47 . 2009-01-28 19:49 24576 -c--a-w c:\windows\system32\msxml3a.dll 2009-04-12 01:14 . 2009-04-14 03:41 -------- dc----w c:\documents and settings\All Users\Application Data\Soulseek . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 09:49 . 2005-12-26 03:54 -------- dc----w c:\program files\Common Files\Adobe 2009-05-07 23:56 . 2009-01-16 08:03 -------- dc----w c:\program files\RegCleaner 2009-05-07 23:26 . 2008-04-04 19:47 -------- dc----w c:\program files\Java 2009-05-05 18:34 . 2009-01-07 10:37 -------- dc----w c:\program files\Malwarebytes' Anti-Malware 2009-05-05 18:14 . 2008-10-29 23:33 -------- dc----w c:\program files\SpywareBlaster 2009-04-29 10:27 . 2005-12-26 03:54 -------- dc-h--w c:\program files\InstallShield Installation Information 2009-04-22 06:18 . 2008-10-07 22:34 -------- dc----w c:\program files\Spybot - Search & Destroy 2009-04-06 14:32 . 2009-02-20 15:15 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 14:32 . 2009-02-20 15:15 15504 -c--a-w c:\windows\system32\drivers\mbam.sys 2009-03-09 04:19 . 2009-01-08 07:18 410984 -c--a-w c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((( [email protected]_21.20.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-08 10:01 . 2009-05-08 10:01 16384 c:\windows\temp\Perflib_Perfdata_18c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2005-09-21 290816] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "gusvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Aim6"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\O2\\bin\\wificfg.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [31/10/2008 08:44 22272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 12:06 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 55024] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [04/03/2008 20:50 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [04/03/2008 20:50 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [04/03/2008 20:50 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [04/03/2008 20:50 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [04/03/2008 20:50 98568] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 7408] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [07/01/2009 10:57 77312] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [13/06/2008 23:56 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b74-c315-11dd-8d64-0011f5186fe6}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b75-c315-11dd-8d64-0011f5186fe6}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-16 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-16 15:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.co.uk IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: o2.co.uk\*.broadband DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\POLSKI\Application Data\Mozilla\Firefox\Profiles\97gsdeod.Default User\ FF - prefs.js: browser.startup.homepage - http:/google.co.uk FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 11:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3588) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee.com\PERSON~1\MpfService.exe c:\windows\system32\nvsvc32.exe c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe c:\windows\system32\TBLMOUSE.EXE c:\windows\system32\devldr32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-05-08 11:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-08 10:05 ComboFix2.txt 2009-05-07 21:22 Pre-Run: 73,196,748,800 bytes free Post-Run: 73,263,022,080 bytes free 158 --- E O F --- 2008-10-27 22:17 ;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-05-08 15:29:47 PROTECTIONS: 1 MALWARE: 3 SUSPECTS: 11 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== Avira AntiVir PersonalEdition 8.0.1.30 Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\POLSKI\Cookies\[email protected][2].txt 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052466.EXE 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052456.sys ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== No C:\Documents and Settings\POLSKI\Desktop\ComboFix.exe[32788R22FWJFW\n.com] No C:\Documents and Settings\POLSKI\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP65\A0052188.com No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP65\A0052190.com No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052411.com No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052413.com No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052435.exe No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052508.com No C:\System Volume Information\_restore{0E8730A5-D0ED-46A4-909B-8A69BBF72646}\RP66\A0052510.com No C:\WINDOWS\NIRCMD.exe No E:\WINDOWS\Downloaded Program Files\xclean_micro.exe ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 184380 MEDIUM MS08-002 184379 MEDIUM MS08-001 182048 HIGH MS07-069 182046 HIGH MS07-067 182043 HIGH MS07-064 179553 HIGH MS07-061 176382 HIGH MS07-057 176383 HIGH MS07-058 170911 HIGH MS07-050 170907 HIGH MS07-046 170906 HIGH MS07-045 170904 HIGH MS07-043 164915 HIGH MS07-035 164913 HIGH MS07-033 164911 HIGH MS07-031 160623 HIGH MS07-027 157262 HIGH MS07-022 157261 HIGH MS07-021 157260 HIGH MS07-020 157259 HIGH MS07-019 156477 HIGH MS07-017 150253 HIGH MS07-016 150249 HIGH MS07-013 150248 HIGH MS07-012 150247 HIGH MS07-011 150243 HIGH MS07-008 150242 HIGH MS07-007 150241 MEDIUM MS07-006 141034 HIGH MS06-076 141033 MEDIUM MS06-075 141030 HIGH MS06-072 137571 HIGH MS06-070 137568 HIGH MS06-067 133387 MEDIUM MS06-065 133386 MEDIUM MS06-064 133385 MEDIUM MS06-063 133379 HIGH MS06-057 131654 HIGH MS06-055 129977 MEDIUM MS06-053 129976 MEDIUM MS06-052 126093 HIGH MS06-051 126092 MEDIUM MS06-050 126087 HIGH MS06-046 126086 MEDIUM MS06-045 126083 HIGH MS06-042 126082 HIGH MS06-041 123421 HIGH MS06-036 123420 HIGH MS06-035 120825 MEDIUM MS06-032 120823 MEDIUM MS06-030 120818 HIGH MS06-025 120815 HIGH MS06-022 120814 HIGH MS06-021 117384 MEDIUM MS06-018 114666 HIGH MS06-015 114664 HIGH MS06-013 108744 MEDIUM MS06-008 108743 MEDIUM MS06-007 108742 MEDIUM MS06-006 104567 HIGH MS06-002 104237 HIGH MS06-001 96574 HIGH MS05-053 93395 HIGH MS05-051 93394 HIGH MS05-050 93454 MEDIUM MS05-049 ;=================================================================================================================================================================================== The mouse seems ok now but Internet explorer still not holding login, saying that cookies are blocked. Theyre not. I have set restrictions to lowest and tried, tried default levels. I have now set them back to my usual level. If its not viral I can live with it as I rarely use IE Cheers Polly EDITED TO ADD Sorted login on IE, I went into IE Per Site Privacy Actions and for some reason all my usual sites had been put on "always block" Question is...How did that happen? And have my password safety been compromised?
  13. Hi, Just to quickly answer some points you made. I use soulseek to exchange family videos and photographs between England, Ireland and Australia...its the only thing i've found that I can use to send such large files. Its uninstalled (but not deleted) between uses to stop my teens downloading music. Apart from not wanting legal problems I also don't want my hard drive clogged up with their lovely choice in tunes! I have Avira antivirus, Mcafee is my firewall...does it show as Antivirus? It is only supposed to be a firewall and I've never had any updates for it so I thought it was only a firewall. As for regcleaner I used to use it a few years ago and yes I had problems after too vigorously cleaning but only use it now to see what new items have been added to the pc...its amazing what i've caught the kids out on with it. If I find a new program courtesy of one of them I tend to remove it manually rather than use regcleaner. Its the only way I know of actually being able to see on a regular basis if anything new has appeared. Also the problem with login being kept on firefox has been resolved, Mozilla recommended manually deleting the cookies.sqlite file as it had probably gone corrupt. This has sorted firefox but I'm still getting "cookies not accepted" messages if I use internet explorer. AND my mouse is still having lots of mini freezes...roughly every 30 seconds and its occasionally jumping to other tabs on the toolbar Right, off to carry out your instructions Cheers Polly
  14. Hi there , the logs as requested...... ComboFix 09-05-07.06 - POLSKI 07/05/2009 22:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.295 [GMT 1:00] Running from: c:\documents and settings\POLSKI\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://sync.broadband.o2.co.uk:8080 . ((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 ))))))))))))))))))))))))))))))) . 2009-05-07 07:50 . 2009-05-07 07:50 -------- dc----w C:\USBNoRisk 2009-05-06 18:22 . 2009-05-06 18:20 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys 2009-05-04 19:42 . 2009-05-07 19:53 -------- dc----w c:\documents and settings\POLSKI\Tracing 2009-05-04 19:41 . 2009-05-04 19:41 -------- dc----w c:\program files\Microsoft 2009-05-04 19:40 . 2009-05-04 19:40 -------- dc----w c:\program files\Windows Live SkyDrive 2009-05-04 19:40 . 2009-05-04 19:40 -------- dc----w c:\program files\Windows Live 2009-05-04 19:25 . 2009-05-04 19:25 -------- dc----w c:\program files\Common Files\Windows Live 2009-04-29 10:37 . 2009-04-29 14:07 -------- dc----w c:\documents and settings\POLSKI\Application Data\Winamp 2009-04-29 08:24 . 2008-08-20 17:58 129520 -c----w c:\windows\system32\pxafs.dll 2009-04-29 08:24 . 2009-04-29 10:39 -------- dc----w c:\program files\Winamp 2009-04-26 05:33 . 2009-04-26 05:33 -------- dc----w c:\windows\system32\drivers\umdf 2009-04-26 05:32 . 2009-04-26 05:32 -------- dc----w C:\ca93a1612cb9dcbc7bbe57 2009-04-26 03:47 . 2009-01-28 19:49 974848 -c--a-w c:\windows\system32\mfc70.dll 2009-04-26 03:47 . 2009-01-28 19:49 1700352 -c--a-w c:\windows\system32\GdiPlus.dll 2009-04-26 03:47 . 2009-01-28 19:49 24576 -c--a-w c:\windows\system32\msxml3a.dll 2009-04-12 01:14 . 2009-04-14 03:41 -------- dc----w c:\documents and settings\All Users\Application Data\Soulseek . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-05 23:21 . 2008-04-04 19:47 -------- dc----w c:\program files\Java 2009-05-05 18:34 . 2009-01-07 10:37 -------- dc----w c:\program files\Malwarebytes' Anti-Malware 2009-05-05 18:14 . 2008-10-29 23:33 -------- dc----w c:\program files\SpywareBlaster 2009-04-29 10:27 . 2005-12-26 03:54 -------- dc-h--w c:\program files\InstallShield Installation Information 2009-04-22 06:18 . 2008-10-07 22:34 -------- dc----w c:\program files\Spybot - Search & Destroy 2009-04-06 14:32 . 2009-02-20 15:15 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 14:32 . 2009-02-20 15:15 15504 -c--a-w c:\windows\system32\drivers\mbam.sys 2009-03-09 04:19 . 2009-01-08 07:18 410984 -c--a-w c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 1048576] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2005-09-21 290816] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "gusvc"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Aim6"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\O2\\bin\\wificfg.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2908:TCP"= 2908:TCP:boivf R1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [31/10/2008 08:44 22272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 12:06 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 55024] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280] S2 bbxzasz;Image Network;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 08:56 14336] S2 kfttvfk;Network Monitor;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 08:56 14336] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [04/03/2008 20:50 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [04/03/2008 20:50 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [04/03/2008 20:50 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [04/03/2008 20:50 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [04/03/2008 20:50 98568] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 7408] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [07/01/2009 10:57 77312] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [13/06/2008 23:56 24652] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs bbxzasz kfttvfk [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b74-c315-11dd-8d64-0011f5186fe6}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b75-c315-11dd-8d64-0011f5186fe6}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-16 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-16 15:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.co.uk IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: o2.co.uk\*.broadband DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\POLSKI\Application Data\Mozilla\Firefox\Profiles\97gsdeod.Default User\ FF - prefs.js: browser.startup.homepage - http:/google.co.uk FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-07 22:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbxzasz] "ServiceDll"="c:\windows\system32\jdvoabfa.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kfttvfk] "ServiceDll"="c:\windows\system32\jdvoabfa.dll" . Completion time: 2009-05-07 22:22 ComboFix-quarantined-files.txt 2009-05-07 21:22 Pre-Run: 73,210,105,856 bytes free Post-Run: 73,237,721,088 bytes free 139 --- E O F --- 2008-10-27 22:17 KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, May 8, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, May 07, 2009 22:07:56 Records in database: 2142072 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Files scanned 78626 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 01:37:50 No malware has been detected. The scan area is clean. The selected area was scanned. There is no change in the machine...still not holding my log in, despite "keep me signed in" being ticked, pc hung on restart (thats a new one) The mouse has stopped responding a couple of times today too. Its not the mouse, tried another one. It starts with jerky movements and then just stops responding altogether. Cheers for your time so far EDITED TO ADD I've just looked at RegCleaner and the following are showing as new since yesterday RegCleaner 4.3 by Jouni Vuorio Author : Windows Software : CurrentVersion Age : New If you choose to remove this item these keys would be removed HKEY_LOCAL_MACHINE\Software\swearware HKEY_CURRENT_USER\Software\Wget HKEY_CURRENT_USER\Software\YahooPartnerToolbar HKEY_LOCAL_MACHINE\Software\Windows\CurrentVersion\Explorer HKEY_LOCAL_MACHINE\Software\Windows\CurrentVersion I have no idea what or where these have come from also somewhere between using combofix and running kaspersky an internet explorer icon appeared on my desktop entitled "idk" I was the only one home and I ceratainly didn't make it.
  15. Hi there, thanks for your time The logs you requested............ info.txt logfile of random's system information tool 1.06 2009-05-07 16:50:36 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AIM 6-->C:\Program Files\AIM6\uninst.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe CM 03-04-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F71C0208-1D32-439D-9257-F90F0BAACE6A} Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe" EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe Fish Tycoon (remove only)-->"E:\Program Files\Fish Tycoon\Uninstall.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Infinite Sudoku-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC1F037B-C892-4A79-99E6-16A9A06AD709}\setup.exe" -l0x9 IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee Personal Firewall Plus-->C:\PROGRA~1\McAfee.com\PERSON~1\UNWISE.EXE /U C:\PROGRA~1\McAfee.com\PERSON~1\INSTALL.LOG Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI O2 Broadband Assistant-->MsiExec.exe /X{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42} PC Pitstop Driver Alert 1.0-->"C:\Program Files\PCPitstop\Driver Alert\unins000.exe" PC Pitstop Exterminate2 2.0-->"C:\Program Files\PCPitstop\Exterminate2\unins000.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SoundGraffiti 1.0-->"C:\Program Files\Winamp\Plugins\Plugins\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Tux Paint 0.9.20b-->"C:\Program Files\TuxPaint\unins000.exe" Tux Paint Stamps 2008.06.30-->"C:\Program Files\TuxPaint\unins001.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" VersionTracker Pro Windows-->MsiExec.exe /X{C1EDC38F-2760-4A4E-9CED-95B53024134C} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe =====HijackThis Backups===== O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) [2009-01-16] O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22] O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) [2009-02-20] O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab [2009-03-16] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab [2009-03-16] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-05-05] O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-05-05] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: WIGBANKER Event Code: 18 Message: TIMEOUT<avwsc.exe> C:\...onkey Kong (E) (M5).rar Record Number: 2626 Source Name: avgntflt Time Written: 20090408030124.000000+060 Event Type: warning User: Computer Name: WIGBANKER Event Code: 2504 Message: The server could not bind to the transport \Device\NetBT_Tcpip_{7852317A-09EB-496B-B3D2-F8C295A1EFC8}. Record Number: 2623 Source Name: Server Time Written: 20090407225740.000000+060 Event Type: warning User: Computer Name: WIGBANKER Event Code: 1007 Message: Your computer has automatically configured the IP address for the Network Card with network address 0013D4CD2CC5. The IP address being used is 169.254.154.201. Record Number: 2622 Source Name: Dhcp Time Written: 20090407225734.000000+060 Event Type: warning User: Computer Name: WIGBANKER Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013D4CD2CC5. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 2620 Source Name: Dhcp Time Written: 20090407225731.000000+060 Event Type: warning User: Computer Name: WIGBANKER Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013D4CD2CC5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 2619 Source Name: Dhcp Time Written: 20090407225659.000000+060 Event Type: warning User: =====Application event log===== Computer Name: WIGBANKER Event Code: 1517 Message: Windows saved user WIGBANKER\POLSKI registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 15 Source Name: Userenv Time Written: 20081230125646.000000+000 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: WIGBANKER Event Code: 1517 Message: Windows saved user WIGBANKER\POLSKI registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 8 Source Name: Userenv Time Written: 20081229222455.000000+000 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: WIGBANKER Event Code: 1517 Message: Windows saved user WIGBANKER\POLSKI registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 5 Source Name: Userenv Time Written: 20081229163703.000000+000 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: WIGBANKER Event Code: 1000 Message: Record Number: 4 Source Name: Windows Live Messenger Time Written: 20081229162800.000000+000 Event Type: error User: Computer Name: WIGBANKER Event Code: 1000 Message: Record Number: 3 Source Name: Windows Live Messenger Time Written: 20081229162752.000000+000 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\AOL 9.0;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Samsung\Samsung PC Studio 3 "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by POLSKI at 2009-05-07 16:50:25 Microsoft Windows XP Professional Service Pack 2 System drive C: has 70 GB (89%) free of 78 GB Total RAM: 511 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:35, on 07/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\TBLMOUSE.EXE C:\WINDOWS\system32\devldr32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\POLSKI\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\POLSKI.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: http://*.broadband.o2.co.uk O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 4311 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2003-08-18 1048576] "atwtusb"=atwtusb.exe beta [] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [2008-06-06 50528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE [2005-05-17 99840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2] C:\Program Files\O2\bin\sprtcmd.exe [2008-03-28 198184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-23 1830128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk] C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-03-05 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 "Viewpoint Manager Service"=2 "ose"=3 "odserv"=3 "Microsoft Office Groove Audit Service"=3 "gusvc"=3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\O2\bin\wificfg.exe"="C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe" "C:\Program Files\O2\agent\bin\bcont.exe"="C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe" "C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe"="C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe" "C:\Program Files\O2\agent\bin\bcont_nm.exe"="C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b74-c315-11dd-8d64-0011f5186fe6}] shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467d0b75-c315-11dd-8d64-0011f5186fe6}] shell\AutoRun\command - F:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2009-05-07 08:50:11 ----DC---- C:\USBNoRisk 2009-05-06 00:22:03 ----AC---- C:\WINDOWS\system32\javaws.exe 2009-05-06 00:22:02 ----AC---- C:\WINDOWS\system32\javaw.exe 2009-05-06 00:22:02 ----AC---- C:\WINDOWS\system32\java.exe 2009-05-04 20:41:00 ----DC---- C:\Program Files\Microsoft 2009-05-04 20:40:43 ----DC---- C:\Program Files\Windows Live SkyDrive 2009-05-04 20:40:20 ----DC---- C:\Program Files\Windows Live 2009-05-04 20:25:00 ----DC---- C:\Program Files\Common Files\Windows Live 2009-05-04 20:21:31 ----C---- C:\WINDOWS\system32\spmsg.dll 2009-05-04 20:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2009-04-29 11:37:12 ----DC---- C:\Documents and Settings\POLSKI\Application Data\Winamp 2009-04-29 09:24:09 ----C---- C:\WINDOWS\system32\pxsfs.dll 2009-04-29 09:24:09 ----C---- C:\WINDOWS\system32\pxinsa64.exe 2009-04-29 09:24:09 ----C---- C:\WINDOWS\system32\pxcpya64.exe 2009-04-29 09:24:09 ----C---- C:\WINDOWS\system32\pxafs.dll 2009-04-29 09:24:03 ----DC---- C:\Program Files\Winamp 2009-04-26 06:33:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-04-26 06:32:29 ----DC---- C:\ca93a1612cb9dcbc7bbe57 2009-04-26 04:47:11 ----AC---- C:\WINDOWS\system32\mfc70.dll 2009-04-26 04:47:11 ----AC---- C:\WINDOWS\system32\GdiPlus.dll 2009-04-26 04:47:10 ----AC---- C:\WINDOWS\system32\msxml3a.dll 2009-04-12 02:14:12 ----DC---- C:\Documents and Settings\All Users\Application Data\Soulseek ======List of files/folders modified in the last 1 months====== 2009-05-07 16:50:25 ----DC---- C:\rsit 2009-05-07 16:46:48 ----DC---- C:\WINDOWS\Prefetch 2009-05-07 16:43:13 ----DC---- C:\Program Files\Mozilla Firefox 2009-05-07 16:42:34 ----DC---- C:\WINDOWS\temp 2009-05-07 16:41:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-07 16:39:47 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-07 16:21:53 ----RASHC---- C:\boot.ini 2009-05-07 16:21:53 ----AC---- C:\WINDOWS\win.ini 2009-05-07 16:21:53 ----AC---- C:\WINDOWS\system.ini 2009-05-06 20:33:29 ----AC---- C:\WINDOWS\aiptbl.ini 2009-05-06 19:22:01 ----DC---- C:\WINDOWS\system32\drivers 2009-05-06 16:40:52 ----HDC---- C:\WINDOWS\inf 2009-05-06 16:40:50 ----DC---- C:\WINDOWS\system32\CatRoot2 2009-05-06 08:04:10 ----DC---- C:\WINDOWS\system32 2009-05-06 00:23:40 ----SDC---- C:\WINDOWS\Downloaded Program Files 2009-05-06 00:22:09 ----SHDC---- C:\WINDOWS\Installer 2009-05-06 00:21:57 ----DC---- C:\Program Files\Java 2009-05-05 23:30:43 ----DC---- C:\WINDOWS 2009-05-05 22:23:33 ----DC---- C:\WINDOWS\system32\LogFiles 2009-05-05 22:23:33 ----DC---- C:\WINDOWS\Minidump 2009-05-05 22:21:16 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-05-05 19:34:26 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-05 19:14:00 ----DC---- C:\Program Files\SpywareBlaster 2009-05-04 20:41:48 ----DC---- C:\WINDOWS\WinSxS 2009-05-04 20:41:24 ----RDC---- C:\Program Files 2009-05-04 20:40:49 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-05-04 20:40:49 ----DC---- C:\Program Files\Common Files\Microsoft Shared 2009-05-04 20:25:00 ----DC---- C:\Program Files\Common Files 2009-05-04 20:21:35 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-04 20:21:35 ----DC---- C:\WINDOWS\system32\mui 2009-04-29 11:27:54 ----HDC---- C:\Program Files\InstallShield Installation Information 2009-04-29 08:20:33 ----DC---- C:\WINDOWS\Help 2009-04-26 06:33:41 ----DC---- C:\Program Files\Windows Media Player 2009-04-22 07:18:25 ----DC---- C:\Program Files\Spybot - Search & Destroy 2009-04-12 20:14:08 ----DC---- C:\Documents and Settings ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aiptektp;HyperPen; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2002-12-06 55936] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-06-20 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-06-20 9600] S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-09-13 4096] S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [] S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2003-01-29 184320] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2); C:\Program Files\O2\bin\sprtsvc.exe [2007-06-07 202280] S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-07-27 382320] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Many thanks Pod
×
×
  • Create New...