Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Microsoft C++ runtime Error [RESOLVED]

Started by axlm , Sep 14 2008 01:27 PM

  • This topic is locked This topic is locked

#1
axlm
Posted 14 September 2008 - 01:27 PM

axlm

    Member

  • Member
  • PipPip
  • 11 posts
(Reformatted post to make it easier to read)

I'm trying to update my World of Warcraft installation to the player test realm version. I've gone to their website for support, long story short, they can't help me out. A few posts I've found say that this error occurs in WoW when MalWare is present on your system. This is the text from the error:

Runtime Error!
Program: C:\Documents and Settings\User\Desktop\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe)

This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.


Here's a list of what I've tried to resolve the issue:

  • I've tried downloading and running the McAfee Stinger program, and it found nothing.
  • I've also run a full scan with Avira Anti virus and found nothing.
  • I've downloaded Combofix and ran it, that didn't solve the problem either. (I know now not to use Combofix unless Directed to by an expert)
  • I downloaded SUPERAntiSpyware 4.21.1004, it found 154 tracking cookies and removed them, and 11 other items from a Neopets tool bar that my younger sister uses. It quarantined and removed the program after scanning, but that still did not fix the problem.
  • I downloaded and installed Hijackthis.exe, it returns a runtime error 50003 when I try to use it.
  • I downloaded and installed Malwarebytes' Anti-Malware, and also receive a runtime error 50003 when I try to use it
  • I ran a scan in safe mode with networking using the online virus scanner at http://security.symantec.com. This scan shows that I am infected with IEDefender and Infostealer.Gampass.
  • I've uninstalled Avira, installed AVG and initiated a scan in Safe Mode. (I've never had any virus problems with AVG, not sure why I switched) This scan did not show the infections that were shown in the online scan, leading me to believe it was a false positive.
  • Reset my Internet Explorer settings to use Windows Update. Before resetting, IE would immediately close when I tried to open it. I fixed this by going to Control Panel -> Network and Internet Connections -> Internet Options -> Advanced Tab -> Reset Internet Explorer Settings. No updates were available at this time except a driver update for my soundcard that breaks the card every time I install it, and a graphics card update.

Hijackthis and Malwarebytes Anti-Malware still both have the runtime errors. Additionally I found that my systems clock is in 24 hour format and I have not changed it on my own. I'm not sure if this indicates anything or not, but I thought I'd post it in here.

One other thing I noticed is a file called catchme.txt in my recent documents, here is the text from it:

-------- 2008-09-14 - 12:15:07.71 -------------


-------- 2008-09-15 - 12:46:23.89 -------------


I think catchme is the name of some kind of a backdoor virus or some such...

Anyway, good luck helping me out and thanks for taking time to do it :)

Edited by axlm, 17 September 2008 - 07:52 PM.

  • 0

Advertisements

#2
RatHat
Posted 18 September 2008 - 12:35 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you have word wrap turned off in Notepad. To do this, open Notepad, choose Format, then ensure Word Wrap is Un-checked. (Word Wrap makes reading your logs difficult).

Next, I would like to make sure that you can view hidden files and folders (if possible);
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, could you look in your root drive (usually C:) and post me the log that Combofix will have produced: C:\Combofix.txt

Catchme, by the way, is part of the files that Combofix uses, so nothing to worry about.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Old Timer's OTViewIt and save it to your Desktop.
  • Double click OTViewIt.exe to run the program
  • Under File Age: choose 60 Days
  • Now click Run Scan to start the scan
  • The scan will take a minute or so, Do Not run any other programs during the scan
  • When complete, notepad will open two files:
    • OTViewIt.Txt
    • Extras.Txt
  • Please post the contents of both files in your next reply
Note: You may need to make two posts to ensure the logs are complete

Regards,
RatHat
  • 0

#3
axlm
Posted 18 September 2008 - 01:26 AM

axlm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
(Combofix Log)
ComboFix 08-09-14.06 - User 2008-09-15 12:43:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.649 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

2008-09-15 12:37 . 2008-09-15 12:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 12:37 . 2008-09-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 12:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 12:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 12:31 . 2008-09-15 12:31 <DIR> d-------- C:\Program Files\ERUNT
2008-09-14 12:43 . 2008-09-14 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 12:42 . 2008-09-14 12:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-14 12:42 . 2008-09-14 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-09-14 02:42 . 2008-09-14 02:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Azureus
2008-09-14 02:04 . 2008-09-14 02:04 <DIR> d-------- C:\Documents and Settings\Mom&Amber\Application Data\Windows Desktop Search
2008-09-14 01:15 . 2008-09-15 12:46 2,459,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-14 01:15 . 2008-09-14 14:06 25,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-14 01:12 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-14 01:11 . 2008-09-14 01:11 <DIR> d-------- C:\Program Files\Zone Labs
2008-09-13 14:48 . 2008-09-13 14:48 <DIR> d-------- C:\Program Files\Virtools
2008-09-10 13:28 . 2008-09-12 01:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\SPORE Creature Creator
2008-09-10 13:28 . 2008-09-10 13:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 13:27 . 2008-09-10 13:27 <DIR> d-------- C:\Program Files\Electronic Arts
2008-09-09 13:32 . 2008-09-09 13:32 <DIR> d-------- C:\Documents and Settings\User\Application Data\PCF-VLC
2008-09-09 00:45 . 2008-09-09 00:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\Participatory Culture Foundation
2008-09-06 02:42 . 2008-09-06 02:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Windows Search
2008-09-06 02:21 . 2008-09-06 02:21 <DIR> d-------- C:\Program Files\StumbleUpon
2008-09-06 02:21 . 2008-09-14 15:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\StumbleUpon
2008-09-06 01:43 . 2008-09-06 01:43 <DIR> d-------- C:\Documents and Settings\User\Application Data\Windows Desktop Search
2008-09-06 01:38 . 2008-09-06 01:38 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-06 01:37 . 2008-03-07 12:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-06 01:37 . 2008-03-07 12:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-06 01:37 . 2008-03-07 12:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-06 01:36 . 2008-07-22 09:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-06 01:36 . 2008-07-22 09:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-06 01:36 . 2008-07-22 09:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-09-06 01:24 . 2008-09-06 01:24 <DIR> d-------- C:\Documents and Settings\Axl\Application Data\Neopets Toolbar
2008-09-06 01:14 . 2008-09-06 01:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-05 16:15 . 2008-09-06 01:52 <DIR> d-------- C:\firefox2
2008-09-04 19:12 . 2008-09-10 00:23 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-09-04 19:10 . 2008-09-13 22:05 4,194,306 --a------ C:\pfirewall.log.old
2008-09-04 15:17 . 2008-09-04 15:17 <DIR> d-------- C:\Program Files\Avira
2008-09-04 15:17 . 2008-09-04 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 14:54 . 2008-09-04 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-04 14:51 . 2008-09-04 14:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 14:51 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-04 14:16 . 2008-09-06 00:59 <DIR> d-------- C:\Bookmarks
2008-09-01 01:12 . 2008-09-01 01:12 <DIR> d-------- C:\Documents and Settings\Mom&Amber\Application Data\fretsonfire
2008-09-01 01:11 . 2008-09-14 04:00 <DIR> d-------- C:\Program Files\Frets on Fire
2008-08-31 01:57 . 2008-09-14 06:06 <DIR> d-------- C:\Program Files\Google
2008-08-31 01:27 . 2008-08-31 01:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-31 01:27 . 2008-08-31 01:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-31 01:27 . 2008-08-31 01:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-31 01:27 . 2008-08-31 01:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-31 01:23 . 2008-08-31 01:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-30 11:32 . 2008-08-30 11:32 119 --a------ C:\WINDOWS\DelDir.BEN
2008-08-29 05:29 . 2008-09-06 01:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Yahoo!
2008-08-27 21:52 . 2008-04-13 19:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-27 21:52 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-08-27 21:52 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-08-27 21:52 . 2008-04-13 13:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008-08-27 21:52 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-08-27 21:52 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-08-27 21:52 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-08-27 21:52 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-08-27 21:51 . 2008-04-13 13:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-08-27 21:51 . 2008-04-13 19:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-27 21:51 . 2008-04-13 13:36 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2008-08-27 21:51 . 2008-04-13 13:36 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2008-08-27 21:51 . 2008-04-13 19:12 28,672 --------- C:\WINDOWS\system32\vidcap.ax
2008-08-27 21:51 . 2008-04-13 13:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-08-27 21:51 . 2008-04-13 19:12 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2008-08-27 21:50 . 2008-04-13 19:12 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-08-27 21:48 . 2008-04-13 19:12 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2008-08-27 21:48 . 2004-08-03 22:29 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2008-08-27 21:48 . 2008-04-13 13:46 59,136 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-08-27 21:48 . 2008-04-13 13:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-08-27 21:48 . 2004-08-03 22:41 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2008-08-27 21:47 . 2008-04-13 19:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-08-27 21:47 . 2008-04-13 19:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-08-27 21:47 . 2008-04-13 19:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-08-27 21:47 . 2008-04-13 19:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-08-27 21:47 . 2008-04-13 19:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-08-27 21:47 . 2008-04-13 19:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-08-27 21:45 . 2008-04-13 19:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-27 21:45 . 2008-04-13 19:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-27 21:45 . 2008-04-13 19:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-27 21:45 . 2008-04-13 19:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-27 21:45 . 2008-04-13 19:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-27 21:45 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-08-27 21:43 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-25 12:03 . 2008-09-04 19:12 <DIR> d-------- C:\Jessi
2008-08-23 01:26 . 2008-08-23 01:26 114,144 --a------ C:\hillsbrad_steel_strangle_briar.jpg
2008-08-22 02:05 . 2008-08-22 02:05 <DIR> d-------- C:\Documents and Settings\Mom&Amber\Application Data\PCF-VLC
2008-08-22 01:25 . 2008-08-22 01:25 <DIR> d-------- C:\Documents and Settings\Mom&Amber\Application Data\Participatory Culture Foundation
2008-08-22 01:24 . 2008-08-22 01:24 <DIR> d-------- C:\Program Files\Participatory Culture Foundation
2008-08-19 01:33 . 2008-08-19 01:41 <DIR> d-------- C:\adblock list

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 17:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 17:17 593,471 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-14 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 07:44 --------- d-----w C:\Program Files\World of Warcraft
2008-09-06 06:51 --------- d-----w C:\Program Files\Firefox3
2008-09-06 06:24 --------- d--h--r C:\Documents and Settings\Axl\Application Data\yahoo!
2008-09-06 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-05 21:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-05 00:04 --------- d-----w C:\Program Files\Japanese Learning Suite
2008-09-01 09:26 --------- d-----w C:\Documents and Settings\User\Application Data\Neopets Toolbar
2008-08-31 06:59 --------- d-----w C:\Program Files\UrbanTerror
2008-08-25 03:45 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\Yahoo!
2008-08-21 03:19 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\Azureus
2008-08-15 03:19 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\Auslogics
2008-08-12 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-12 18:26 --------- d-----w C:\Program Files\ATI Technologies
2008-08-12 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-12 16:57 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-08-02 01:16 --------- d-----w C:\Program Files\Yahoo!
2008-08-01 18:06 --------- d-----w C:\Program Files\Azureus
2008-08-01 16:11 --------- d-----w C:\Program Files\Unlocker
2008-08-01 16:11 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\Desktopicon
2008-08-01 03:42 --------- d-----w C:\Program Files\Sandboxie
2008-07-27 17:19 --------- d-----w C:\Program Files\Google Hacks
2008-07-26 22:34 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\OpenOffice.org2
2008-07-26 06:26 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\Kirix
2008-07-20 18:25 --------- d-----w C:\Program Files\WoW-BurningCrusade-enUS-Slim-Installer
2008-07-20 11:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-20 10:54 --------- d-----w C:\Program Files\WoW-2.0.0-enUS-Installer
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-17 08:19 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\LimeWire
2008-07-16 01:21 --------- d-----w C:\Documents and Settings\Mom&Amber\Application Data\InfraRecorder
2008-07-16 01:17 --------- d-----w C:\Program Files\InfraRecorder
2008-07-09 14:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 06:09 103,424 ----a-w C:\WINDOWS\system32\nUI_nat.dll
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-07-04 02:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-14_12.26.27.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\9-15-2008\ERDNT.EXE
+ 2008-09-15 17:32:22 3,223,552 ----a-w C:\WINDOWS\erdnt\9-15-2008\Users\00000001\ntuser.dat
+ 2008-09-15 17:32:22 167,936 ----a-w C:\WINDOWS\erdnt\9-15-2008\Users\00000002\UsrClass.dat
+ 2008-09-14 17:43:02 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-14 17:43:02 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-06-30 738816]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"PS2USBDRV"="C:\WINDOWS\MICROI~1\PS2USBKbdDrv.exe" [2006-12-19 38296]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Documents and Settings\\Mom&Amber\\Desktop\\Downloads\\Games\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\User\\Desktop\\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-06-30 96256]
S2 HIDKbFlt;HIDKbFlt.SvcDesc%;C:\WINDOWS\system32\DRIVERS\HIDKbFlt.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q2y7clyf.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 12:46:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-15 12:49:54
ComboFix-quarantined-files.txt 2008-09-15 17:49:48
ComboFix2.txt 2008-09-14 17:27:03

Pre-Run: 56,561,418,240 bytes free
Post-Run: 56,525,516,800 bytes free

269 --- E O F --- 2008-09-10 16:57:44

Edited by axlm, 18 September 2008 - 01:43 AM.

  • 0

#4
axlm
Posted 18 September 2008 - 01:44 AM

axlm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTViewIt logfile created on: 9/18/2008 2:19:06 AM - Run 1
OTViewIt by OldTimer - Version 1.0.5.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 606.97 Mb Available Physical Memory | 59.30% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.36% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 60.92 Gb Free Space | 54.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCCRACKEN
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
Files within: 60 Days

========== Processes - Non-Microsoft Only ==========

[09/15/2008 23:17:22 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[09/02/2008 07:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
[09/15/2008 23:17:24 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[09/15/2008 23:17:23 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[12/19/2006 11:07:02 | 00,038,296 | ---- | M] () -- C:\WINDOWS\Micro Innovations Internet Keyboard\PS2USBKbdDrv.exe
[09/15/2008 23:17:24 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[09/18/2008 02:18:17 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[07/03/2008 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[09/15/2008 23:17:23 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[09/15/2008 23:17:22 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[09/02/2008 07:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

[09/15/2008 23:17:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[09/15/2008 23:17:31 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[09/15/2008 23:17:37 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\DRIVERS\HIDKbFlt.sys -- (HIDKbFlt [Auto | Stopped])
[09/03/2008 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[09/03/2008 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[09/03/2008 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[09/02/2008 07:33:22 | 00,100,352 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
File not found -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])


========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.neopets.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} (HKLM) -- C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}" (HKLM) -- C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"PS2USBDRV"=C:\WINDOWS\MICROI~1\PS2USBKbdDrv.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" (tzuk)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"NoDrives"=0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

""=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{75C9223A-409A-4795-A3CA-08DE6B075B4B}: StumbleUpon -- C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.mi...b?1210089958671 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_06

========== (O17) DNS Name Servers ==========

{D7943D2F-A5CE-40BD-8EAD-006711203889} (Servers: | Description: SiS 900-Based PCI Fast Ethernet Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[01/17/2008 12:25:15 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]



========== Files/Folders - Created Within 60 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[07/20/2008 15:46:52 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[07/22/2008 20:14:58 | 00,218,362 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 20:18:52 | 00,080,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[07/31/2008 22:43:27 | 00,002,450 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[08/01/2008 10:44:13 | 00,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[08/01/2008 20:13:42 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[08/01/2008 20:16:59 | 00,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[08/12/2008 11:16:16 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[08/13/2008 02:41:44 | 06,462,247 | ---- | C] () -- C:\FRAGLIST.LUAR
[08/13/2008 02:50:28 | 01,650,557 | ---- | C] () -- C:\FRAGLIST.HTM
[08/13/2008 16:29:41 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[08/23/2008 01:26:21 | 00,114,144 | ---- | C] () -- C:\hillsbrad_steel_strangle_briar.jpg
[08/27/2008 21:43:31 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[08/27/2008 21:43:31 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[08/27/2008 21:43:33 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[08/27/2008 21:43:36 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[08/27/2008 21:43:37 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[08/27/2008 21:43:38 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[08/27/2008 21:43:38 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[08/27/2008 21:43:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[08/27/2008 21:43:38 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[08/27/2008 21:43:38 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[08/27/2008 21:43:38 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[08/27/2008 21:43:43 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[08/27/2008 21:43:43 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/27/2008 21:43:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[08/27/2008 21:43:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[08/27/2008 21:43:45 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[08/27/2008 21:43:47 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[08/27/2008 21:43:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[08/27/2008 21:43:47 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[08/27/2008 21:43:47 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[08/27/2008 21:43:47 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[08/27/2008 21:43:47 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[08/27/2008 21:43:47 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[08/27/2008 21:43:50 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[08/27/2008 21:43:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[08/27/2008 21:43:50 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[08/27/2008 21:43:50 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[08/27/2008 21:43:50 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[08/27/2008 21:43:50 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[08/27/2008 21:43:50 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[08/27/2008 21:43:50 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[08/27/2008 21:43:52 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[08/27/2008 21:43:58 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[08/27/2008 21:43:58 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[08/27/2008 21:44:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[08/27/2008 21:44:05 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[08/27/2008 21:44:07 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[08/27/2008 21:44:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[08/27/2008 21:44:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[08/27/2008 21:44:24 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
[08/27/2008 21:44:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[08/27/2008 21:44:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[08/27/2008 21:44:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[08/27/2008 21:44:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[08/27/2008 21:44:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[08/27/2008 21:44:35 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[08/27/2008 21:44:45 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[08/27/2008 21:45:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[08/27/2008 21:45:26 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[08/27/2008 21:45:26 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[08/27/2008 21:45:26 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[08/27/2008 21:46:23 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[08/27/2008 21:46:23 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[08/27/2008 21:46:30 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[08/27/2008 21:46:30 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[08/27/2008 21:46:30 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[08/27/2008 21:46:32 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[08/27/2008 21:46:32 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[08/27/2008 21:46:32 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[08/27/2008 21:46:32 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[08/27/2008 21:46:37 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[08/27/2008 21:47:23 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[08/27/2008 21:47:38 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[08/27/2008 21:47:39 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[08/27/2008 21:47:40 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[08/27/2008 21:47:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[08/27/2008 21:47:57 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[08/27/2008 21:48:35 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[08/27/2008 21:48:40 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[08/27/2008 21:49:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[08/27/2008 21:49:10 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[08/27/2008 21:49:41 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[08/27/2008 21:49:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[08/27/2008 21:50:09 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[08/27/2008 21:51:12 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[08/27/2008 21:51:20 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[08/27/2008 21:51:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[08/27/2008 21:51:39 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[08/27/2008 21:51:55 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[08/27/2008 21:51:57 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[08/27/2008 21:52:12 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[08/27/2008 21:52:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[08/29/2008 05:29:01 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet Explorer.lnk
[08/30/2008 11:32:43 | 00,000,119 | ---- | C] () -- C:\WINDOWS\DelDir.BEN
[09/04/2008 14:51:39 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[09/04/2008 15:28:23 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\User\Desktop\World of Warcraft.lnk
[09/06/2008 01:36:50 | 00,009,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[09/06/2008 01:36:50 | 00,790,846 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[09/06/2008 01:36:50 | 01,214,526 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[09/06/2008 01:37:40 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[09/06/2008 01:37:40 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[09/06/2008 01:37:40 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[09/06/2008 01:54:47 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[09/06/2008 21:18:50 | 00,166,877 | ---- | C] () -- C:\Documents and Settings\User\My Documents\jax.jpg
[09/06/2008 21:20:25 | 00,069,201 | ---- | C] () -- C:\Documents and Settings\User\My Documents\st louis.jpg
[09/06/2008 21:20:55 | 00,155,513 | ---- | C] () -- C:\Documents and Settings\User\My Documents\st louis 2.jpg
[09/06/2008 21:22:24 | 00,155,513 | ---- | C] () -- C:\Documents and Settings\User\My Documents\jax 22.jpg
[09/10/2008 13:27:50 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SPORE™ Creature Creator Trial Edition.lnk
[09/10/2008 13:28:02 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[09/12/2008 12:02:52 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ambercallwes.lnk
[09/14/2008 01:11:31 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[09/14/2008 01:11:31 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[09/14/2008 01:11:31 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[09/14/2008 01:11:57 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[09/14/2008 01:11:57 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[09/14/2008 01:11:58 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[09/14/2008 01:11:58 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[09/14/2008 01:11:58 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[09/14/2008 01:11:58 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[09/14/2008 01:11:59 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[09/14/2008 01:12:02 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[09/14/2008 01:12:02 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[09/14/2008 01:12:03 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[09/14/2008 01:12:04 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[09/14/2008 01:12:16 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[09/14/2008 01:12:19 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[09/14/2008 01:15:45 | 00,055,076 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[09/14/2008 01:15:45 | 04,648,992 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[09/14/2008 01:30:20 | 01,144,400 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\User\Desktop\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe
[09/14/2008 01:30:56 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Sandboxed Web Browser.lnk
[09/14/2008 02:41:27 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/14/2008 03:56:16 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[09/14/2008 12:09:11 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[09/14/2008 12:09:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[09/14/2008 12:09:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[09/14/2008 12:09:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[09/14/2008 12:09:11 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[09/14/2008 12:09:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[09/14/2008 12:09:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[09/14/2008 12:09:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[09/14/2008 12:09:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[09/14/2008 13:35:14 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dallys and kankans adress.lnk
[09/15/2008 12:37:04 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/15/2008 12:37:05 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/15/2008 12:46:25 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[09/15/2008 23:17:28 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/15/2008 23:17:29 | 00,111,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/15/2008 23:17:29 | 00,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/15/2008 23:17:29 | 27,385,481 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[09/15/2008 23:17:31 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/15/2008 23:17:33 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[09/15/2008 23:17:37 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[09/15/2008 23:17:37 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[09/15/2008 23:17:37 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[09/16/2008 23:56:07 | 00,002,966 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[09/17/2008 00:00:31 | 01,067,688 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\vbrun60.exe
[09/17/2008 14:29:31 | 01,578,872 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SmitfraudFix.exe
[09/17/2008 14:30:32 | 00,000,924 | ---- | C] () -- C:\Documents and Settings\User\Desktop\viruses.lnk
[09/17/2008 17:59:44 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[09/17/2008 20:21:48 | 13,322,7519 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
[09/18/2008 02:18:17 | 00,424,448 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== Files - Modified Within 60 days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[07/22/2008 09:45:02 | 00,790,846 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 09:45:03 | 01,214,526 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 09:45:04 | 00,009,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 20:14:58 | 00,218,362 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 20:18:52 | 00,080,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apps.chm
[07/31/2008 22:42:59 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sandboxed Web Browser.lnk
[08/01/2008 10:44:13 | 00,000,203 | ---- | M] () -- C:\WINDOWS\GSdx9 sse2.INI
[08/01/2008 20:13:42 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[08/01/2008 20:17:00 | 00,001,535 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[08/12/2008 13:15:23 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[08/12/2008 13:18:05 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[08/13/2008 02:42:02 | 06,462,247 | ---- | M] () -- C:\FRAGLIST.LUAR
[08/13/2008 02:50:30 | 01,650,557 | ---- | M] () -- C:\FRAGLIST.HTM
[08/23/2008 01:26:22 | 00,114,144 | ---- | M] () -- C:\hillsbrad_steel_strangle_briar.jpg
[08/26/2008 15:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[08/27/2008 08:31:18 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[08/30/2008 11:32:43 | 00,000,119 | ---- | M] () -- C:\WINDOWS\DelDir.BEN
[08/31/2008 01:20:13 | 00,250,048 | RHS- | M] () -- C:\ntldr
[09/04/2008 15:13:57 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[09/04/2008 15:28:23 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\User\Desktop\World of Warcraft.lnk
[09/06/2008 01:38:58 | 00,078,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[09/06/2008 01:38:58 | 00,544,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[09/06/2008 01:38:59 | 00,462,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[09/06/2008 01:39:02 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[09/06/2008 01:54:47 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[09/06/2008 13:17:41 | 00,000,204 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[09/06/2008 21:18:53 | 00,166,877 | ---- | M] () -- C:\Documents and Settings\User\My Documents\jax.jpg
[09/06/2008 21:20:27 | 00,069,201 | ---- | M] () -- C:\Documents and Settings\User\My Documents\st louis.jpg
[09/06/2008 21:20:55 | 00,155,513 | ---- | M] () -- C:\Documents and Settings\User\My Documents\st louis 2.jpg
[09/06/2008 21:22:24 | 00,155,513 | ---- | M] () -- C:\Documents and Settings\User\My Documents\jax 22.jpg
[09/10/2008 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/10/2008 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[09/10/2008 11:54:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[09/10/2008 13:27:50 | 00,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SPORE™ Creature Creator Trial Edition.lnk
[09/10/2008 13:28:02 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[09/12/2008 12:02:52 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ambercallwes.lnk
[09/14/2008 01:13:59 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[09/14/2008 01:30:20 | 01,144,400 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\User\Desktop\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe
[09/14/2008 02:41:29 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/14/2008 03:56:16 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[09/14/2008 03:56:16 | 00,000,559 | ---- | M] () -- C:\WINDOWS\win.ini
[09/14/2008 13:35:14 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dallys and kankans adress.lnk
[09/15/2008 12:46:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[09/15/2008 12:49:56 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[09/15/2008 22:53:22 | 00,002,450 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[09/15/2008 23:17:29 | 00,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[09/15/2008 23:17:29 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[09/15/2008 23:17:31 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[09/15/2008 23:17:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[09/15/2008 23:17:37 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[09/15/2008 23:17:37 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[09/15/2008 23:17:37 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[09/15/2008 23:18:35 | 00,111,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[09/16/2008 17:07:33 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/17/2008 00:00:31 | 01,067,688 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\vbrun60.exe
[09/17/2008 14:29:51 | 01,578,872 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SmitfraudFix.exe
[09/17/2008 14:30:32 | 00,000,924 | ---- | M] () -- C:\Documents and Settings\User\Desktop\viruses.lnk
[09/17/2008 14:58:34 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[09/17/2008 14:58:37 | 00,002,966 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[09/17/2008 18:04:32 | 27,385,481 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[09/17/2008 20:26:42 | 13,322,7519 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
[09/17/2008 23:17:43 | 03,775,770 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[09/17/2008 23:19:53 | 00,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[09/18/2008 00:32:15 | 00,055,076 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[09/18/2008 00:32:58 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[09/18/2008 00:33:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[09/18/2008 00:33:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[09/18/2008 00:33:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[09/18/2008 00:34:03 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[09/18/2008 00:34:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[09/18/2008 00:34:56 | 00,046,560 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/18/2008 02:18:17 | 00,424,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[09/18/2008 02:19:42 | 04,653,088 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

< End of report >

Sorry about the delay. I hadn't seen that the entire file didn't post. Thanks a lot for helping me fix this RatHat :)

Edited by axlm, 18 September 2008 - 01:46 AM.

  • 0

#5
RatHat
Posted 18 September 2008 - 03:32 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

I am not seeing any signs of malware in your log. Could you post me the Extras.Txt that OTViewIt created.

Regards,
RatHat
  • 0

#6
axlm
Posted 18 September 2008 - 09:32 AM

axlm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Oops, I thought I had extras.txt in there. Here it is :)

OTViewIt Extras logfile created on: 9/18/2008 2:19:06 AM - Run User
OTViewIt by OldTimer - Version 1.0.5.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 606.97 Mb Available Physical Memory | 59.30% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.36% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 60.92 Gb Free Space | 54.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCCRACKEN
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
Files within: 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[09/14/2008 01:30:20 | 01,144,400 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\User\Desktop\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[09/15/2008 23:17:23 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[09/15/2008 23:17:24 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[09/15/2008 23:17:28 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}"=Catalyst Control Center Graphics Full Existing
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}"=MSXML 6.0 Parser (KB933579)
"{10053F59-0765-163D-F759-155E6DA35AB6}"=CCC Help English
"{101E4225-8983-7850-3E8C-00C5E0A13B40}"=ccc-core-static
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}"=OpenOffice.org 2.4
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}"=Java™ SE Development Kit 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{379EF672-10D2-4A25-9D86-EAD49CBC34E2}"=Japanese Learning Suite
"{3F555374-449A-0734-73EA-5FF6207FA30F}"=Skins
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4E868D3D-6EEB-4273-926C-2287236B5B79}"=3DVIA Player 4.1
"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}"=Catalyst Control Center Graphics Full New
"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}"=ccc-core-preinstall
"{6846389C-BAC0-4374-808E-B120F86AF5D7}"=Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes
"{86F68693-A637-1F4D-5D4F-4D58486A4601}"=ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2"=Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{AE888E0F-6727-0045-A966-CFB975AC15BA}"=Catalyst Control Center Graphics Previews Common
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}"=MSXML 4.0 SP2 (KB936181)
"{C952BD03-9AC6-F898-B17F-9352638EC93C}"=Catalyst Control Center Core Implementation
"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}"=Catalyst Control Center Graphics Light
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}"=SPORE™ Creature Creator Trial Edition
"{F5346614-B7C4-4E94-826A-E2363155233D}"=EasyCleaner
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FF4A64B8-1AA6-4AA9-9544-54A7ECF0CE22}"=muvee autoProducer 3.5 magicMoments
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Auctioneer"=Auctioneer AddOns
"AVG8Uninstall"=AVG Free 8.0
"Azureus Vuze"=Azureus Vuze
"C-Media Audio Driver"=C-Media WDM Audio Driver
"ERUNT_is1"=ERUNT 1.1j
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InfraRecorder"=InfraRecorder
"Internet Keyboard Pro # KB535BL"=Internet Keyboard Pro # KB535BL
"Kanji Gold_is1"=Kanji Gold 2.10
"KB892130"=Windows Genuine Advantage Validation Tool (KB892130)
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KB911564"=Security Update for Windows Media Player (KB911564)
"KB925398_WMP64"=Security Update for Windows Media Player 6.4 (KB925398)
"KB929399"=Hotfix for Windows Media Format 11 SDK (KB929399)
"KB932471.T301_380ToU433_380"=Hotfix for Microsoft .NET Framework 3.0 (KB932471)
"KB936782_WMP11"=Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7"=Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7"=Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7"=Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683"=Hotfix for Windows Media Player 11 (KB939683)
"KB940157"=Windows Search 4.0
"KB942615-IE7"=Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7"=Security Update for Windows Internet Explorer 7 (KB944533)
"KB947864-IE7"=Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7"=Security Update for Windows Internet Explorer 7 (KB950759)
"KB953838-IE7"=Security Update for Windows Internet Explorer 7 (KB953838)
"KB954154_WM11"=Security Update for Windows Media Player 11 (KB954154)
"KeyHoleTV"=KeyHoleTV
"Kids Imaging Studio"=Kids Imaging Studio
"M928366"=Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Neopets"=Neopets
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RealAlt_is1"=Real Alternative 1.60
"Sandboxie"=Sandboxie 3.30
"StumbleUponIEToolbar"=StumbleUpon IE Toolbar
"Unlocker"=Unlocker 1.8.7
"WGA"=Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify"=Windows Genuine Advantage Notifications (KB905474)
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2008 4:05:24 PM | Computer Name = MCCRACKEN | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\SMITFRAUDFIX\SETPATHS.BAT>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/17/2008 4:05:24 PM | Computer Name = MCCRACKEN | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\SMITFRAUDFIX\TMP3.TXT>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/17/2008 4:05:25 PM | Computer Name = MCCRACKEN | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\SMITFRAUDFIX\CLEAN.REG>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/17/2008 7:06:02 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1000
Description = Faulting application wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe,
version 1.8.2.408, faulting module wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe,
version 1.8.2.408, fault address 0x0005b5f1.

Error - 9/17/2008 7:06:03 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1001
Description = Fault bucket 927306608.

Error - 9/17/2008 7:20:23 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1000
Description = Faulting application wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe,
version 1.8.2.408, faulting module wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe,
version 1.8.2.408, fault address 0x0005b5f1.

Error - 9/17/2008 7:20:25 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1001
Description = Fault bucket 927306608.

Error - 9/17/2008 8:51:50 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1000
Description = Faulting application backgrounddownloader.exe, version 1.8.2.426,
faulting module backgrounddownloader.exe, version 1.8.2.426, fault address 0x0005c861.

Error - 9/17/2008 9:13:24 PM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.28.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x773f65f1.

Error - 9/18/2008 12:17:41 AM | Computer Name = MCCRACKEN | Source = Application Error | ID = 1000
Description = Faulting application backgrounddownloader.exe, version 1.8.2.426,
faulting module backgrounddownloader.exe, version 1.8.2.426, fault address 0x0005c861.

[ System Events ]
Error - 9/17/2008 4:38:13 PM | Computer Name = MCCRACKEN | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/17/2008 4:38:13 PM | Computer Name = MCCRACKEN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM AvgLdx86 AvgMfx86 Fips IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
vsdatant

Error - 9/17/2008 6:04:20 PM | Computer Name = MCCRACKEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/17/2008 6:11:31 PM | Computer Name = MCCRACKEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/17/2008 6:58:41 PM | Computer Name = MCCRACKEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/17/2008 6:58:53 PM | Computer Name = MCCRACKEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/17/2008 7:00:38 PM | Computer Name = MCCRACKEN | Source = Service Control Manager | ID = 7000
Description = The HIDKbFlt.SvcDesc% service failed to start due to the following
error: %%2

Error - 9/17/2008 8:56:52 PM | Computer Name = MCCRACKEN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 9428 minutes. NtpClient has no source of accurate
time.

Error - 9/18/2008 12:20:34 AM | Computer Name = MCCRACKEN | Source = Service Control Manager | ID = 7000
Description = The HIDKbFlt.SvcDesc% service failed to start due to the following
error: %%2

Error - 9/18/2008 1:33:30 AM | Computer Name = MCCRACKEN | Source = Service Control Manager | ID = 7000
Description = The HIDKbFlt.SvcDesc% service failed to start due to the following
error: %%2


< End of report >
  • 0

#7
RatHat
Posted 18 September 2008 - 10:04 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

I am still not seeing anything bad in your log.

I would recommend that you uninstall Azureus Vuze as P2P programs are an invitation to malware.

I would also recommend that you check your Java version and remove old versions. To do this, download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version (Java Runtime Environment (JRE) 6 Update 7) for your computer.

After that, open a new topic in the Games Forum, where someone with more experience with games installation than I, may well be able to help you sort this problem out.

Regards,
RatHat
  • 0

#8
axlm
Posted 19 September 2008 - 12:13 AM

axlm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey, thanks anyway for letting me know I don't have MalWare, that had me scared for a few days. I'll post a topic in the games forum to see if anyone there can help me with this. Thanks for taking time to help me out here RatHat :)
  • 0

#9
RatHat
Posted 19 September 2008 - 04:03 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
You are more than welcome!

Regards,
RatHat
  • 0

#10
RatHat
Posted 19 September 2008 - 08:40 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP