Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to complete spyware scans ... computer freezes [CLOSED]

Started by HackedCactus , Apr 20 2008 11:11 PM

  • This topic is locked This topic is locked

#16
HackedCactus
Posted 21 May 2008 - 09:16 AM

HackedCactus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Freezing during scans still persisting.
I cleaned the relevant directories with ATF Cleaner.
Then I ran VirtumundoBeGone in safe mode and got the following log:

[04/23/2008, 14:21:30] - VirtumundoBeGone v1.5 ( "F:\Documents and Settings\Pablo\My Documents\My Completed Downloads\VirtumundoBeGone.exe" )
[04/23/2008, 14:21:38] - Detected System Information:
[04/23/2008, 14:21:38] - Windows Version: 5.1.2600, Service Pack 2
[04/23/2008, 14:21:38] - Current Username: Pablo (Admin)
[04/23/2008, 14:21:38] - Windows is in NORMAL mode.
[04/23/2008, 14:21:38] - Searching for Browser Helper Objects:
[04/23/2008, 14:21:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/23/2008, 14:21:38] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/23/2008, 14:21:38] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/23/2008, 14:21:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/23/2008, 14:21:38] - No filename found. Continuing.
[04/23/2008, 14:21:38] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/23/2008, 14:21:38] - Finished Searching Browser Helper Objects
[04/23/2008, 14:21:38] - Finishing up...
[04/23/2008, 14:21:38] - Nothing found! Exiting...

Edited by greyknight17, 06 June 2008 - 10:07 AM.

  • 0

Advertisements

#17
greyknight17
Posted 21 May 2008 - 07:14 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you get all the critical Windows Updates? Make sure you get all the critical ones at least.

Run a new Combofix scan and then a Panda scan. Post the two new logs here.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, in the menu, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.

Edited by greyknight17, 21 May 2008 - 07:14 PM.

  • 0

#18
HackedCactus
Posted 25 May 2008 - 09:28 PM

HackedCactus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I believe I have all the critical updates.
I could not complete a Combofix scan. I tried several times and the computer always froze when reaching stage 26.
A new Panda scan again froze at 51% after having detected roughly the same threats as last time.

I ran a scan with DrWeb CureIt. During the initial scan it found 1 threat:

psexesvc.exe

After the quick scan I tried to delete this threat but I am not sure if it worked as it was labelled incurable by DrWeb CureIt. I performed a full scan after this but the complete scan would freeze every time. So frustrating!

I found the following info on psexesvc.exe:

"PsExec is a light weight Telnet program that is used by Backdoor Trojans. It can be installed remotely through an open/unsecure NetBios connection. You can disable the service and remove the file, but if your machine has been open to a
backdoor, there is no telling what they may have done. The only safe fix is to wipe the disk and reinstall."

I am unable to post any logs since none of the scans ran to completion.
  • 0

#19
greyknight17
Posted 26 May 2008 - 06:32 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete Combofix. Download it again and save it to your desktop as CFHackedCactus.exe instead of ComboFix.exe....try running it again.

If it still freezes on you, do the following instead:

Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe or http://www.techsuppo...Deckard/dss.exe and save it to your desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - Main.txt and Extra.txt

Post the main.txt (copy and paste it in your reply) and extra.txt (attach it in your next reply) from the C:\Deckard\System Scanner folder into your next reply.
  • 0

#20
greyknight17
Posted 31 May 2008 - 10:25 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#21
greyknight17
Posted 06 June 2008 - 10:07 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Topic re-opened per user's request.
  • 0

#22
HackedCactus
Posted 06 June 2008 - 09:17 PM

HackedCactus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Downloaded the latest version of Combofix. Scan freezed at stage 25 but worked in safe mode. I also scanned with Deckard's System Scanner. Main.txt is posted first then extra.txt.

ComboFix 08-06-03.1 - Pablo 2008-06-04 20:26:26.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.798 [GMT 9.5:30]
Running from: F:\Documents and Settings\Pablo\My Documents\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 20:08 . 2008-06-04 20:12 <DIR> d-------- F:\WINDOWS\LastGood
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- F:\Program Files\Alwil Software
2008-05-25 22:59 . 2008-05-25 22:59 <DIR> d-------- F:\Program Files\Common Files\Nokia
2008-05-25 22:49 . 2008-05-25 22:49 <DIR> d-------- F:\Program Files\Common Files\PCSuite
2008-05-25 22:48 . 2008-05-25 22:48 <DIR> d-------- F:\Program Files\PC Connectivity Solution
2008-05-25 21:10 . 2008-05-25 21:10 <DIR> d-------- F:\Documents and Settings\Pablo\DoctorWeb
2008-05-22 00:54 . 2008-05-22 00:54 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-22 00:53 . 2008-05-22 00:53 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2008-05-22 00:53 . 2008-05-22 00:53 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 00:53 . 2008-05-22 00:53 <DIR> d-------- F:\Documents and Settings\Pablo\Application Data\SUPERAntiSpyware.com
2008-05-17 17:53 . 2008-05-17 17:59 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-17 17:41 . 2008-05-17 17:49 <DIR> d-------- F:\Program Files\TmUnitedForever
2008-05-16 01:25 . 2008-05-16 01:25 <DIR> d-------- F:\WINDOWS\ERUNT
2008-05-16 00:01 . 2008-05-18 18:43 <DIR> d-------- F:\SDFix
2008-05-15 21:26 . 2008-05-15 21:26 <DIR> d-------- F:\Program Files\Logitech
2008-05-15 21:26 . 2008-05-15 21:26 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 21:26 . 2008-05-15 21:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-15 21:26 . 2004-08-03 22:58 5,504 --a------ F:\WINDOWS\system32\drivers\MSTEE.sys
2008-05-15 21:26 . 2004-08-03 22:58 5,504 --a--c--- F:\WINDOWS\system32\dllcache\mstee.sys
2008-05-15 21:25 . 2004-08-04 00:56 16,384 --a------ F:\WINDOWS\system32\ipsink.ax
2008-05-15 21:25 . 2004-08-04 00:56 16,384 --a--c--- F:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-15 21:25 . 2004-08-03 23:10 15,360 --a------ F:\WINDOWS\system32\drivers\StreamIP.sys
2008-05-15 21:25 . 2004-08-03 23:10 15,360 --a--c--- F:\WINDOWS\system32\dllcache\streamip.sys
2008-05-15 21:25 . 2004-08-03 23:10 10,880 --a------ F:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-15 21:25 . 2004-08-03 23:10 10,880 --a--c--- F:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-15 21:24 . 2004-08-03 23:10 85,376 --a------ F:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-05-15 21:24 . 2004-08-03 23:10 85,376 --a--c--- F:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-05-15 21:24 . 2004-08-03 23:10 19,328 --a------ F:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-05-15 21:24 . 2004-08-03 23:10 19,328 --a--c--- F:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-15 21:24 . 2004-08-03 23:10 11,136 --a------ F:\WINDOWS\system32\drivers\SLIP.sys
2008-05-15 21:24 . 2004-08-03 23:10 11,136 --a--c--- F:\WINDOWS\system32\dllcache\slip.sys
2008-05-15 21:23 . 2004-08-03 23:10 17,024 --a------ F:\WINDOWS\system32\drivers\CCDECODE.sys
2008-05-15 21:23 . 2004-08-03 23:10 17,024 --a--c--- F:\WINDOWS\system32\dllcache\ccdecode.sys
2008-05-15 21:22 . 2008-05-15 21:27 <DIR> d-------- F:\Program Files\Common Files\logishrd
2008-05-15 21:20 . 2004-08-03 23:08 31,616 --a------ F:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-15 21:20 . 2004-08-03 23:08 31,616 --a--c--- F:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-14 21:54 . 2008-05-14 21:54 <DIR> d-------- F:\Program Files\ESET
2008-05-14 21:54 . 2008-05-14 21:54 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\ESET
2008-05-14 01:04 . 2008-05-14 01:04 <DIR> d-------- F:\Program Files\Panda Security
2008-05-14 00:43 . 2008-05-14 00:43 <DIR> d-------- F:\VundoFix Backups
2008-05-13 19:50 . 2008-05-13 19:50 <DIR> d-------- F:\Program Files\Windows Sidebar
2008-05-13 19:50 . 2008-05-13 19:50 <DIR> d-------- F:\Program Files\Norton AntiVirus
2008-05-13 19:38 . 2008-05-13 19:38 <DIR> d-------- F:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-05-12 21:09 . 2008-05-12 21:09 <DIR> d-------- F:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-05 23:16 . 2008-05-05 23:16 <DIR> d-------- F:\Program Files\Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 00:21 --------- d-----w F:\Documents and Settings\Pablo\Application Data\Azureus
2008-05-31 11:33 --------- d-----w F:\Program Files\Incomplete
2008-05-31 11:30 --------- d-----w F:\Program Files\LimeWire
2008-05-31 09:24 --------- d-----w F:\Documents and Settings\Pablo\Application Data\LimeWire
2008-05-25 13:35 --------- d-----w F:\Documents and Settings\Pablo\Application Data\NSeries
2008-05-25 13:29 --------- d-----w F:\Program Files\Nokia
2008-05-17 05:54 22,328 ----a-w F:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-17 05:54 103,736 ----a-w F:\WINDOWS\system32\PnkBstrB.exe
2008-05-14 13:56 --------- d-----w F:\Program Files\Symantec
2008-05-14 13:56 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2008-05-14 12:21 --------- d-----w F:\Documents and Settings\All Users\Application Data\Symantec
2008-05-14 12:16 805 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-14 12:16 60,800 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL
2008-05-14 12:16 123,952 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-14 12:16 10,563 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-12 14:43 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-05-12 12:45 --------- d-----w F:\Documents and Settings\All Users\Application Data\Installations
2008-05-10 04:03 66,872 ----a-w F:\WINDOWS\system32\PnkBstrA.exe
2008-04-27 08:35 --------- d-----w F:\Program Files\LandRouse steering wheel
2008-04-27 07:25 --------- d-----w F:\Program Files\ASUS
2008-04-27 07:18 --------- d-----w F:\Documents and Settings\Pablo\Application Data\Hamachi
2008-04-26 02:25 --------- d-----w F:\Program Files\Java
2008-04-22 10:09 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 10:09 --------- d-----w F:\Documents and Settings\Pablo\Application Data\Malwarebytes
2008-04-22 10:09 --------- d-----w F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 13:20 --------- d-----w F:\Program Files\CCleaner
2008-04-18 12:38 --------- d-----w F:\Program Files\VS Revo Group
2008-04-17 14:41 --------- d-----w F:\Program Files\Azureus
2008-04-16 13:14 --------- d-----w F:\Program Files\Spybot - Search & Destroy
2008-04-16 13:14 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 15:36 0 ---ha-w F:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-13 15:36 0 ---ha-w F:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-13 07:51 --------- d-----w F:\Documents and Settings\Pablo\Application Data\vlc
2008-04-13 07:50 --------- d-----w F:\Program Files\VideoLAN
2008-04-12 16:18 --------- d-----w F:\Documents and Settings\Pablo\Application Data\Leadertech
2008-04-12 08:32 --------- d-----w F:\Program Files\Electronic Arts
2008-04-12 03:04 --------- d-----w F:\Program Files\Incoming
2008-04-11 11:06 --------- d-----w F:\Program Files\Common Files\Adobe
2008-04-10 12:57 --------- d-----w F:\Documents and Settings\Pablo\Application Data\THQ
2008-04-10 12:13 --------- d-----w F:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-10 11:53 --------- d-----w F:\Program Files\THQ
2008-04-10 11:53 --------- d-----w F:\Program Files\Common Files\InstallShield
2008-04-08 12:53 --------- d-----w F:\Documents and Settings\Pablo\Application Data\ROUTE 66 Sync
2008-04-08 10:15 --------- d-----w F:\Program Files\Windows Live
2008-04-08 10:14 --------- dcsh--w F:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 10:10 --------- d-----w F:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 14:43 --------- d-----w F:\Documents and Settings\Pablo\Application Data\AdobeUM
2008-04-07 14:29 --------- d-----w F:\Documents and Settings\Pablo\Application Data\AdobeAUM
2008-04-07 14:28 --------- d-----w F:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-07 13:41 --------- d-----w F:\Documents and Settings\Pablo\Application Data\Nokia
2008-04-07 13:38 --------- d-----w F:\Documents and Settings\All Users\Application Data\Nokia
2008-04-07 13:31 --------- d-----w F:\Program Files\SimpleCenter
2008-04-07 13:31 --------- d-----w F:\Program Files\Common Files\i4j_jres
2008-04-07 13:31 --------- d-----w F:\Documents and Settings\Pablo\Application Data\PC Suite
2008-04-07 13:28 --------- d-----w F:\Program Files\DIFX
2008-02-02 12:48 47,360 ----a-w F:\Documents and Settings\Pablo\Application Data\pcouffin.sys
2007-12-13 03:40 6,177,423,528 ----a-w F:\Program Files\Need for speed Prostreet Iso.nrg
2007-11-21 12:51 22,328 ----a-w F:\Documents and Settings\Pablo\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2007-12-04 22:36 360576 e7dfcffa380749b8626ad71e8f367dcb F:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-12-04 22:36 360576 e7dfcffa380749b8626ad71e8f367dcb F:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-13_ 0.57.44.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 11:58:48 53,248 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-17 08:20:08 53,248 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-04-10 11:58:50 12,800 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-17 08:20:08 12,800 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-04-10 11:58:52 473,600 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-17 08:20:09 473,600 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-04-10 11:58:05 2,676,224 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:00 2,676,224 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:14 2,846,720 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:02 2,846,720 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:17 563,712 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:03 563,712 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:25 567,296 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:03 567,296 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:27 576,000 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:04 576,000 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:31 577,024 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:05 577,024 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:33 577,536 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:05 577,536 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:37 577,536 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:06 577,536 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:40 578,560 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:07 578,560 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:55 578,560 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-17 08:20:09 578,560 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-10 11:58:57 145,920 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-17 08:20:09 145,920 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-04-10 11:58:58 159,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-17 08:20:10 159,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-04-10 11:59:01 364,544 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-17 08:20:10 364,544 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-04-10 11:59:03 178,176 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-17 08:20:10 178,176 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-04-10 11:58:45 223,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-17 08:20:08 223,232 ----a-w F:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-12 10:09:09 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-06-04 10:51:57 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-03-25 08:43:04 124,208 ----a-w F:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 04:19:56 12,592 ----a-w F:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2008-05-14 11:35:41 22,016 ----a-w F:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll
+ 2008-05-12 17:25:56 163,328 ----a-w F:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-18 07:50:06 8,388,608 ----a-w F:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-18 07:50:06 192,512 ----a-w F:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-12 17:25:56 163,328 ----a-w F:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-15 15:55:38 8,200,192 ----a-w F:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-15 15:55:38 192,512 ----a-w F:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2000-08-30 22:30:00 73,728 ----a-w F:\WINDOWS\fdsv.exe
+ 2000-08-30 22:30:00 89,504 ----a-w F:\WINDOWS\fdsv.exe
+ 2008-05-25 13:29:21 10,134 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\ARPPRODUCTICON.exe
+ 2008-05-25 13:29:21 458,752 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-25 13:29:21 8,854 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2008-05-25 13:29:21 458,752 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-05-25 13:29:21 8,854 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\NewShortcut3_F30B5B541F7D4207BF3032ED8CAF6640.exe
+ 2008-05-25 13:29:21 8,854 ----a-r F:\WINDOWS\Installer\{3186AEAE-E104-424D-9152-1BF6A4404758}\Uninstall_Dev_OTI_Ho_6A364605F0D04FC7BCE8E27710F0D99F.exe
+ 2008-05-25 13:20:30 287,934 ----a-r F:\WINDOWS\Installer\{41BBDC08-ACFF-48C2-BD81-CA154C841351}\ARPPRODUCTICON.exe
+ 2008-05-25 13:20:30 327,680 ----a-r F:\WINDOWS\Installer\{41BBDC08-ACFF-48C2-BD81-CA154C841351}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe
+ 2008-05-25 13:20:30 327,680 ----a-r F:\WINDOWS\Installer\{41BBDC08-ACFF-48C2-BD81-CA154C841351}\UpdateManager1_8C75ED63874746D18905B6C4AF1D7A30.exe
+ 2008-05-25 13:19:21 10,134 ----a-r F:\WINDOWS\Installer\{6094AB91-4CC8-498E-9DFF-134CC0B159DE}\ARPPRODUCTICON.exe
+ 2008-05-25 13:19:49 53,248 ----a-r F:\WINDOWS\Installer\{903F2FE9-1751-4894-9D10-702F3AA0D6D5}\ApplicationInstall_EA4C92A9D39C4B42BE70DAD133D61BC1.exe
+ 2008-06-02 09:41:46 15,086 ----a-r F:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ARPPRODUCTICON.exe
+ 2008-06-02 09:41:46 15,086 ----a-r F:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2008-06-02 09:41:46 53,248 ----a-r F:\WINDOWS\Installer\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2008-05-25 13:30:28 126,976 ----a-r F:\WINDOWS\Installer\{A37CCEBA-5CDF-426F-A397-4562FA4A34B4}\MusicManager.exe_58E2399BE04F47D0938CE6D57AD2B893.exe
+ 2008-05-25 13:30:33 53,248 ----a-r F:\WINDOWS\Installer\{A817131B-177D-4FB9-8317-C91138013600}\OneTouchAccess.exe_798444D892B841D0974FD036F183E4F6.exe
+ 2008-05-25 13:19:40 53,248 ----a-r F:\WINDOWS\Installer\{B0CC883F-D14A-4EBA-9355-4D23B223CF05}\ConnectionManager._B92F3B0BBF53469CBCC10EF40F27B950.exe
+ 2008-05-25 13:19:40 53,248 ----a-r F:\WINDOWS\Installer\{B0CC883F-D14A-4EBA-9355-4D23B223CF05}\GetConnected.exe_B92F3B0BBF53469CBCC10EF40F27B950.exe
+ 2008-05-25 13:19:40 53,248 ----a-r F:\WINDOWS\Installer\{B0CC883F-D14A-4EBA-9355-4D23B223CF05}\NewShortcut1_B92F3B0BBF53469CBCC10EF40F27B950.exe
+ 2008-05-25 13:19:58 53,248 ----a-r F:\WINDOWS\Installer\{BBC12E6C-C32F-470A-BF15-5A8C21066D1A}\NewShortcut1_7E0E14B4308047F9BF740889375E0D12.exe
+ 2008-05-25 13:29:34 53,248 ----a-r F:\WINDOWS\Installer\{C701040C-9CBD-4321-9CA3-8305E3EA26B6}\MultimediaPlayer.e_8AE366AE32CF4CE180FEA01AF94D63E8.exe
+ 2008-05-21 15:24:00 18,944 ----a-r F:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-21 15:24:00 65,024 ----a-r F:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-25 13:30:13 17,542 ----a-r F:\WINDOWS\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\ARPPRODUCTICON.exe
+ 2008-05-25 13:30:13 57,344 ----a-r F:\WINDOWS\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut1_84286F5379AD4EED8488EA5F9B6C2260.exe
+ 2008-05-25 13:30:13 57,344 ----a-r F:\WINDOWS\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut2_84286F5379AD4EED8488EA5F9B6C2260.exe
+ 2007-04-16 13:14:20 271,224 ----a-w F:\WINDOWS\LastGood\system32\mucltui.dll
+ 2008-05-15 23:24:43 1,152,888 ----a-w F:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:12:36 95,608 ----a-w F:\WINDOWS\system32\AvastSS.scr
- 2005-09-09 04:51:51 466,944 ----a-w F:\WINDOWS\system32\capicom.dll
+ 2007-04-11 19:11:20 511,328 ----a-w F:\WINDOWS\system32\capicom.dll
+ 2005-12-07 03:01:00 202,752 ----a-r F:\WINDOWS\system32\CddbCdda.dll
+ 2004-08-03 15:26:44 47,616 -c--a-w F:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2004-08-03 13:45:22 140,928 -c--a-w F:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-03 15:26:46 17,408 -c--a-w F:\WINDOWS\system32\dllcache\msyuv.dll
+ 2001-08-17 13:06:34 8,192 -c--a-w F:\WINDOWS\system32\dllcache\tsbyuv.dll
+ 2004-08-03 13:37:56 59,264 -c--a-w F:\WINDOWS\system32\dllcache\usbaudio.sys
+ 2004-08-03 15:26:48 53,760 -c--a-w F:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2008-05-15 23:13:26 26,944 ----a-w F:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:16:06 20,560 ----a-w F:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 18:34:01 93,264 ----a-w F:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-05-15 23:18:33 94,416 ----a-w F:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:15:29 23,152 ----a-w F:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:20:32 78,416 ----a-w F:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:14:11 42,912 ----a-w F:\WINDOWS\system32\drivers\aswTdi.sys
- 2006-10-15 15:47:10 140,928 ----a-w F:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-03 13:45:22 140,928 ----a-w F:\WINDOWS\system32\drivers\ks.sys
+ 2007-10-11 16:26:00 1,279,000 ----a-w F:\WINDOWS\system32\drivers\LV302V32.SYS
+ 2007-10-19 03:46:30 2,109,976 ----a-w F:\WINDOWS\system32\drivers\Lvckap.sys
+ 2007-10-11 09:29:02 2,142,488 ----a-w F:\WINDOWS\system32\drivers\LVMVdrv.sys
+ 2007-10-11 09:29:24 25,624 ----a-w F:\WINDOWS\system32\drivers\LVPr2Mon.sys
+ 2007-10-11 16:30:44 41,752 ----a-w F:\WINDOWS\system32\drivers\LVUSBSta.sys
+ 2007-06-28 02:14:58 137,216 ----a-w F:\WINDOWS\system32\drivers\nmwcd.sys
+ 2007-06-28 02:14:16 8,320 ----a-w F:\WINDOWS\system32\drivers\nmwcdc.sys
+ 2004-08-03 13:37:56 59,264 ----a-w F:\WINDOWS\system32\drivers\USBAUDIO.sys
+ 2007-03-20 02:15:50 479,232 -c--a-w F:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\PCCSWpdDriver.dll
+ 2007-03-20 02:07:46 831,048 -c--a-w F:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\WudfUpdate_01005.dll
- 2006-10-15 15:47:10 47,616 ----a-w F:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-03 15:26:44 47,616 ----a-w F:\WINDOWS\system32\iyuv_32.dll
+ 2007-10-11 16:27:42 195,096 ----a-w F:\WINDOWS\system32\lvci1150.dll
+ 2007-10-11 16:27:30 416,280 ----a-w F:\WINDOWS\system32\lvcodec2.dll
+ 2007-10-11 16:30:22 490,008 ----a-w F:\WINDOWS\system32\LVUI2.dll
+ 2007-10-11 16:30:34 465,432 ----a-w F:\WINDOWS\system32\LVUI2RC.dll
- 2006-10-15 15:47:10 17,408 ----a-w F:\WINDOWS\system32\msyuv.dll
+ 2004-08-03 15:26:46 17,408 ----a-w F:\WINDOWS\system32\msyuv.dll
- 2007-04-16 13:14:20 271,224 ----a-w F:\WINDOWS\system32\mucltui.dll
+ 2007-07-30 09:49:10 271,224 ----a-w F:\WINDOWS\system32\mucltui.dll
+ 2007-06-28 02:14:14 163,840 ----a-w F:\WINDOWS\system32\nmwcdcocls.dll
+ 2007-06-28 02:14:18 148,992 ----a-w F:\WINDOWS\system32\nsesetup.dll
- 2006-10-15 15:47:10 8,192 ----a-w F:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-17 13:06:34 8,192 ----a-w F:\WINDOWS\system32\tsbyuv.dll
+ 2004-08-03 15:26:48 53,760 ----a-w F:\WINDOWS\system32\vfwwdm32.dll
+ 2007-10-21 09:21:58 323,624 ----a-w F:\WINDOWS\system32\wiaaut.dll
+ 2007-10-11 16:31:30 236,056 ----a-w F:\WINDOWS\twain_32\QuickCam\lvWIAext.dll
+ 2008-05-25 13:29:07 1,233,920 ----a-w F:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:26 15360]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 21:35 486856]
"MySpaceIM"="F:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 11:17 8720384]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 10:38 532480]
"NVRTCLK"="F:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 19:14 24576]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 F:\WINDOWS\system32\nwiz.exe]
"DownloadAccelerator"="F:\Program Files\DAP\DAP.exe" [2006-08-03 16:42 2864276]
"NeroFilterCheck"="F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 19:50 77824 F:\WINDOWS\SOUNDMAN.EXE]
"PWRISOVM.EXE"="F:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 09:35 200704]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AsusStartupHelp"="F:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe" [2006-11-14 13:25 363008]
"Adobe Photo Downloader"="F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Launch Ai Booster"="F:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-11-19 17:31 3503616]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 11:17 51048]
"LogitechCommunicationsManager"="F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="F:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"NSLauncher"="F:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-10-01 19:59 3104768]
"avast!"="F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 08:49 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:26 15360]
"MySpaceIM"="F:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 11:17 8720384]

F:\Documents and Settings\Pablo\Start Menu\Programs\Startup\
MagicDisc.lnk - F:\Program Files\MagicDisc\MagicDisc.exe [2007-09-08 21:32:23 557568]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-19 11:17 8720384 F:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"F:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"F:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\DAP\\DAP.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"F:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\Azureus\\Azureus.exe"=
"F:\\WINDOWS\\system32\\PnkBstrA.exe"=
"F:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CoH Opposing Fronts\\RelicCOH.exe"=
"F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"F:\\Program Files\\Sierra Online\\Red Baron Arcade\\Red Baron Arcade.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"F:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"F:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 08:50]
S2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 08:46]
S3 atxboxfl;atxboxfl Filter Service;F:\WINDOWS\system32\DRIVERS\atxboxfl.sys [2003-12-03 11:10]
S3 FileObjInfo;STFileDriver;F:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [2008-03-23 20:20]
S3 k600bus;Sony Ericsson 600i driver (WDM);F:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 20:42]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;F:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 20:42]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;F:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 20:42]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;F:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 20:42]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;F:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 20:42]
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;F:\WINDOWS\system32\DRIVERS\ngrpci.sys [2001-08-17 12:12]
S3 PCASp50;PCASp50 NDIS Protocol Driver;F:\WINDOWS\system32\Drivers\PCASp50.sys []
S3 upperdev;upperdev;F:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 20:29:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 20:30:58
ComboFix-quarantined-files.txt 2008-06-04 11:00:49
ComboFix2.txt 2008-05-12 15:28:05
ComboFix3.txt 2008-04-26 06:55:01
ComboFix4.txt 2008-04-23 05:47:12

Pre-Run: 2,986,262,528 bytes free
Post-Run: 3,374,321,664 bytes free

356 --- E O F --- 2007-08-23 10:21:46

---------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Pablo on 2008-06-04 23:20:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-06-04 13:50:34 UTC - RP315 - Deckard's System Scanner Restore Point
12: 2008-06-04 10:40:30 UTC - RP314 - ComboFix created restore point
11: 2008-06-03 11:18:11 UTC - RP313 - System Checkpoint
10: 2008-06-02 10:23:33 UTC - RP312 - System Checkpoint
9: 2008-06-01 05:44:04 UTC - RP311 - Removed ESET NOD32 Antivirus


-- First Restore Point --
1: 2008-05-21 15:23:55 UTC - RP303 - Installed SUPERAntiSpyware Free Edition


Backed up registry hives.
Performed disk cleanup.

System Drive F: has 2.91 GiB (less than 15%) free.


-- HijackThis (run as Pablo.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:38 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Pablo\My Documents\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Pablo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NVRTCLK] F:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] F:\Program Files\ASUS\AASP\1.00.14\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NSLauncher] F:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Image Converter 2 ??? - F:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192940351187
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1190990934437
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://leadfootcruis...ad/MsnPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0391709E-0C6D-4F3E-924A-C8134E53B332}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE419BD-CD8F-4910-B2F2-1F471FAC0F9C}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LVCOMSer - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9813 bytes

-- HijackThis Fixed Entries (F:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080426-161205-215 O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - f:\windows\system32\drivers\asio.sys
R1 SCDEmu - f:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 mdmxsdk - f:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 GVCplDrv - f:\windows\system32\drivers\gvcpldrv.sys
R3 HSF_DP - f:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - f:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - f:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - f:\windows\system32\drivers\vaxscsi.sys
R3 winachsf - f:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 atxboxfl (atxboxfl Filter Service) - f:\windows\system32\drivers\atxboxfl.sys <Not Verified; Compuware Corporation; DriverStudio>
S3 FileObjInfo (STFileDriver) - f:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - f:\windows\system32\drivers\pcasp50.sys (file missing)
S3 upperdev - f:\windows\system32\drivers\usbser_lowerflt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "f:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R3 ServiceLayer - "f:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 NBService - f:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: N82
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: N82
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 20:10:12 68096 --a------ F:\WINDOWS\zip.exe
2008-06-04 20:10:12 49152 --a------ F:\WINDOWS\VFind.exe
2008-06-04 20:10:12 212480 --a------ F:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 20:10:12 136704 --a------ F:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 20:10:12 161792 --a------ F:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 20:10:12 98816 --a------ F:\WINDOWS\sed.exe
2008-06-04 20:10:12 80412 --a------ F:\WINDOWS\grep.exe
2008-06-04 20:10:12 89504 --a------ F:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 20:00:29 0 d-------- F:\Program Files\Alwil Software
2008-05-25 22:59:06 0 d-------- F:\Program Files\Common Files\Nokia
2008-05-25 22:49:32 0 d-------- F:\Program Files\Common Files\PCSuite
2008-05-25 22:48:52 0 d-------- F:\Program Files\PC Connectivity Solution
2008-05-25 21:10:03 0 d-------- F:\Documents and Settings\Pablo\DoctorWeb
2008-05-22 00:54:03 0 d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-22 00:53:57 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-05-22 00:53:57 0 d-------- F:\Documents and Settings\Pablo\Application Data\SUPERAntiSpyware.com
2008-05-22 00:53:33 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 17:53:47 0 d-------- F:\Documents and Settings\All Users\Application Data\TrackMania <TRACKM~1>
2008-05-17 17:41:09 0 d-------- F:\Program Files\TmUnitedForever
2008-05-16 01:25:34 0 d-------- F:\WINDOWS\ERUNT
2008-05-15 21:26:54 0 d-------- F:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-15 21:26:46 0 d-------- F:\Documents and Settings\All Users\Application Data\Logitech
2008-05-15 21:26:45 0 d-------- F:\Program Files\Logitech
2008-05-15 21:22:13 0 d-------- F:\Program Files\Common Files\logishrd
2008-05-14 21:54:20 0 d-------- F:\Documents and Settings\All Users\Application Data\ESET
2008-05-14 01:04:35 0 d-------- F:\Program Files\Panda Security
2008-05-14 00:43:02 0 d-------- F:\VundoFix Backups
2008-05-13 19:50:35 0 d-------- F:\Program Files\Windows Sidebar
2008-05-13 19:50:35 0 d-------- F:\Program Files\Norton AntiVirus
2008-05-13 19:38:47 0 d-------- F:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-05-12 21:09:16 0 d-------- F:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-05 23:16:53 0 d-------- F:\Program Files\Red Kawa


-- Find3M Report ---------------------------------------------------------------

2008-06-02 09:51:42 0 d-------- F:\Documents and Settings\Pablo\Application Data\Azureus
2008-05-31 21:03:38 0 d-------- F:\Program Files\Incomplete
2008-05-31 21:00:56 0 d-------- F:\Program Files\LimeWire
2008-05-31 18:54:23 0 d-------- F:\Documents and Settings\Pablo\Application Data\LimeWire
2008-05-25 23:05:27 0 d-------- F:\Documents and Settings\Pablo\Application Data\NSeries
2008-05-25 22:59:47 0 d-------- F:\Program Files\Nokia
2008-05-25 22:59:06 0 d-------- F:\Program Files\Common Files
2008-05-14 23:26:24 0 d-------- F:\Program Files\Symantec
2008-05-14 23:26:24 0 d-------- F:\Program Files\Common Files\Symantec Shared
2008-05-13 00:22:01 168887 --a------ F:\Documents and Settings\Pablo\Application Data\NMM-MetaData.db
2008-05-13 00:13:17 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-04-27 18:05:42 0 d-------- F:\Program Files\LandRouse steering wheel
2008-04-27 16:55:14 0 d-------- F:\Program Files\ASUS
2008-04-27 16:48:36 0 d-------- F:\Documents and Settings\Pablo\Application Data\Hamachi
2008-04-26 11:55:46 0 d-------- F:\Program Files\Java
2008-04-22 19:39:47 0 d-------- F:\Documents and Settings\Pablo\Application Data\Malwarebytes
2008-04-22 19:39:42 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-04-18 22:50:48 0 d-------- F:\Program Files\CCleaner
2008-04-18 22:08:45 0 d-------- F:\Program Files\VS Revo Group
2008-04-18 00:11:51 0 d-------- F:\Program Files\Azureus
2008-04-13 17:21:36 0 d-------- F:\Documents and Settings\Pablo\Application Data\vlc
2008-04-13 17:20:18 0 d-------- F:\Program Files\VideoLAN
2008-04-13 01:48:36 0 d-------- F:\Documents and Settings\Pablo\Application Data\Leadertech
2008-04-12 18:02:52 0 d-------- F:\Program Files\Electronic Arts
2008-04-12 12:34:51 0 d-------- F:\Program Files\Incoming
2008-04-11 20:36:04 0 d-------- F:\Progra
  • 0

#23
greyknight17
Posted 07 June 2008 - 01:05 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does running ATF Cleaner remove all those cookies found by Panda? Go to http://windowsupdate.microsoft.com and verify that you have all the critical updates.

I don't see anything else that's alarming from the logs.
  • 0

#24
HackedCactus
Posted 12 June 2008 - 08:35 PM

HackedCactus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I have all the windows critical updates and verified this by visiting microsoft's website.
ATF Cleaner removed the cookies picked up by Panda (although Panda only ever completed to 50%).
By computer still freezes during any type of scan though.
  • 0

#25
greyknight17
Posted 13 June 2008 - 09:54 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Disable ALL your security programs prior to running Panda. Try not to use any other program to access the internet besides the Panda scan.
  • 0

Advertisements

#26
HackedCactus
Posted 18 June 2008 - 06:24 AM

HackedCactus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I disabled all security programs and closed off everything I could that might access the internet while the Panda scan ran.
The Panda scan still froze at 52% :)
  • 0

#27
greyknight17
Posted 20 June 2008 - 07:51 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Skip the Panda scan. Let's try using another scanner....

Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.
  • 0

#28
greyknight17
Posted 27 June 2008 - 09:01 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP