Thread: Computer controlled!
View Single Post
Old 11-07-2008, 03:30 PM   #1 (permalink)
FireWalker42
I helped the forums.
 
FireWalker42's Avatar
 
Join Date: Nov 2008
Location: Central Florida
Posts: 10
OS: XP SP3


Computer controlled!
Running windows XP SP3. Was not running any protection other than microsoft's and got bit. IE gets redirected and infected message bubble appears. Windows showed protection off and several messages. I disconnected from the internet and removed my external backup drive. Amazingly I had shut off sync to the backup drive before I got infected. I am posting from an old laptop and also used this to download ad-aware, spybot, AVG free 8.0 and Malwarebytes' anti-malware. From AVG attempted to run vcleaner before installing AVG. It completed and installed AVG. Unable to get definition updates. Ran then froze. Ad-Aware found and removed some. Ran ATF-cleaner. RegCleaner would not run. Malware's found and removed some more. unable to start in safe-mode. Was able to start in safe-mode with msconfig. Ran Malware's again a few times. Restarted in normal and used gmer and rsit. Logs to follow:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-07 17:04:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 342 GB (72%) free of 477 GB
Total RAM: 2047 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\nphzhsmw.job
C:\WINDOWS\tasks\xzlxwwpn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-05 5759816]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-07 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"{3e-e9-91-1f-dw}"=C:\windows\system32\dwwnw64r.exe DWmmm01 []
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"xsjfn83jkemfofght"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogin.exe [2008-11-06 15000]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"rs32net"=C:\WINDOWS\System32\rs32net.exe []
"RCSystem"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"prunnet"=C:\WINDOWS\system32\prun.exe [2008-11-06 34816]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]
"kernel and hardware abstraction layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"iupd721"=C:\Documents and Settings\Administrator\Application Data\NI.GSCNS\IUpd721.exe [2008-11-06 403968]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"hpqsrmon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"HPHmon03"=C:\WINDOWS\system32\hphmon03.exe []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"hp software update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"exploreupdsched"=C:\WINDOWS\system32\lcntstdl.exe DWmmm01 []
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"e4b3e9b0"=C:\WINDOWS\system32\tcukvwrd.dll []
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-17 17920]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"brastk"=brastk.exe []
"avg8_tray"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-07 1234712]
"applesyncnotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"AlienFXController"=c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe [2006-09-13 311296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"updateMgr"=c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-10-05 160592]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-15 32768]
"H/PC Connection Agent"=D:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"xsjfn83jkemfofght"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogin.exe [2008-11-06 15000]
"prunnet"=C:\WINDOWS\system32\prun.exe [2008-11-06 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=2
"cmdService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech Harmony Remote V5.lnk - C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\lcntstdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1yfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati1yfxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient"="C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5"
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe"="C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
"E:\setup\HPZnui01.exe"="E:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS5F.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zS5F.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zSF.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zSF.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4F.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4F.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zS4.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Documents and Settings\Administrator\Local Settings\Temp\7zS2.tmp\setup\HPZnui01.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\7zS2.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\Administrator\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"="D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient"="C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5"
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe"="C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fd7505-4b81-11dc-82e9-00155838d8cc}]
shell\autorun\command - H:\PortableRoboForm.exe
shell\roboform2go\command - H:\PortableRoboForm.exe


======List of files/folders created in the last 1 months======

2008-11-07 17:04:41 ----D---- C:\Program Files\trend micro
2008-11-07 17:04:40 ----D---- C:\rsit
2008-11-07 16:43:56 ----A---- C:\WINDOWS\gmer.ini
2008-11-07 16:43:54 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-07 16:43:54 ----A---- C:\WINDOWS\gmer.exe
2008-11-07 16:43:54 ----A---- C:\WINDOWS\gmer.dll
2008-11-07 16:35:12 ----HD---- C:\$AVG8.VAULT$
2008-11-07 04:08:27 ----A---- C:\WINDOWS\system32\wini108023.exe
2008-11-07 03:11:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-11-07 03:11:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-07 03:11:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-07 02:10:58 ----D---- C:\Program Files\Lavasoft
2008-11-07 02:10:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-07 02:09:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-07 01:55:36 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-07 01:55:29 ----D---- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-11-07 01:55:17 ----D---- C:\Program Files\AVG
2008-11-07 01:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-06 23:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-06 22:59:03 ----A---- C:\WINDOWS\system32\tgdgdk.dll
2008-11-06 22:59:02 ----A---- C:\WINDOWS\system32\bbmdiyaa.dll
2008-11-06 22:58:36 ----A---- C:\WINDOWS\system32\ef902dce-.txt
2008-11-06 22:57:42 ----D---- C:\Documents and Settings\Administrator\Application Data\IUpd721
2008-11-06 22:52:46 ----A---- C:\WINDOWS\system32\sn.txt
2008-11-06 22:52:46 ----A---- C:\WINDOWS\search.yahoo.com-error.html
2008-11-06 22:52:43 ----A---- C:\WINDOWS\system32\g46.exe
2008-11-06 22:51:05 ----A---- C:\WINDOWS\system32\rjwnw64o.exe
2008-11-06 22:49:35 ----A---- C:\oxii.exe
2008-11-06 22:49:20 ----A---- C:\ulakr.exe
2008-11-06 22:49:18 ----D---- C:\Documents and Settings\Administrator\Application Data\gadcom
2008-11-06 22:49:15 ----A---- C:\depwvtw.exe
2008-11-06 22:49:14 ----D---- C:\Documents and Settings\Administrator\Application Data\NI.GSCNS
2008-11-06 22:49:12 ----SHD---- C:\WINDOWS\IA
2008-11-06 22:49:06 ----D---- C:\WINDOWS\system32\uvb
2008-11-06 22:49:06 ----D---- C:\WINDOWS\system32\T2
2008-11-06 22:49:06 ----D---- C:\WINDOWS\system32\NPX
2008-11-06 22:49:06 ----D---- C:\WINDOWS\system32\im
2008-11-06 22:49:04 ----D---- C:\WINDOWS\system32\QI19
2008-11-06 22:49:00 ----A---- C:\WINDOWS\system32\prun.exe
2008-11-06 21:26:57 ----A---- C:\WINDOWS\system32\ShellManager10E2D762.dll
2008-10-31 13:45:53 ----D---- C:\Program Files\DOSBox-0.72
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-28 14:54:36 ----D---- C:\Program Files\DayDawn
2008-10-24 04:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-21 04:22:23 ----D---- C:\Program Files\AviSynth 2.5
2008-10-21 04:22:23 ----A---- C:\WINDOWS\x2.64.exe
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\x.264.exe
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\i420vfw.dll
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\devil.dll
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2008-10-21 04:22:23 ----A---- C:\WINDOWS\system32\avisynth.dll
2008-10-21 04:22:23 ----A---- C:\WINDOWS\MOTA113.exe
2008-10-21 04:22:23 ----A---- C:\WINDOWS\meta4.exe
2008-10-21 04:21:44 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2008-10-21 04:21:44 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2008-10-21 04:21:44 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2008-10-21 04:21:41 ----D---- C:\Program Files\eRightSoft
2008-10-15 04:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 04:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 04:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 04:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 04:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-07 17:04:41 ----RD---- C:\Program Files
2008-11-07 17:04:40 ----D---- C:\WINDOWS\Temp
2008-11-07 16:44:53 ----D---- C:\WINDOWS\Prefetch
2008-11-07 16:43:56 ----D---- C:\WINDOWS
2008-11-07 16:43:54 ----D---- C:\WINDOWS\system32\drivers
2008-11-07 16:41:31 ----D---- C:\WINDOWS\system32
2008-11-07 16:41:23 ----D---- C:\WINDOWS\Registration
2008-11-07 16:38:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-07 16:35:06 ----SHD---- C:\System Volume Information
2008-11-07 16:35:06 ----D---- C:\WINDOWS\system32\Restore
2008-11-07 16:32:00 ----RASH---- C:\boot.ini
2008-11-07 16:32:00 ----A---- C:\WINDOWS\win.ini
2008-11-07 16:32:00 ----A---- C:\WINDOWS\system.ini
2008-11-07 14:40:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-07 14:37:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 13:15:25 ----SHD---- C:\WINDOWS\CSC
2008-11-07 02:11:25 ----HD---- C:\Config.Msi
2008-11-07 02:11:06 ----SHD---- C:\WINDOWS\Installer
2008-11-07 02:09:40 ----D---- C:\Program Files\Common Files
2008-11-06 22:51:01 ----SD---- C:\WINDOWS\Tasks
2008-11-06 22:49:20 ----A---- C:\WINDOWS\system32\user32.DLL
2008-11-06 22:49:19 ----D---- C:\temp
2008-11-06 21:47:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-06 21:47:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-06 21:46:41 ----D---- C:\Program Files\Maxtor
2008-11-06 21:43:03 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-04 22:55:14 ----D---- C:\Program Files\DivX
2008-11-02 22:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 22:58:20 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-30 13:27:15 ----D---- C:\Program Files\SuperchipsUpdate
2008-10-24 05:08:42 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-24 04:00:44 ----HD---- C:\WINDOWS\inf
2008-10-24 04:00:30 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 04:19:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Tunebite
2008-10-21 04:19:55 ----A---- C:\Log.txt
2008-10-21 02:24:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-10-20 21:01:50 ----D---- C:\WINDOWS\system32\Macromed
2008-10-20 16:35:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 05:13:17 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 04:10:35 ----D---- C:\Program Files\Internet Explorer
2008-10-15 04:03:21 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 avgldx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-07 26824]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PStrip;PStrip; C:\WINDOWS\system32\drivers\pstrip.sys [2004-11-09 21968]
R1 TeksKernel;TeksKernel; C:\WINDOWS\System32\Drivers\TeksKernel.sys [2004-07-08 9060]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-17 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-17 500480]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-17 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-17 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-17 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-17 116224]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 HidCom;USB-HID -> COM Driver Service; C:\WINDOWS\system32\DRIVERS\HidCom.sys [2004-08-10 21016]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 327168]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2006-11-22 100096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver; C:\WINDOWS\System32\Drivers\FTD2XX.sys [2005-12-15 34639]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-07 85969]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2005-07-22 13440]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-07-22 55040]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-07-22 68864]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-03-05 33504]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 uisp;Motorola USB ICP driver; C:\WINDOWS\System32\Drivers\usbicp.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 2218]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XMUNIVERSAL;xmuni.sys driver; C:\WINDOWS\System32\Drivers\xmuni.sys [2006-12-02 49408]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-20 49152]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ProductivITService;ProductivIT Service; C:\Program Files\AlienAutopsy\TEKS_Service.exe [2004-07-08 77824]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------
Attached Files
File Type: txt INFO.TXT (31.4 KB, 2 views)
File Type: txt Gmer.txt (422.6 KB, 2 views)
FireWalker42 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here