Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page my log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 08-12-2009, 05:57 PM   #1 (permalink)
Registered User
 
northress's Avatar
 
Join Date: Aug 2009
Posts: 3
OS: win ep sP 2


my log
Well hello there! i'm new on this forum..i've saw this forum in the greatest and i wish if you could help me whit some problems
First of all i'm loging my Malwarebytes' Anti-Malware and HijackThis
Tell me if i mistaken something or i've posted in the wrong place

My mbam-log looks like this:

Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 5.1.2600 Service Pack 2

13.08.2009 02:47:12
mbam-log-2009-08-13 (02-46-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 97897
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dunno why i've have that infection..my anti-virus dosn't spot eneything...maybe is from HijackThis? eneyway thats why i need help =)

HijackThis raport!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:57, on 13.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3462 bytes

i'm waiting some tips from an expert

Thank you!
northress is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-13-2009, 06:59 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: my log
Hi northress,

Quote:
Well hello there! i'm new on this forum..i've saw this forum in the greatest and i wish if you could help me whit some problems
What problems are you experiencing? Please elaborate on your current system problems.

I'm not seeing anything much going on in your logs. However, lets run a few tools which will take a closer look at your system...

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. **

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
Pleae attach the gmer.txt to your reply:
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  2. Click Upload.


--------------------------------------------------------------

Please perform the following:
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.


--------------------------------------------------------------

Please reply back with the logs from:

1. Reply to question
2. Gmer
3. RSIT
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 08-17-2009, 09:17 AM   #3 (permalink)
Registered User
 
northress's Avatar
 
Join Date: Aug 2009
Posts: 3
OS: win ep sP 2


Re: my log
Here are the Info&log(Rsit)

The reason i've posted:
In the last mounth i've become despereta to protect my system
My anti-virus/hacke tools (ad-aware/Spybot - Search & Destroy/Malwarebytes' Anti-Malware) Firewall:Zonealarm(this is the only thing i cant update,reply if is a bad thing)

Cleaning tools: ATF-Cleaner and Fcleaner

Zonealarm is telling me that "someone" (a program) try to connect on the internet..they are unknown files by me and zonealarm (i'm not giving them the allow proces) i study on internet..those programs are not one of my programs trying to update..or window's

info.txt logfile of random's system information tool 1.06 2009-08-17 17:46:27

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3237
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"F:\programs\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZoneAlarm Spy Blocker Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

FW: ZoneAlarm Firewall

======System event log======

Computer Name: NAMCO-A8D3EAD87
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 348
Source Name: Tcpip
Time Written: 20090813134611.000000+180
Event Type: warning
User:

Computer Name: NAMCO-A8D3EAD87
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 328
Source Name: Tcpip
Time Written: 20090813125644.000000+180
Event Type: warning
User:

Computer Name: NAMCO-A8D3EAD87
Event Code: 8032
Message: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E1371E4D-24E1-416F-9230-9B8928247E27}.
The backup browser is stopping.

Record Number: 306
Source Name: BROWSER
Time Written: 20090813105458.000000+180
Event Type: error
User:

Computer Name: NAMCO-A8D3EAD87
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\EVEREST on the network \Device\NetBT_Tcpip_{E1371E4D-24E1-416F-9230-9B8928247E27}.
The data is the error code.

Record Number: 305
Source Name: BROWSER
Time Written: 20090813105133.000000+180
Event Type: warning
User:

Computer Name: NAMCO-A8D3EAD87
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 262
Source Name: Cdrom
Time Written: 20090813091419.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: NAMCO-A8D3EAD87
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20090812214302.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NAMCO-A8D3EAD87
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20090812214302.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NAMCO-A8D3EAD87
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20090812214027.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NAMCO-A8D3EAD87
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090812214027.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NAMCO-A8D3EAD87
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090812214025.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF----------------- (that was info!!)

now log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Asteest at 2009-08-17 17:46:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (84%) free of 52 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:24, on 17.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Asteest\My Documents\Descărcări\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Asteest.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4632 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-14 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-27 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DriverUpdaterPro"=C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-28 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-17 17:46:15 ----D---- C:\rsit
2009-08-17 04:19:35 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-16 09:26:17 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-16 00:41:49 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-16 00:41:49 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-16 00:41:48 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-16 00:41:48 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-16 00:41:48 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-16 00:41:48 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-16 00:41:47 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-16 00:41:47 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-16 00:41:47 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-16 00:41:47 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-16 00:41:46 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-16 00:41:46 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-16 00:41:46 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-16 00:41:46 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-16 00:41:45 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-08-16 00:41:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-08-16 00:41:45 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-08-16 00:41:44 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-08-16 00:41:44 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-08-16 00:41:44 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-08-16 00:41:43 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-08-16 00:41:43 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-08-16 00:41:43 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-08-16 00:41:43 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-08-16 00:41:42 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-08-16 00:41:42 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-08-16 00:41:42 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-08-16 00:41:41 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-08-16 00:41:41 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-08-16 00:41:41 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-08-16 00:41:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-08-16 00:41:40 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-16 00:41:40 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-16 00:41:40 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-16 00:41:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-08-16 00:41:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-08-16 00:41:37 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-08-16 00:41:37 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-08-16 00:41:36 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-08-16 00:41:36 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-08-16 00:41:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-16 00:41:36 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-16 00:41:36 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-16 00:41:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-16 00:41:35 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-16 00:41:35 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-16 00:41:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-16 00:41:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-08-16 00:41:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-08-16 00:41:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-08-16 00:41:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-08-16 00:41:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-08-16 00:41:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-08-16 00:41:29 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-08-16 00:41:29 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-08-16 00:41:29 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-16 00:41:29 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-08-16 00:41:28 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-08-16 00:41:28 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-08-16 00:41:28 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-08-16 00:41:28 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-08-16 00:41:28 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-08-16 00:41:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-16 00:41:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-08-16 00:41:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-08-16 00:41:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-16 00:41:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-08-16 00:41:24 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-08-16 00:41:24 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-08-16 00:41:23 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-08-16 00:41:23 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-08-16 00:41:22 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-08-16 00:39:26 ----D---- C:\WINDOWS\Logs
2009-08-14 17:43:37 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-14 17:41:07 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-14 17:40:47 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-14 17:40:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 17:35:27 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-14 17:04:55 ----D---- C:\Documents and Settings\All Users\Application Data\FTWeak
2009-08-14 17:01:41 ----D---- C:\Documents and Settings\Asteest\Application Data\FTWeak
2009-08-14 16:26:28 ----D---- C:\Documents and Settings\Asteest\Application Data\Uniblue
2009-08-14 16:21:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-14 11:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-08-14 10:53:03 ----D---- C:\WINDOWS\Minidump
2009-08-13 22:23:49 ----D---- C:\WINDOWS\RegisteredPackages
2009-08-13 22:22:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-13 22:22:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-13 22:22:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-13 22:22:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-13 22:22:03 ----N---- C:\WINDOWS\system32\px.dll
2009-08-13 22:22:01 ----D---- C:\Documents and Settings\Asteest\Application Data\Winamp
2009-08-13 21:57:49 ----D---- C:\WINDOWS\system32\Lang
2009-08-13 21:53:51 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-08-13 21:51:27 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-08-13 21:39:48 ----D---- C:\WINDOWS\system32\RTCOM
2009-08-13 21:39:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-13 21:32:49 ----A---- C:\WINDOWS\vncutil.exe
2009-08-13 21:32:49 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-08-13 21:32:49 ----A---- C:\WINDOWS\SkyTel.exe
2009-08-13 21:32:49 ----A---- C:\WINDOWS\RtlUpd.exe
2009-08-13 21:32:48 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-08-13 21:32:47 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-08-13 21:32:47 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-08-13 21:32:46 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-08-13 21:32:45 ----A---- C:\WINDOWS\MicCal.exe
2009-08-13 21:32:43 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-08-13 21:32:38 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-08-13 20:19:19 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-08-13 20:05:03 ----D---- C:\ATI
2009-08-13 19:51:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-13 16:28:59 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-13 13:39:50 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-08-13 13:39:29 ----D---- C:\Intel
2009-08-13 13:37:14 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-08-13 13:37:13 ----D---- C:\Program Files\Realtek
2009-08-13 13:20:25 ----D---- C:\Program Files\WinRAR
2009-08-13 13:10:13 ----D---- C:\Program Files\Driver-Soft
2009-08-13 12:17:27 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-08-13 11:43:58 ----D---- C:\Documents and Settings\Asteest\Application Data\Yahoo!
2009-08-13 11:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-08-13 11:42:08 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-08-13 11:41:43 ----D---- C:\Program Files\Yahoo!
2009-08-13 10:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-08-13 09:20:44 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-13 01:30:40 ----D---- C:\Program Files\Trend Micro
2009-08-13 01:18:44 ----D---- C:\Program Files\AskBarDis
2009-08-13 01:18:21 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-08-13 01:18:20 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-08-13 01:18:20 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-08-13 01:18:17 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-08-13 01:18:17 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-08-13 01:18:16 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-08-13 01:18:16 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-08-13 01:18:16 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-08-13 01:18:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-08-13 01:17:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-08-13 01:17:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-08-13 01:17:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-08-13 01:01:46 ----D---- C:\Program Files\Zone Labs
2009-08-13 01:00:50 ----D---- C:\WINDOWS\Internet Logs
2009-08-13 00:36:30 ----D---- C:\Program Files\Panda Security
2009-08-13 00:29:28 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-13 00:28:09 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-13 00:23:08 ----D---- C:\Documents and Settings\Asteest\Application Data\Malwarebytes
2009-08-13 00:23:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-13 00:23:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-13 00:17:57 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-13 00:15:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-13 00:15:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 00:13:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-13 00:13:32 ----D---- C:\Program Files\SpywareBlaster
2009-08-13 00:13:32 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-08-13 00:12:51 ----SHD---- C:\WINDOWS\Installer
2009-08-13 00:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-13 00:12:50 ----D---- C:\Program Files\Common Files\ODBC
2009-08-13 00:12:50 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-13 00:12:47 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-13 00:12:46 ----RD---- C:\Program Files
2009-08-13 00:12:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-13 00:12:46 ----D---- C:\Program Files\Common Files
2009-08-13 00:12:43 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-13 00:12:43 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-13 00:12:43 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-13 00:12:41 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-13 00:12:41 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-13 00:12:41 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-13 00:12:41 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-13 00:12:40 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-13 00:12:38 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-13 00:12:37 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-13 00:12:36 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-13 00:12:36 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-13 00:12:36 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-13 00:12:36 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-13 00:12:35 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-08-13 00:12:33 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-13 00:12:32 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-08-13 00:12:26 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-13 00:12:26 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-13 00:12:25 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-13 00:12:25 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-13 00:12:25 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-13 00:12:22 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-08-13 00:12:22 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-13 00:12:22 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-13 00:12:21 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-08-13 00:12:20 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-13 00:12:13 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-13 00:10:31 ----RA---- C:\WINDOWS\SET8.tmp
2009-08-13 00:10:28 ----RA---- C:\WINDOWS\SET4.tmp
2009-08-13 00:10:26 ----RA---- C:\WINDOWS\SET3.tmp
2009-08-13 00:10:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 00:10:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-13 00:10:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-13 00:09:52 ----D---- C:\Documents and Settings
2009-08-13 00:09:26 ----SH---- C:\boot.ini
2009-08-13 0045 ----SHD---- C:\System Volume Information
2009-08-13 00:04:46 ----D---- C:\WINDOWS\WinSxS
2009-08-13 00:04:46 ----D---- C:\WINDOWS\system32\IME
2009-08-13 00:04:46 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-13 00:04:46 ----D---- C:\WINDOWS\PeerNet
2009-08-13 00:04:46 ----D---- C:\WINDOWS\pchealth
2009-08-13 00:04:46 ----D---- C:\WINDOWS\mui
2009-08-13 00:04:46 ----D---- C:\WINDOWS\ime
2009-08-13 00:04:46 ----D---- C:\WINDOWS\ehome
2009-08-13 00:04:45 ----RSD---- C:\WINDOWS\Fonts
2009-08-13 00:04:45 ----RD---- C:\WINDOWS\Web
2009-08-13 00:04:45 ----HD---- C:\WINDOWS\inf
2009-08-13 00:04:45 ----D---- C:\WINDOWS\twain_32
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Temp
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\wins
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\wbem
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\usmt
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\spool
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\ras
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\oobe
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\npp
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\mui
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\icsxml
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\ias
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\export
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\dhcp
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\config
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\3076
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\2052
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1054
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1042
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1041
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1037
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1033
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1031
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1028
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32\1025
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system32
2009-08-13 00:04:45 ----D---- C:\WINDOWS\system
2009-08-13 00:04:45 ----D---- C:\WINDOWS\security
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Resources
2009-08-13 00:04:45 ----D---- C:\WINDOWS\repair
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Provisioning
2009-08-13 00:04:45 ----D---- C:\WINDOWS\msapps
2009-08-13 00:04:45 ----D---- C:\WINDOWS\msagent
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Media
2009-08-13 00:04:45 ----D---- C:\WINDOWS\java
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Help
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Driver Cache
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Debug
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Cursors
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Connection Wizard
2009-08-13 00:04:45 ----D---- C:\WINDOWS\Config
2009-08-13 00:04:45 ----D---- C:\WINDOWS\AppPatch
2009-08-13 00:04:45 ----D---- C:\WINDOWS\addins
2009-08-13 00:04:45 ----D---- C:\WINDOWS
2009-08-13 00:04:42 ----D---- C:\WINDOWS\system32\appmgmt
2009-08-12 23:52:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-12 23:44:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-12 23:44:06 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-12 23:44:00 ----D---- C:\Program Files\Lavasoft
2009-08-12 23:44:00 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-12 23:28:14 ----SHD---- C:\RECYCLER
2009-08-12 23:23:12 ----D---- C:\Documents and Settings\Asteest\Application Data\Macromedia
2009-08-12 23:23:12 ----D---- C:\Documents and Settings\Asteest\Application Data\Adobe
2009-08-12 23:22:30 ----D---- C:\Documents and Settings\Asteest\Application Data\Mozilla
2009-08-12 23:21:00 ----D---- C:\Program Files\Mozilla Firefox
2009-08-12 23:16:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-12 23:16:00 ----D---- C:\Program Files\Intel
2009-08-12 23:14:48 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-08-12 23:12:23 ----D---- C:\Documents and Settings\Asteest\Application Data\ATI
2009-08-12 23:11:11 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-08-12 23:07:27 ----RSD---- C:\WINDOWS\assembly
2009-08-12 23:07:10 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-12 2327 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-08-12 2323 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-08-12 2305 ----D---- C:\Program Files\ATI Technologies
2009-08-12 2302 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-12 23:05:36 ----D---- C:\Program Files\Common Files\InstallShield
2009-08-12 21:50:06 ----D---- C:\Documents and Settings\Asteest\Application Data\Identities
2009-08-12 21:50:04 ----HD---- C:\Program Files\Uninstall Information
2009-08-12 21:49:50 ----ASH---- C:\Documents and Settings\Asteest\Application Data\desktop.ini
2009-08-12 21:49:49 ----SD---- C:\Documents and Settings\Asteest\Application Data\Microsoft
2009-08-12 21:48:11 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-12 21:48:10 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-12 21:48:10 ----D---- C:\WINDOWS\Prefetch
2009-08-12 21:48:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-12 21:43:29 ----A---- C:\WINDOWS\control.ini
2009-08-12 21:43:29 ----A---- C:\AUTOEXEC.BAT
2009-08-12 21:43:16 ----D---- C:\WINDOWS\system32\DllCache
2009-08-12 21:43:11 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-12 21:42:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-12 21:42:28 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-12 21:42:28 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-12 21:42:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-12 21:42:19 ----HD---- C:\Program Files\WindowsUpdate
2009-08-12 21:41:59 ----D---- C:\WINDOWS\system32\DirectX
2009-08-12 21:41:35 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-12 21:41:32 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-12 21:41:32 ----A---- C:\WINDOWS\desktop.ini
2009-08-12 21:41:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-12 21:41:22 ----D---- C:\Program Files\Common Files\Services
2009-08-12 21:41:22 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-12 21:41:19 ----SD---- C:\WINDOWS\Tasks
2009-08-12 21:41:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-12 21:41:17 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-12 21:41:13 ----D---- C:\WINDOWS\srchasst
2009-08-12 21:41:12 ----D---- C:\WINDOWS\system32\Macromed
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-12 21:41:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-12 21:41:07 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-12 21:41:02 ----D---- C:\Program Files\Movie Maker
2009-08-12 21:40:56 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-12 21:40:56 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-12 21:40:56 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-12 21:40:56 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-12 21:40:53 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-08-12 21:40:53 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-12 21:40:52 ----D---- C:\WINDOWS\system32\Restore
2009-08-12 21:40:52 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-12 21:40:52 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-12 21:40:52 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-12 21:40:51 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-12 21:40:51 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-12 21:40:51 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-12 21:40:50 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-12 21:40:50 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-12 21:40:50 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-12 21:40:47 ----D---- C:\Program Files\NetMeeting
2009-08-12 21:40:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-12 21:40:47 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-12 21:40:46 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-12 21:40:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-12 21:40:44 ----D---- C:\Program Files\Outlook Express
2009-08-12 21:40:44 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-12 21:40:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-12 21:40:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-12 21:40:43 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-12 21:40:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-12 21:40:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-12 21:40:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-12 21:40:36 ----D---- C:\Program Files\Common Files\System
2009-08-12 21:40:35 ----D---- C:\Program Files\Internet Explorer
2009-08-12 21:40:05 ----D---- C:\Program Files\ComPlus Applications
2009-08-12 21:40:04 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-12 21:40:04 ----A---- C:\WINDOWS\vb.ini
2009-08-12 21:40:00 ----D---- C:\WINDOWS\Registration
2009-08-12 21:39:55 ----D---- C:\Program Files\Windows Media Player
2009-08-12 21:39:55 ----D---- C:\Program Files\Online Services
2009-08-12 21:39:48 ----D---- C:\Program Files\Messenger
2009-08-12 21:39:44 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-12 21:39:44 ----A---- C:\WINDOWS\system32\write.exe
2009-08-12 21:39:32 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-12 21:39:31 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-12 21:39:31 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-12 21:39:31 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-12 21:39:31 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-12 21:39:23 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-12 21:39:22 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-12 21:39:22 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-12 21:39:22 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-12 21:39:22 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-12 21:39:21 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-12 21:39:20 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-12 21:39:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-12 21:39:19 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-12 21:39:19 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-12 21:39:18 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-12 21:39:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-12 21:38:59 ----D---- C:\Program Files\MSN
2009-08-12 21:38:58 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-12 21:38:58 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-12 21:38:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-12 21:38:57 ----D---- C:\Program Files\Windows NT
2009-08-12 21:38:57 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-12 21:38:57 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-12 21:38:56 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-12 21:38:56 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-12 21:38:55 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-12 21:38:55 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-12 21:38:55 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-12 21:38:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-12 21:38:53 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-12 21:38:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-12 21:38:52 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-12 21:38:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-12 21:38:52 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-12 21:38:51 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-12 21:38:51 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-12 21:38:51 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-12 21:38:50 ----D---- C:\WINDOWS\system32\Com
2009-08-12 21:38:50 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-12 21:38:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-12 21:38:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-12 21:38:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-12 21:38:49 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-12 21:38:49 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-12 21:38:48 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-12 21:38:48 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-12 21:38:40 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-12 21:38:40 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-12 21:38:40 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-12 21:38:39 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-13 00:12:45 ----A---- C:\WINDOWS\system.ini
2009-08-12 21:43:29 ----A---- C:\WINDOWS\win.ini
2009-08-05 12:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 07:53:14 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 07:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-07-18 19:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 19:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-11-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-28 3565568]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-11-15 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-11-15 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-11-15 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-11-15 20480]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-11-15 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-11-15 26496]
S3 wdaaxlaj;wdaaxlaj; \??\C:\DOCUME~1\Asteest\LOCALS~1\Temp\wdaaxlaj.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-28 602112]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-27 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

If you know a better protection against hacker( i'm trying to get those programs whit less resorce but as the same performence as Bitdefender)<if such thing exist)

I hope you understand the reason i've posted in the first place

Thank you for wasting your time on other people problems!
Attached Files
File Type: txt gmer.txt (20.5 KB, 1 views)
northress is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 08-17-2009, 09:32 AM   #4 (permalink)
Registered User
 
northress's Avatar
 
Join Date: Aug 2009
Posts: 3
OS: win ep sP 2


Re: my log
I also have a problem whit my computer truble starting

it seems that my PC has a rate of 60-70% to boot at the first start/reset

example:
I reset my compuerer,the screen is black and then..sundlety apeare some dates:

"bios.......i see the HDD(i think!! not sure)
and i have to chose one of the comands..i think it was f8 or f11(none of them work!)

I dont think this problem can be fix whitout reintaling the system
But atlest i want to know an explication..what shoud i do in the futere to prevent it!
northress is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 08-17-2009, 07:56 PM   #5 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: my log
Quote:
In the last mounth i've become despereta to protect my system
My anti-virus/hacke tools (ad-aware/Spybot - Search & Destroy/Malwarebytes' Anti-Malware) Firewall:Zonealarm(this is the only thing i cant update,reply if is a bad thing)
You're confusing your Anti-Virus software with "Anti-Spyware". You've got a good start with spyware protection and a firewall. However, there is no virus protection on your system.

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

You can download this free Anti-Virus program:

Avira PersonalEdition Classic

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

--------------------------------------------------------------

Quote:
Zonealarm is telling me that "someone" (a program) try to connect on the internet..they are unknown files by me and zonealarm (i'm not giving them the allow proces) i study on internet..those programs are not one of my programs trying to update..or window's
What is the program or file that zone alarm is refer to? Please provide the full path name to the file for me.

--------------------------------------------------------------

Quote:
I also have a problem whit my computer truble starting

it seems that my PC has a rate of 60-70% to boot at the first start/reset

example:
I reset my compuerer,the screen is black and then..sundlety apeare some dates:

"bios.......i see the HDD(i think!! not sure)
and i have to chose one of the comands..i think it was f8 or f11(none of them work!)

I dont think this problem can be fix whitout reintaling the system
But atlest i want to know an explication..what shoud i do in the futere to prevent it!
You may want to consider that route of re-installing the OS/Windows. Just make sure you back-up your documents before you restart.

I'm not seeing anything in your logs. This could either be a hardware or OS corruption. It's hard to tell at this point.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by forhockey; 08-17-2009 at 07:58 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:52 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85