Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Pc is Nuked: Blocked Updates and pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-03-2008, 03:11 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Pc is Nuked: Blocked Updates and pop-ups
I dont know if its virus, malware badware crapware spyware or whatever.

What i do know that something is suddenly blocking updates to:

Avg 8.0
Windows defender
Windows update.

Other problems:

Keep getting pop-ups on firefox

When i try to run system scan with Avg this pop ups:

AVG WATCHDOG SERVICE has stopped working

and

Unspecefic error has occured
would you like to send bla bla to avg bla bla.

Also i seem to have problems with Java programs, cause i cannot open my hotmail emails, and i cannot for some reason run online scanners.
Tells me (!) Error or (!) Failed down in the left corner.

Also i have weird hidden folder in C: D: and E: hidden with the dame Resycled containing boot.com

Thank you so so so much

Gmer.txt
Attach.txt

DDS LOG


DDS (Version 1.0) - NTFSx86
Run by Stefano at 23:02:11,62 on 03-12-2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1033.18.3070.1800 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Stefano\AppData\Local\Temp\winloggn.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\resycled\boot.com
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conime.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stefano\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {a1960e60-6cf1-4263-913d-1f5b51d79362} - c:\windows\system32\delehele.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [xsjfn83jkemfofght] c:\users\stefano\appdata\local\temp\winloggn.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [xsjfn83jkemfofght] c:\users\stefano\appdata\local\temp\winloggn.exe
mRun: [MSServer] rundll32.exe c:\windows\system32\yayxvSjK.dll,#1
mRun: [puyebalete] Rundll32.exe "c:\windows\system32\venaroyu.dll",s
mRun: [CPMc30db0d6] Rundll32.exe "c:\windows\system32\kofemube.dll",a
StartupFolder: c:\users\stefano\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
uPolicies-system: DisableTaskMgr = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
TCP: {30EDAEF3-DD40-4E4A-AFDB-F852C5931945} = 85.255.112.134;85.255.112.165
TCP: {BFB5A80A-F2E4-41A9-B5DD-E6FEF0657D24} = 85.255.112.134;85.255.112.165
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\tipifipo.dll c:\windows\system32\kofemube.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kofemube.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kofemube.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\yayxvSjK.dll
LSA: Notification Packages = scecli c:\windows\system32\tipifipo.dll

============= SERVICES / DRIVERS ===============

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\drivers\AtiPcie.sys [2008-4-28 14352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-2 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-2 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-30 231704]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;"c:\program files\fujitsu siemens computers\systemdiagnostics\onlinediagnostic\testmanager\TestHandler.exe" [2008-4-25 303104]
R2 WinFl32;WinFl32;\??\c:\windows\system32\WinFl32.sys [2008-10-14 20192]
R2 WinVd32;WinVd32;\??\c:\windows\system32\WinVd32.sys [2008-11-3 180064]
R3 atikmdag;atikmdag;c:\windows\system32\drivers\atikmdag.sys [2008-8-21 3928576]
R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2008-10-20 49664]
S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdxmt.exe -srv []
S4 ahcix86s;ahcix86s;c:\windows\system32\drivers\ahcix86s.sys [2008-7-25 170000]

=============== Created Last 30 ================

2008-12-03 22:50 250 a------- c:\windows\gmer.ini
2008-12-03 17:32 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-03 17:11 <DIR> --d----- c:\program files\Panda Security
2008-12-02 23:33 1,329,641 ---sh--- c:\windows\system32\izurased.ini
2008-12-01 17:55 <DIR> --d----- c:\users\stefano\.housecall6.6
2008-12-01 17:22 342,065 a--sh--- c:\windows\system32\ggMmlnnn.ini2
2008-12-01 17:22 342,065 a--sh--- c:\windows\system32\ggMmlnnn.ini
2008-12-01 17:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-01 17:17 <DIR> --d----- c:\users\stefano\appdata\roaming\gadcom
2008-12-01 17:17 10,000 a------- c:\windows\system32\jse783hfgfffe.dll
2008-12-01 17:17 65,536 a------- c:\windows\system32\awtuRkjK.dll
2008-12-01 17:16 <DIR> --d----- c:\windows\HDTVXviD Codec
2008-12-01 17:15 <DIR> --d----- c:\windows\Easy Decrypter
2008-11-22 20:47 <DIR> --dsh--- C:\Diskeeper
2008-11-22 15:04 <DIR> --d----- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 <DIR> --d----- c:\progra~2\Diskeeper Corporation
2008-11-22 15:04 <DIR> --d----- c:\program files\Diskeeper Corporation
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-11-17 16:58 <DIR> --d----- c:\users\stefano\appdata\roaming\PeerNetworking
2008-11-14 21:25 <DIR> --d----- c:\programdata\Real
2008-11-14 21:25 <DIR> --d----- c:\program files\Real Alternative
2008-11-13 15:57 <DIR> --d----- c:\windows\system32\xlive
2008-11-10 17:39 <DIR> --d----- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 <DIR> --d----- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 0 a------- c:\windows\system32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 <DIR> --d----- c:\users\stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 <DIR> --d----- c:\users\stefano\appdata\roaming\Red Alert 3
2008-11-05 19:26 <DIR> --dshr-- C:\resycled
2008-11-05 19:26 103 ---shr-- C:\autorun.inf
2008-11-05 18:58 0 a------- C:\Cd
2008-11-05 18:58 0 a------- C:\attrib
2008-11-05 17:24 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-11-05 17:13 <DIR> -cd-h--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:13 <DIR> -cd-h--- c:\progra~2\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-03 23:54 180,064 a------- c:\windows\system32\WinVd32.sys
2008-11-03 23:50 <DIR> --d----- c:\program files\PROnetworks

==================== Find3M ====================

2008-12-03 16:15 85,558 a--sh--- c:\windows\system32\yuhodose.dll
2008-12-03 16:15 94,262 a--sh--- c:\windows\system32\kofemube.dll
2008-12-02 23:33 93,750 a--sh--- c:\windows\system32\gebegimi.dll
2008-12-02 23:33 86,582 a--sh--- c:\windows\system32\desaruzi.dll
2008-12-01 17:58 <DIR> --d----- c:\progra~2\avg8
2008-12-01 17:40 <DIR> --d----- c:\users\stefano\appdata\roaming\uTorrent
2008-11-14 14:40 <DIR> --d----- c:\users\stefano\appdata\roaming\FrostWire
2008-11-05 23:50 <DIR> --dsh--- c:\users\stefano\appdata\roaming\.#
2008-11-05 17:17 <DIR> --d----- c:\progra~2\DriverScanner
2008-11-05 17:14 <DIR> --d----- c:\users\stefano\appdata\roaming\Uniblue
2008-11-05 17:14 <DIR> --d----- c:\program files\Uniblue
2008-11-03 23:58 3,012 a--sh--- c:\windows\system32\sys_drv.dat
2008-11-03 23:54 <DIR> --d----- c:\program files\Folder Lock 6
2008-11-03 15:27 <DIR> --d----- c:\program files\OO Software
2008-11-03 12:36 <DIR> --d----- c:\program files\common files\PX Storage Engine
2008-11-02 18:46 <DIR> --d----- c:\program files\common files\BitDefender
2008-11-02 18:46 <DIR> --d----- c:\program files\BitDefender
2008-11-02 17:54 <DIR> --d----- c:\program files\Zone Labs
2008-11-02 12:18 <DIR> --d----- c:\program files\common files\MSSoap
2008-11-02 12:08 <DIR> --d----- c:\program files\AVG
2008-11-02 01:19 <DIR> --d----- c:\program files\common files\Softwin
2008-11-02 01:19 <DIR> --d----- c:\program files\Softwin
2008-11-02 01:13 <DIR> --d----- c:\progra~2\avg8(32)
2008-11-01 23:30 <DIR> --d----- c:\program files\Port Forwarding Wizard
2008-11-01 22:57 <DIR> --d----- c:\progra~2\CheckPoint
2008-11-01 18:17 <DIR> --d----- c:\users\stefano\appdata\roaming\RecoveryFix for Windows
2008-10-23 14:23 <DIR> --d----- c:\program files\ATI
2008-10-22 16:14 <DIR> --d----- c:\users\stefano\appdata\roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-10-21 20:14 <DIR> --d----- c:\program files\SubtitlesSynch
2008-10-21 19:57 249,856 -------- c:\windows\Setup1.exe
2008-10-21 19:57 73,216 a------- c:\windows\ST6UNST.EXE
2008-10-21 17:48 <DIR> --d----- c:\users\stefano\appdata\roaming\gnupg
2008-10-21 07:57 <DIR> --d----- c:\progra~2\Uniblue
2008-10-20 23:33 319,456 a------- c:\windows\DIFxAPI.dll
2008-10-20 23:33 <DIR> --d----- c:\program files\Realtek
2008-10-20 23:20 319,488 a------- c:\windows\HideWin.exe
2008-10-18 20:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-10-18 16:37 <DIR> --d----- c:\program files\DAEMON Tools Pro
2008-10-18 16:35 <DIR> --d----- c:\users\stefano\appdata\roaming\DAEMON Tools Pro
2008-10-18 16:35 <DIR> --d----- c:\progra~2\DAEMON Tools Pro
2008-10-18 13:58 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-17 22:20 20,192 a------- c:\windows\system32\WinFl32.sys
2008-10-17 13:14 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-13 19:06 <DIR> --d----- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 <DIR> --d----- c:\users\stefano\appdata\roaming\Xilisoft Corporation
2008-10-12 03:11 <DIR> --d----- c:\program files\common files\Steam
2008-10-11 20:16 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 <DIR> --d----- c:\program files\FrostWire
2008-10-09 23:01 <DIR> --d----- c:\program files\VideoLAN
2008-10-06 03:18 17,984 a------- c:\windows\system32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 a------- c:\windows\system32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 a------- c:\windows\pif\Launcher.PIF
2008-10-02 14:52 <DIR> --d----- c:\progra~2\Media Center Programs
2008-10-02 03:49 827,392 a------- c:\windows\system32\wininet.dll
2008-10-01 22:57 <DIR> --d----- c:\users\stefano\appdata\roaming\Mount&Blade
2008-10-01 19:56 <DIR> --d----- c:\users\stefano\appdata\roaming\Ubisoft
2008-09-30 21:38 <DIR> --d----- c:\progra~2\Sony Ericsson
2008-09-30 21:30 <DIR> --d----- c:\progra~2\DFX
2008-09-30 21:08 <DIR> --d----- c:\progra~2\Nero
2008-09-30 19:38 <DIR> --d----- c:\progra~2\Messenger Plus!
2008-09-30 17:04 <DIR> --d----- c:\users\stefano\appdata\roaming\Atari
2008-09-30 14:32 52,736 a------- c:\windows\ipuninst.exe
2008-09-30 14:21 <DIR> --d----- c:\users\stefano\appdata\roaming\SPORE
2008-09-30 12:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-09-18 05:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 04:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-18 04:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-18 02:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-09 17:32 1,833,504 a------- c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 a------- c:\windows\RtlUpd.exe
2008-09-09 17:32 806,432 a------- c:\windows\system32\RtkPgExt.dll
2008-09-09 17:32 42,016 a------- c:\windows\system32\RtkCoInst.dll
2008-09-09 17:32 285,216 a------- c:\windows\system32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 a------- c:\windows\system32\RtkAPO.dll
2008-09-09 17:32 6,281,760 a------- c:\windows\RtHDVCpl.exe
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\delehele.dll
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\tipifipo.dll
2008-09-02 23:01 61,952 a--sh--- c:\windows\system32\venaroyu.dll

============= FINISH: 23:03:03,84 ===============
Attached Files
File Type: txt DDS.txt (14.1 KB, 0 views)
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-05-2008, 04:54 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
Bump the roof
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2008, 06:22 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,613
OS: WinXP and Vista


Re: Pc is Nuked: Blocked Updates and pop-ups
Hello bimm3rcc,

You most certainly are infected. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2008, 05:14 AM   #4 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
ComboFix 08-12-05.06 - Stefano 2008-12-06 13:00:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2053 [GMT 0:00]
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\resycled
c:\resycled\boot.com
c:\users\Stefano\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\Stefano\AppData\Roaming\.#
c:\users\Stefano\AppData\Roaming\.#\MBX@11B8@2341F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@11B8@2341F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@1564@C11F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@1564@C11F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@17D4@2091F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@17D4@2091F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@3F0@1E1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@3F0@1E1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@860@D71F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@860@D71F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@888@1DB1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@888@1DB1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@97C@1B1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@97C@1B1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@CAC@381F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@CAC@381F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@E64@2451F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@E64@2451F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@F90@22E1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@F90@22E1F28.###
c:\users\Stefano\AppData\Roaming\gadcom
c:\windows\system32\afavikot.ini
c:\windows\system32\alovewum.ini
c:\windows\system32\awtuRkjK.dll
c:\windows\system32\delehele.dll
c:\windows\system32\desaruzi.dll
c:\windows\system32\drivers\TDSSmccb.sys
c:\windows\system32\fesumuye.dll
c:\windows\system32\gebegimi.dll
c:\windows\system32\ggMmlnnn.ini
c:\windows\System32\ggMmlnnn.ini2
c:\windows\system32\izurased.ini
c:\windows\system32\jse783hfgfffe.dll
c:\windows\system32\kofemube.dll
c:\windows\system32\latavija.dll
c:\windows\system32\muwevola.dll
c:\windows\system32\nudeleze.dll
c:\windows\system32\pojovosa.dll
c:\windows\system32\ravemuse.dll
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSfopt.dll
c:\windows\system32\TDSSntlv.dll
c:\windows\system32\TDSSnyfn.log
c:\windows\system32\TDSSqycx.dll
c:\windows\system32\TDSSrfpp.dll
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSwqsc.dat
c:\windows\system32\tipifipo.dll
c:\windows\system32\tokivafa.dll
c:\windows\system32\venaroyu.dll
c:\windows\system32\yuhodose.dll
c:\windows\system32\yujitana.dll
c:\windows\Tasks\zimvieno.job
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
L:\Autorun.inf
L:\resycled
l:\resycled\boot.com

----- BITS: Mulige inficerede internetsteder -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_Windows Tribute Service


((((((((((((((((((((((((((((( Filer skabt fra 2008-11-06 til 2008-12-06 )))))))))))))))))))))))))))))))))))
.

2008-12-03 22:50 . 2008-12-03 22:50 250 --a------ c:\windows\gmer.ini
2008-12-03 17:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\program files\Panda Security
2008-12-01 17:55 . 2008-12-01 23:06 <DIR> d-------- c:\users\Stefano\.housecall6.6
2008-12-01 17:17 . 2008-12-03 18:39 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-27 15:48 . 2008-11-27 15:48 <DIR> d-------- c:\users\Stefano\AppData\Roaming\vlc
2008-11-26 18:49 . 2008-11-26 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 0 --a------ c:\windows\nsreg.dat
2008-11-25 00:56 . 2008-11-25 00:56 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Media Player Classic
2008-11-22 20:47 . 2008-11-22 20:47 <DIR> d--hs---- C:\Diskeeper
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\users\All Users\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\program files\Diskeeper Corporation
2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\System32\GPhotos.scr
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\users\Stefano\AppData\Roaming\PeerNetworking
2008-11-14 21:25 . 2008-11-14 21:25 <DIR> d-------- c:\users\All Users\Real
2008-11-14 21:25 . 2008-11-14 21:26 <DIR> d-------- c:\program files\Real Alternative
2008-11-13 15:57 . 2008-11-13 15:57 <DIR> d-------- c:\windows\System32\xlive
2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 . 2008-11-09 23:15 0 --a------ c:\windows\System32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 . 2008-11-09 02:41 <DIR> d-------- c:\users\Stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 . 2008-11-07 20:10 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Red Alert 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 12:35 --------- d-----w c:\users\Stefano\AppData\Roaming\OpenOffice.org2
2008-12-01 17:58 --------- d-----w c:\programdata\avg8
2008-12-01 17:40 --------- d-----w c:\users\Stefano\AppData\Roaming\uTorrent
2008-11-14 14:40 --------- d-----w c:\users\Stefano\AppData\Roaming\FrostWire
2008-11-08 22:18 --------- d---a-w c:\programdata\TEMP
2008-11-05 17:25 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-11-05 17:17 --------- d-----w c:\programdata\DriverScanner
2008-11-05 17:14 --------- dc-h--w c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Uniblue
2008-11-05 17:14 --------- d-----w c:\program files\Uniblue
2008-11-05 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 23:54 180,064 ----a-w c:\windows\System32\WinVd32.sys
2008-11-03 23:54 --------- d-----w c:\program files\Folder Lock 6
2008-11-03 23:50 --------- d-----w c:\program files\PROnetworks
2008-11-03 15:27 --------- d-----w c:\program files\OO Software
2008-11-03 12:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 12:36 --------- d-----w c:\program files\Google
2008-11-03 12:36 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 18:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-02 18:46 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-02 18:46 --------- d-----w c:\program files\BitDefender
2008-11-02 17:54 --------- d-----w c:\program files\Zone Labs
2008-11-02 12:37 --------- d-----w c:\users\Stefano\AppData\Roaming\Winamp
2008-11-02 12:08 --------- d-----w c:\program files\AVG
2008-11-02 01:19 --------- d-----w c:\program files\Softwin
2008-11-02 01:19 --------- d-----w c:\program files\Common Files\Softwin
2008-11-02 01:13 --------- d-----w c:\programdata\avg8(32)
2008-11-02 00:37 352,605 ---ha-w c:\windows\system32\drivers\vsconfig(100).xml
2008-11-01 23:30 --------- d-----w c:\program files\Port Forwarding Wizard
2008-11-01 22:57 --------- d-----w c:\programdata\CheckPoint
2008-11-01 18:17 --------- d-----w c:\users\Stefano\AppData\Roaming\RecoveryFix for Windows
2008-11-01 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 02:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 14:23 --------- d-----w c:\program files\ATI
2008-10-22 16:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 --------- d-----w c:\users\Stefano\AppData\Roaming\SystemRequirementsLab
2008-10-22 00:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 20:14 --------- d-----w c:\program files\SubtitlesSynch
2008-10-21 19:57 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-21 19:57 249,856 ------w c:\windows\Setup1.exe
2008-10-21 18:42 --------- d-----w c:\users\Stefano\AppData\Roaming\Leadertech
2008-10-21 17:48 --------- d-----w c:\users\Stefano\AppData\Roaming\gnupg
2008-10-21 07:57 --------- d-----w c:\programdata\Uniblue
2008-10-20 23:33 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-20 23:33 --------- d-----w c:\program files\Realtek
2008-10-20 23:20 319,488 ----a-w c:\windows\HideWin.exe
2008-10-19 20:45 --------- d-----w c:\users\Stefano\AppData\Roaming\Bioshock
2008-10-18 20:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-18 16:53 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-18 16:53 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-10-18 16:37 --------- d-----w c:\program files\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\users\Stefano\AppData\Roaming\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-10-18 16:30 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 13:58 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-17 22:20 20,192 ----a-w c:\windows\System32\WinFl32.sys
2008-10-17 13:14 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-16 12:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 19:06 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 --------- d-----w c:\users\Stefano\AppData\Roaming\Xilisoft Corporation
2008-10-12 03:11 --------- d-----w c:\program files\Common Files\Steam
2008-10-11 20:16 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 --------- d-----w c:\program files\FrostWire
2008-10-09 23:01 --------- d-----w c:\program files\VideoLAN
2008-10-06 09:51 --------- d-----w c:\users\Guest\AppData\Roaming\Nero
2008-10-06 09:51 --------- d-----w c:\users\Guest\AppData\Roaming\ATI
2008-10-06 03:18 17,984 ----a-w c:\windows\System32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 ----a-w c:\windows\System32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 ----a-w c:\windows\PIF\Launcher.PIF
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 14:32 52,736 ----a-w c:\windows\ipuninst.exe
2008-09-30 12:23 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-09 17:32 806,432 ----a-w c:\windows\System32\RtkPgExt.dll
2008-09-09 17:32 6,281,760 ----a-w c:\windows\RtHDVCpl.exe
2008-09-09 17:32 42,016 ----a-w c:\windows\System32\RtkCoInst.dll
2008-09-09 17:32 285,216 ----a-w c:\windows\System32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 ----a-w c:\windows\System32\RtkAPO.dll
2008-09-09 17:32 1,833,504 ----a-w c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 ----a-w c:\windows\RtlUpd.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 c:\windows\RtHDVCpl.exe]

c:\users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Stefano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431478250-751702932-1817854511-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F4DD4B2-BFDC-4370-A787-8671CB4DA670}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F52FC84-17C4-46F0-8917-26E80F896A7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6535A1CF-E801-49A8-B83D-484FD682C00A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{749DB05F-8D00-4313-AA18-2C90F30616D6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C1ABFD22-7957-4A0A-BE35-A00B02EE5B5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C16A4BD-8AD9-4E97-86EF-57DB64E395D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4FB78B1D-60A7-42A4-81E1-B83E654564A2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{3303F0EE-F45C-497B-B7AB-524CB5D1934A}d:\\program files\\tantrum\\die by the sword\\windie.exe"= UDP:d:\program files\tantrum\die by the sword\windie.exe:windie
"UDP Query User{AC92907C-DD43-42B3-885F-16E3AB2CEA23}d:\\program files\\tantrum\\die by the sword\\windie.exe"= TCP:d:\program files\tantrum\die by the sword\windie.exe:windie
"TCP Query User{4A04B999-CFED-408F-8AC5-D19C6F119587}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{DB828D1E-1640-4D0B-8DE6-5147E9FE11D1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{AE0251AF-BE56-47D8-A34A-34716687DF33}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{D2DBB9E5-C5AC-46E6-938C-92C5FEAAB640}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{B55B4CA9-1788-4751-9BA3-1254C06ADDD3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{966BA7DE-2FD9-4A40-8C8F-5426A5F60F8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{326DC1B0-1BEB-4745-80FE-088557E0D7AE}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{86CEFFED-116F-4847-8A5B-27344B24B9DB}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"{9BB52674-5DC8-462B-AA96-546782AF9F0B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{107F4726-5B22-4BAD-AEBD-C5104A7C4C32}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2C05E19C-87E9-475C-B602-D5A7DED80AA2}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DF47EA27-B051-49E6-9B39-1802E59613F9}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8ADE7EF3-CF7B-41D7-884E-3EF159A133A2}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3F0B2B83-E68B-42A2-AB57-993F4C53A73C}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{BFFA7D66-F153-434A-A10F-149F3D4DBCE5}"= UDP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{C4B46306-7FF7-4578-9830-FC7044993C48}"= TCP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{26AEEF17-9456-4CC0-A3B9-0D99003A73F2}"= UDP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"{4D7767DA-C514-467E-A599-2FC0F1F8C02C}"= TCP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{01198DB2-ADD1-4A11-A5D9-B98B47B8AEA6}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= UDP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"UDP Query User{BAA0A3FC-86D3-4D99-B5D7-BBA459EF1C8D}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= TCP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"{CE59ADF9-7CC1-4384-9CCF-38CA6C962720}"= UDP:59151:µTorrent
"TCP Query User{50A8D18A-535A-44DB-AEB9-3DE2563D879E}d:\\doom 3\\doom3ded.exe"= UDP:d:\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{48ED1F5A-1AEA-4C19-8A23-BFD0332EBD08}d:\\doom 3\\doom3ded.exe"= TCP:d:\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{148E0837-E39B-4C4D-BD84-6BFDB8A545D7}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F807E392-7812-449E-A916-CE649668932F}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EF299F30-775E-4561-8525-DC00DC8676EE}d:\\crysis\\bin32\\crysis.exe"= UDP:d:\crysis\bin32\crysis.exe:Crysis
"UDP Query User{2E2B0B03-597F-460D-8066-70F9FD4ED24F}d:\\crysis\\bin32\\crysis.exe"= TCP:d:\crysis\bin32\crysis.exe:Crysis
"{81160EF1-46BD-4B77-B509-0DC4BA069B88}"= d:\command & conquer 3 kane's wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{001E32C5-642F-4A55-90C9-25FFC02448B2}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{81CCEBBB-9EEC-430E-96C9-2C9699037993}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{E259A6F1-3B46-4E5F-8C2D-3464249672BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9A93C4E-195C-499E-AB12-8CAF5F9CAC70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65A3D0D0-00AE-4429-95A8-4B6C2CF43265}"= UDP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E33896AF-F262-4E88-8F28-C957B5DAF0F7}"= TCP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{811F6413-AC91-46D1-8E58-C6E12299471D}"= UDP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3692CF83-C45B-457D-8420-B2E04466F96A}"= TCP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{DD2CDB1B-C5D5-4783-A3DF-6A5D6977D670}"= UDP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{AEC062B1-218B-43F9-8040-E0F228AF04BE}"= TCP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{14D55197-F185-4C4E-808E-B122A1CC1836}"= UDP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{C3580697-E113-4743-BC80-AEFBCC0D849A}"= TCP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{BA9A5538-44D9-4BCA-A54C-DA91FDB40248}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{319D69B3-7B97-463C-9032-CC88C210F65C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{18487EC5-68DC-4B44-8794-82C8E6EE8A0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6D11C98-DB48-42E8-9B61-1E2DABA41268}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{248F962A-103A-49C7-82F4-EB518A4C4ECE}"= UDP:c:\windows\explorer.exe:Explorer
"{A064312E-C168-431F-A33A-6F3772886C59}"= TCP:c:\windows\explorer.exe:Explorer
"{00780389-C35D-4A1F-95A5-D0F519BA91A8}"= UDP:c:\windows\System32\wininit.exe:wininit
"{32747379-E640-40F2-9097-E93FFC5DEBAB}"= TCP:c:\windows\System32\wininit.exe:wininit
"{D4A48BF4-E0F6-4F88-A25B-317E34EE9216}"= UDP:c:\windows\System32\wininit.exe:wininit
"{796E042D-CE67-4128-BC8C-9A6333A78D03}"= TCP:c:\windows\System32\wininit.exe:wininit
"{E6CC4360-7746-4E6D-B2F0-1E4FD7F21790}"= UDP:c:\windows\explorer.exe:Explorer
"{A128BB59-D7D2-46A1-AF2E-0C80752FCA17}"= TCP:c:\windows\explorer.exe:Explorer
"{84292B2C-5759-4B9D-8285-71AB045D023E}"= UDP:c:\windows\System32\services.exe:services
"{AF94E9C8-0B97-4FB8-AC43-4FA73405E83A}"= TCP:c:\windows\System32\services.exe:services
"{DDD21DA7-A6ED-4424-AED3-CEA06115B7F5}"= UDP:c:\combofix\FINDSTR.cfexe:FINDSTR
"{2DA8BAC9-A2E9-404F-A915-21C96A769626}"= TCP:c:\combofix\FINDSTR.cfexe:FINDSTR
"{6167A21B-7A81-4F8D-9082-48C498806063}"= UDP:c:\combofix\pv.cfexe:pv
"{0CA26688-8944-4542-BB43-8EC2B15CDBA7}"= TCP:c:\combofix\pv.cfexe:pv
"{68D3B9CF-6F3A-4F6D-830F-7547006BDB62}"= UDP:c:\windows\System32\dllhost.exe:DllHost
"{B7639F37-E9D9-4E8A-9A8A-FA1B2DC01889}"= TCP:c:\windows\System32\dllhost.exe:DllHost

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d17e5bd-8eec-11dd-804f-0021850364d1}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l:
\shell\Open\command - l:\resycled\boot.com l:
.
Indhold af mappen 'Planlagte Opgaver'

2008-10-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-06 03:19]
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{a1960e60-6cf1-4263-913d-1f5b51d79362} - c:\windows\system32\delehele.dll
HKLM-Run-MSServer - c:\windows\system32\yayxvSjK.dll
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE


.
------- Yderligere scanning -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\5rndqojl.default\
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:05:52
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\System32\VSSVC.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Gennemført tid: 2008-12-06 13:10:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-12-06 13:09:51

Pre-Kørsel: 133,153,832,960 bytes free
Post-Kørsel: 132,740,395,008 bytes free

378 --- E O F --- 2008-12-02 14:25:55
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2008, 05:15 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
The pc seems to work fine now.. thanks

although i still get one startup error about some dll missing

whats the next step boss?

may i turn on my anti virus programs
Last edited by bimm3rcc; 12-06-2008 at 05:16 AM.
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2008, 06:23 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,613
OS: WinXP and Vista


Re: Pc is Nuked: Blocked Updates and pop-ups
Yes, we only want your Anti Virus program disabled while running the tool.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{248F962A-103A-49C7-82F4-EB518A4C4ECE}"=-
"{A064312E-C168-431F-A33A-6F3772886C59}"=-
"{00780389-C35D-4A1F-95A5-D0F519BA91A8}"=-
"{32747379-E640-40F2-9097-E93FFC5DEBAB}"=-
"{D4A48BF4-E0F6-4F88-A25B-317E34EE9216}"=- 
"{796E042D-CE67-4128-BC8C-9A6333A78D03}"=- 
"{E6CC4360-7746-4E6D-B2F0-1E4FD7F21790}"=-
"{A128BB59-D7D2-46A1-AF2E-0C80752FCA17}"=- 
"{84292B2C-5759-4B9D-8285-71AB045D023E}"=- 
"{AF94E9C8-0B97-4FB8-AC43-4FA73405E83A}"=- 
"{DDD21DA7-A6ED-4424-AED3-CEA06115B7F5}"=- 
"{2DA8BAC9-A2E9-404F-A915-21C96A769626}"=- 
"{6167A21B-7A81-4F8D-9082-48C498806063}"=-
"{0CA26688-8944-4542-BB43-8EC2B15CDBA7}"=-
"{68D3B9CF-6F3A-4F6D-830F-7547006BDB62}"=- 
"{B7639F37-E9D9-4E8A-9A8A-FA1B2DC01889}"=-
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply along with the C:\ComboFix.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 04:19 AM   #7 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
MY pc had been scanning for 9 hours... then i lost internet connections.
So i did not scan all pc but almost all of it i hope. 78% it says.
Looks like all the files are from the CombFix Quarentine

Untitled.jpg

ComboFix 08-12-06.04 - Stefano 2008-12-07 2:33:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1440 [GMT 0:00]
Kører fra: c:\users\Stefano\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Stefano\Desktop\CFScript.txt
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((( Filer skabt fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))))
.

2008-12-07 01:57 . 2008-12-07 02:19 <DIR> d-------- c:\program files\PeerGuardian2
2008-12-06 13:10 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-06 13:10 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-06 13:10 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-06 13:10 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-06 13:09 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-06 13:09 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-06 13:09 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-06 13:09 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-06 13:09 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-03 22:50 . 2008-12-03 22:50 250 --a------ c:\windows\gmer.ini
2008-12-03 17:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\program files\Panda Security
2008-12-01 17:55 . 2008-12-01 23:06 <DIR> d-------- c:\users\Stefano\.housecall6.6
2008-12-01 17:17 . 2008-12-06 14:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-27 15:48 . 2008-11-27 15:48 <DIR> d-------- c:\users\Stefano\AppData\Roaming\vlc
2008-11-26 18:49 . 2008-11-26 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 0 --a------ c:\windows\nsreg.dat
2008-11-25 00:56 . 2008-11-25 00:56 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Media Player Classic
2008-11-22 20:47 . 2008-11-22 20:47 <DIR> d--hs---- C:\Diskeeper
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\users\All Users\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\program files\Diskeeper Corporation
2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\System32\GPhotos.scr
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\users\Stefano\AppData\Roaming\PeerNetworking
2008-11-14 21:25 . 2008-11-14 21:25 <DIR> d-------- c:\users\All Users\Real
2008-11-14 21:25 . 2008-11-14 21:26 <DIR> d-------- c:\program files\Real Alternative
2008-11-13 15:57 . 2008-11-13 15:57 <DIR> d-------- c:\windows\System32\xlive
2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 . 2008-11-09 23:15 0 --a------ c:\windows\System32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 . 2008-11-09 02:41 <DIR> d-------- c:\users\Stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 . 2008-11-07 20:10 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Red Alert 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 02:28 --------- d-----w c:\users\Stefano\AppData\Roaming\uTorrent
2008-12-06 23:41 --------- d-----w c:\users\Stefano\AppData\Roaming\OpenOffice.org2
2008-12-01 17:58 --------- d-----w c:\programdata\avg8
2008-11-14 14:40 --------- d-----w c:\users\Stefano\AppData\Roaming\FrostWire
2008-11-08 22:18 --------- d---a-w c:\programdata\TEMP
2008-11-05 17:25 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-11-05 17:17 --------- d-----w c:\programdata\DriverScanner
2008-11-05 17:14 --------- dc-h--w c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Uniblue
2008-11-05 17:14 --------- d-----w c:\program files\Uniblue
2008-11-05 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 23:54 180,064 ----a-w c:\windows\System32\WinVd32.sys
2008-11-03 23:54 --------- d-----w c:\program files\Folder Lock 6
2008-11-03 23:50 --------- d-----w c:\program files\PROnetworks
2008-11-03 15:27 --------- d-----w c:\program files\OO Software
2008-11-03 12:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 12:36 --------- d-----w c:\program files\Google
2008-11-03 12:36 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 18:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-02 18:46 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-02 18:46 --------- d-----w c:\program files\BitDefender
2008-11-02 17:54 --------- d-----w c:\program files\Zone Labs
2008-11-02 12:37 --------- d-----w c:\users\Stefano\AppData\Roaming\Winamp
2008-11-02 12:08 --------- d-----w c:\program files\AVG
2008-11-02 01:19 --------- d-----w c:\program files\Softwin
2008-11-02 01:19 --------- d-----w c:\program files\Common Files\Softwin
2008-11-02 01:13 --------- d-----w c:\programdata\avg8(32)
2008-11-02 00:37 352,605 ---ha-w c:\windows\system32\drivers\vsconfig(100).xml
2008-11-01 23:30 --------- d-----w c:\program files\Port Forwarding Wizard
2008-11-01 22:57 --------- d-----w c:\programdata\CheckPoint
2008-11-01 18:17 --------- d-----w c:\users\Stefano\AppData\Roaming\RecoveryFix for Windows
2008-11-01 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 02:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 14:23 --------- d-----w c:\program files\ATI
2008-10-22 16:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 --------- d-----w c:\users\Stefano\AppData\Roaming\SystemRequirementsLab
2008-10-22 00:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 20:14 --------- d-----w c:\program files\SubtitlesSynch
2008-10-21 19:57 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-21 19:57 249,856 ------w c:\windows\Setup1.exe
2008-10-21 18:42 --------- d-----w c:\users\Stefano\AppData\Roaming\Leadertech
2008-10-21 17:48 --------- d-----w c:\users\Stefano\AppData\Roaming\gnupg
2008-10-21 07:57 --------- d-----w c:\programdata\Uniblue
2008-10-20 23:33 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-20 23:33 --------- d-----w c:\program files\Realtek
2008-10-20 23:20 319,488 ----a-w c:\windows\HideWin.exe
2008-10-19 20:45 --------- d-----w c:\users\Stefano\AppData\Roaming\Bioshock
2008-10-18 20:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-18 16:53 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-18 16:53 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-10-18 16:37 --------- d-----w c:\program files\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\users\Stefano\AppData\Roaming\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-10-18 16:30 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 13:58 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-17 22:20 20,192 ----a-w c:\windows\System32\WinFl32.sys
2008-10-17 13:14 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-16 12:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 19:06 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 --------- d-----w c:\users\Stefano\AppData\Roaming\Xilisoft Corporation
2008-10-12 03:11 --------- d-----w c:\program files\Common Files\Steam
2008-10-11 20:16 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 --------- d-----w c:\program files\FrostWire
2008-10-09 23:01 --------- d-----w c:\program files\VideoLAN
2008-10-06 03:18 17,984 ----a-w c:\windows\System32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 ----a-w c:\windows\System32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 ----a-w c:\windows\PIF\Launcher.PIF
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 14:32 52,736 ----a-w c:\windows\ipuninst.exe
2008-09-30 12:23 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-09 17:32 806,432 ----a-w c:\windows\System32\RtkPgExt.dll
2008-09-09 17:32 6,281,760 ----a-w c:\windows\RtHDVCpl.exe
2008-09-09 17:32 42,016 ----a-w c:\windows\System32\RtkCoInst.dll
2008-09-09 17:32 285,216 ----a-w c:\windows\System32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 ----a-w c:\windows\System32\RtkAPO.dll
2008-09-09 17:32 1,833,504 ----a-w c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 ----a-w c:\windows\RtlUpd.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_13.08.05.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 02:33:10 6,295,552 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-12-07 02:24:07 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 10:55:29 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-07 02:24:41 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-06 23:39:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-06 23:39:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-06 23:39:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-06 23:39:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-12-07 02:26:07 3,864 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{2AB0942B-E958-4E7B-9537-894472B547A0}.bin
- 2008-07-18 21:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-06 12:56:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-07 02:33:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-03 16:10:26 17,318,336 ----a-w c:\windows\System32\MRT.exe
- 2008-12-06 12:45:43 105,078 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-06 23:45:17 105,078 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-06 12:45:43 595,748 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-06 23:45:17 595,748 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-03 15:40:47 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-06 23:49:45 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-06 13:01:27 8,762 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin
+ 2008-12-06 23:43:04 9,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin
- 2008-12-06 13:01:27 108,332 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 23:43:03 108,616 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-06 13:01:24 46,478 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 23:43:01 46,636 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-13 15:47:47 58,885,611 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-07 02:24:20 5,414,773 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
+ 2008-10-21 0553 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
+ 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll
+ 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll
+ 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll
+ 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll
+ 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll
+ 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll
+ 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll
+ 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll
+ 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll
+ 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll
+ 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll
+ 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
+ 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll
+ 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat
+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
+ 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
+ 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
+ 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
+ 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 13:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 14:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2008-01-21 02:25:16 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-21 02:25:16 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
+ 2008-12-07 02:24:08 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2008-12-07 02:24:11 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
.
-- Snapshot sat til dags dato --
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 c:\windows\RtHDVCpl.exe]

c:\users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Stefano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431478250-751702932-1817854511-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F4DD4B2-BFDC-4370-A787-8671CB4DA670}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F52FC84-17C4-46F0-8917-26E80F896A7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6535A1CF-E801-49A8-B83D-484FD682C00A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{749DB05F-8D00-4313-AA18-2C90F30616D6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C1ABFD22-7957-4A0A-BE35-A00B02EE5B5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C16A4BD-8AD9-4E97-86EF-57DB64E395D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4FB78B1D-60A7-42A4-81E1-B83E654564A2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{3303F0EE-F45C-497B-B7AB-524CB5D1934A}d:\\program files\\tantrum\\die by the sword\\windie.exe"= UDP:d:\program files\tantrum\die by the sword\windie.exe:windie
"UDP Query User{AC92907C-DD43-42B3-885F-16E3AB2CEA23}d:\\program files\\tantrum\\die by the sword\\windie.exe"= TCP:d:\program files\tantrum\die by the sword\windie.exe:windie
"TCP Query User{4A04B999-CFED-408F-8AC5-D19C6F119587}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{DB828D1E-1640-4D0B-8DE6-5147E9FE11D1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{AE0251AF-BE56-47D8-A34A-34716687DF33}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{D2DBB9E5-C5AC-46E6-938C-92C5FEAAB640}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{B55B4CA9-1788-4751-9BA3-1254C06ADDD3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{966BA7DE-2FD9-4A40-8C8F-5426A5F60F8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{326DC1B0-1BEB-4745-80FE-088557E0D7AE}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{86CEFFED-116F-4847-8A5B-27344B24B9DB}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"{9BB52674-5DC8-462B-AA96-546782AF9F0B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{107F4726-5B22-4BAD-AEBD-C5104A7C4C32}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2C05E19C-87E9-475C-B602-D5A7DED80AA2}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DF47EA27-B051-49E6-9B39-1802E59613F9}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8ADE7EF3-CF7B-41D7-884E-3EF159A133A2}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3F0B2B83-E68B-42A2-AB57-993F4C53A73C}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{BFFA7D66-F153-434A-A10F-149F3D4DBCE5}"= UDP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{C4B46306-7FF7-4578-9830-FC7044993C48}"= TCP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{26AEEF17-9456-4CC0-A3B9-0D99003A73F2}"= UDP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"{4D7767DA-C514-467E-A599-2FC0F1F8C02C}"= TCP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{01198DB2-ADD1-4A11-A5D9-B98B47B8AEA6}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= UDP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"UDP Query User{BAA0A3FC-86D3-4D99-B5D7-BBA459EF1C8D}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= TCP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"{CE59ADF9-7CC1-4384-9CCF-38CA6C962720}"= UDP:59151:µTorrent
"TCP Query User{50A8D18A-535A-44DB-AEB9-3DE2563D879E}d:\\doom 3\\doom3ded.exe"= UDP:d:\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{48ED1F5A-1AEA-4C19-8A23-BFD0332EBD08}d:\\doom 3\\doom3ded.exe"= TCP:d:\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{148E0837-E39B-4C4D-BD84-6BFDB8A545D7}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F807E392-7812-449E-A916-CE649668932F}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EF299F30-775E-4561-8525-DC00DC8676EE}d:\\crysis\\bin32\\crysis.exe"= UDP:d:\crysis\bin32\crysis.exe:Crysis
"UDP Query User{2E2B0B03-597F-460D-8066-70F9FD4ED24F}d:\\crysis\\bin32\\crysis.exe"= TCP:d:\crysis\bin32\crysis.exe:Crysis
"{81160EF1-46BD-4B77-B509-0DC4BA069B88}"= d:\command & conquer 3 kane's wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{001E32C5-642F-4A55-90C9-25FFC02448B2}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{81CCEBBB-9EEC-430E-96C9-2C9699037993}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{E259A6F1-3B46-4E5F-8C2D-3464249672BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9A93C4E-195C-499E-AB12-8CAF5F9CAC70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65A3D0D0-00AE-4429-95A8-4B6C2CF43265}"= UDP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E33896AF-F262-4E88-8F28-C957B5DAF0F7}"= TCP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{811F6413-AC91-46D1-8E58-C6E12299471D}"= UDP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3692CF83-C45B-457D-8420-B2E04466F96A}"= TCP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{DD2CDB1B-C5D5-4783-A3DF-6A5D6977D670}"= UDP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{AEC062B1-218B-43F9-8040-E0F228AF04BE}"= TCP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{14D55197-F185-4C4E-808E-B122A1CC1836}"= UDP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{C3580697-E113-4743-BC80-AEFBCC0D849A}"= TCP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{BA9A5538-44D9-4BCA-A54C-DA91FDB40248}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{319D69B3-7B97-463C-9032-CC88C210F65C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{18487EC5-68DC-4B44-8794-82C8E6EE8A0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6D11C98-DB48-42E8-9B61-1E2DABA41268}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\autorun.exe

*Newly Created Service* - PGFILTER
.
Indhold af mappen 'Planlagte Opgaver'

2008-10-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-06 03:19]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\5rndqojl.default\
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 02:35:42
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2008-12-07 2:37:39
ComboFix-quarantined-files.txt 2008-12-07 02:37:36
ComboFix2.txt 2008-12-06 13:10:18

Pre-Kørsel: 125.124.554.752 bytes free
Post-Kørsel: 124,776,923,136 bytes free

368 --- E O F --- 2008-12-07 02:26:07
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 07:45 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,613
OS: WinXP and Vista


Re: Pc is Nuked: Blocked Updates and pop-ups
Hello bimm3rcc,

While so far Kaspersky is only showing infections quarantined in Qoobox, it has not finished scanning your entire computer--this is important to do.

Do not use the computer at all while the scan is being done. Close any open programs, close all browsers except the one for the online scanner.

Let's see if this scanner works better for you. Perform an online scan with Panda ActiveScan

* Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2008, 05:56 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
Okay went a lot faster. about an hour or two. thanks
It removed a handful of viruses but

I need paid version to remove these:

Untitled.jpg

I will delete my cookies with firefox

Teh Log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-08 13:51:49
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@casalemedia[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@tradedoubler[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@mediaplex[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@statse.webtrendslive[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@zedo[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Stefano\AppData\Roaming\Microsoft\Windows\Cookies\stefano@adultfriendfinder[1].txt
00387058 W32/Flux.DP.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\autorun.inf.vir
00444112 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\TDSSmccb.sys.vir
00449733 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\TDSScrrx.dll.vir
02925267 Generic Trojan Virus/Trojan No 0 Yes Yes C:\Program Files\DAEMON Tools Pro\daemon.tools.pro.patch.exe
02925267 Generic Trojan Virus/Trojan No 0 Yes No E:\Games Setup\The Witcher\HERE_FIRST!\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\Users\Stefano\Desktop\ComboFix.exe
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\TDSStmei.dll.vir
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\TDSSrfpp.dll.vir
04224900 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\Windows\System32\TDSSntlv.dll.vir
04239596 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\awtuRkjK.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location �RtO@��
C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �RtO@��
C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2008, 05:59 AM   #10 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
Forgot that u wanted it Attached:

also its funny that it sees combofix as a virus
Attached Files
File Type: txt ActiveScan.txt (8.6 KB, 1 views)
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2008, 07:14 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,613
OS: WinXP and Vista


Re: Pc is Nuked: Blocked Updates and pop-ups
Ridiculous how it disinfected ComboFix but left the source of your troubles.

You'll need to download ComboFix again. Save it to your desktop.



Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

Folder::
E:\Games Setup\The Witcher\HERE_FIRST!\DT_PRO_v4.10.0218
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe and let it run.

--------------------------------------------------------------------

After you've completed the above, your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

Vista UAC does protect


PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2008, 08:56 AM   #12 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 32
OS: Vista_x86_sp1


Re: Pc is Nuked: Blocked Updates and pop-ups
Okay it ran smothely thanks

I have AVG free installed and different UNiblue programs like Driver Scanner Registry booster "Speed up my pc" and SpyEraser

I sometimes also Defrag my pc by using diskkeeper 2008
I also use the Windows Disk cleanup feature.

Now i will also install those programs you have advised me to install

thank you so much man , u are the best.


in case u wanted to see the log i have attached it
Attached Files
File Type: txt log2.txt (26.0 KB, 1 views)
bimm3rcc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2008, 10:31 AM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,613
OS: WinXP and Vista


Re: Pc is Nuked: Blocked Updates and pop-ups
Glad to see it all went smoothly for you.

Take care and surf safely.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:59 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85