Jump to content

leafs

Honorary Members
 View Profile  See their activity

  • Posts

    35

  • Joined

  • Last visited

Reputation

0 Neutral

About leafs

  • Birthday 07/13/1972

Profile Information

  • Location
    Brantford,Ont,Canada
  1. leafs
    No more crashes or problems,i think we got it all fixed,man what a pain in the behind,lol Thx again for all the help,Ive learned alot and plan on being a member of this forums for a long time.Talk to you all later. Leafs
  2. leafs
    Since i stopped zonealarm from monitoring nod it hasnt crashed HJT uninstall list AC3Filter (remove only) Acoustica Beatcraft Acoustica Effects Pack Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 2.0 Adobe Photoshop CS2 Adobe Premiere Pro Adobe Reader 7.0.9 Adobe Stock Photos 1.0 Ahead Nero Burning ROM AnyDVD Cake Mania 2 Cakewalk VST Adapter 4 Cool Edit Pro 2.1 Corel SVG Viewer DAEMON Tools dBpowerAMP AAC (AACEnc CLI) dBpowerAMP mp3PRO Input Codec dBpowerAMP Music Converter dBpowerAMP Ogg Vorbis Codec Dell ResourceCD Diner Dash Diner Dash - Flo on the Go DivX Web Player DreamStation DXi2 DVD Shrink 3.2 GiPo@MoveOnBoot 1.9.5 GuitarPort 2.51.0 (Remove Only) HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Intel
  3. leafs
    no crash yet,,im gonna try to turn on nod32 again,only this time i wont let ZA monitor it,lets see what happens
  4. leafs
    I took a shot in the dark guess that maybe there was a problem between nod32 and zonealarm,so i turned off nod32,15 minutes no crash yet.Ill give it another 10 minutes,usually crashes by now.
  5. leafs
    mysystem.txt ok i added it as an attachment,lets see if that works mysystem.txt
  6. leafs
    The log is to big for the forum,can we narrow it down a bit? there was no blue screen,,just turns right off to black
  7. leafs
    I added zonealarm,defraged the hd since we last spoke
  8. leafs
    I think i still have some kinda problem,,my system turns off randomly,4 times in an hour today it just turned off while in use,any ideas as to what or why this happens? (time for a new comp soon) lol
  9. leafs
    Everything seems to be ok,,,a huge thx to you 1972vet and jean for all the help.The world needs more people like you all,who help out those less knowledgable.
  10. leafs
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:15 PM, on 8/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 3980 bytes
  11. leafs
    ComboFix 08-08-18.05 - damageplan 2008-08-20 22:15:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.756 [GMT -4:00] Running from: C:\Documents and Settings\damageplan.BEYOND\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\damageplan.BEYOND\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\410splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\414splashfree.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\createtimes.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\fileurns.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\filters.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\gnutella.net C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\installation.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\library.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\limewire.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\mojito.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\pub1.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\public.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\questions.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\responses.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\simpp.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\spam.dat C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\tables.props C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\search.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_open.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\lime.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\logo.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\notsearching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme.lwtp C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\01_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\02_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\03_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\04_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\05_star.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\chat.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill_on.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\logo.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\notsearching.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\question.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\searching.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splash.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splashpro.png C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_dn.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_up.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\theme.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\version.txt C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\warning.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttree.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttrees.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttroot.cache C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\update.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.key C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.xml C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\data\delete_me C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\application.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\audio.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\document.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\image.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\video.gif C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\application.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\audio.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\document.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\image.xsd C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\video.xsd C:\WINDOWS\system\actualspystart.lnk . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-20 19:21 . 2008-08-20 19:30 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\PC Suite 2008-08-20 19:21 . 2008-08-20 20:14 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Nokia 2008-08-20 19:21 . 2008-08-20 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\DIFX 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-20 19:19 . 2008-08-20 19:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-20 19:19 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Nokia 2008-08-20 19:19 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-20 19:19 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-20 19:19 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-20 19:19 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-20 19:19 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-20 19:19 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-20 19:19 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-20 19:18 . 2008-08-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-08-20 15:17 . 2008-08-20 18:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-19 11:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-19 11:15 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\Java 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-18 19:32 . 2008-08-18 19:32 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-17 13:26 . 2008-08-20 13:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-17 13:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-17 13:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-16 21:20 . 2008-08-16 21:20 <DIR> d-------- C:\Program Files\Panda Security 2008-08-16 21:20 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-16 20:20 . 2008-08-16 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-08-13 17:30 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-11 00:41 . 2008-08-20 20:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-11 00:41 . 2008-08-11 00:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Cakewalk Projects . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 00:44 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-19 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-17 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 00:53 --------- d-----w C:\Program Files\Virtools Web Player 3.0 2008-08-16 21:24 --------- d-----w C:\Program Files\QuickTime 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi 2008-07-08 19:48 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\agi . ((((((((((((((((((((((((((((( snapshot@2008-08-19_11.41.41.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-20 23:20:00 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe + 2008-08-20 23:20:44 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe + 2008-08-20 23:19:42 3,262 ----a-r C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe + 2007-03-30 03:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll - 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-07-19 02:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Before Compact\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Original\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\RCCBakup\NTUSER.DAT + 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\SM Registry Backup\NTUSER.DAT - 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2004-08-04 06:08:42 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys - 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-05-20 14:37:00 525,824 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll + 2004-08-04 06:08:42 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys + 2008-05-07 11:38:36 8,064 ----a-w C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys + 2006-11-02 11:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys + 2006-11-02 11:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys - 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys + 2006-09-16 02:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys - 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2006-09-16 02:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys + 2008-05-07 11:38:20 17,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys + 2008-05-07 11:38:24 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll + 2008-05-07 11:38:34 659,968 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll + 2008-05-07 11:39:22 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll + 2008-05-07 11:38:36 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys + 2008-06-06 13:24:44 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys + 2008-05-07 11:38:20 20,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys + 2007-09-17 19:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys + 2008-05-20 14:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll + 2008-05-20 14:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll - 2008-08-18 01:08:21 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-08-21 00:44:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-10-09 01:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2008-07-19 02:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2008-07-19 02:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2008-07-19 02:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll - 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll + 2006-09-16 03:30:16 87,040 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll - 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe + 2006-09-16 03:30:06 142,848 ------w C:\WINDOWS\system32\WudfHost.exe - 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll + 2006-09-16 02:29:54 163,840 ------w C:\WINDOWS\system32\WudfPlatform.dll - 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll + 2006-09-16 03:30:16 55,296 ------w C:\WINDOWS\system32\WudfSvc.dll + 2008-05-20 14:32:30 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll - 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll + 2006-09-16 03:30:16 308,224 ------w C:\WINDOWS\system32\WUDFx.dll - 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-19 02:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll + 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Itfy"="C:\WINDOWS\system32\??rvices.exe" [?] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47 557056] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 08:31 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-10-06 15:16 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^damageplan^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk] backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anwx HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Outlook Express\\msimn.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R2 BCDCNDIS;Belkin Direct Connect Network Adapter;C:\WINDOWS\system32\DRIVERS\BCDCNDIS.SYS [2000-08-08 14:37] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 14:24] R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-01-29 21:22] S3 BCDCLINK;Belkin USB Direct Connect;C:\WINDOWS\system32\DRIVERS\BCDCLINK.SYS [2000-08-08 14:37] S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-29 21:17] S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys [2005-01-21 08:17] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf89c438-758d-11db-b4be-0050fcc1144c}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5da4cbc-757a-11db-b4b3-0050fcc1144c}] \Shell\AutoRun\command - G:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2007-11-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03] 2008-08-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - D:\Program Files\SpyEraser\SpyEraser.exe [2007-05-23 15:33] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 22:20:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Completion time: 2008-08-20 22:29:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-21 02:29:11 ComboFix2.txt 2008-08-19 15:42:24 Pre-Run: 7,888,089,088 bytes free Post-Run: 7,912,120,320 bytes free 428 --- E O F --- 2008-08-20 22:16:07 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:32:35 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ESET\bak\nod32kui.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4421 bytes
  12. leafs
    The computer is very laggy at times,not sure if thats cuzz its older or due to more viruses
  13. leafs
    It seems a bit slow on startup,takes about a minute or so longer then usual to be able to open ie or run anything,other then that it seems ok HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:28:27 PM, on 8/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ESET\bak\nod32kui.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 3719 bytes
  14. leafs
    k,,updated and scanned log Malwarebytes' Anti-Malware 1.25 Database version: 1062 Windows 5.1.2600 Service Pack 2 1:21:15 PM 8/20/2008 mbam-log-08-20-2008 (13-21-15).txt Scan type: Quick Scan Objects scanned: 46485 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. leafs
    Whats the next step?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.