Jump to content

Kirja

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kirja
    Hi again, after Ccleaner i feel little bit changes, can't say in good way, had blue screen of death and when machine starts it feels as same as i got malware. Scan saved at 4:42:47 PM, on 6/15/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ALCFDRTM.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\U-ABIT\uGuru\uGuru.exe C:\Program Files\Hawking\HWU54D\HWU54D.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-57989841-2049760794-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU54D\HWU54D.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: ??????????? Avira AntiVir (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 8605 bytes
  2. Kirja
    Hi, almost did all steps u said , just still waiting for sp3, and going to do defragmenting to day. Pc seemce to work fine, old problems fixed, and no trace of a problems. Will look more in to pitstop when i get more time to night. Thank you for helping ^.^ hope i get sp3 soon, think i did not update windows for 2 years lol.
  3. Kirja
    Hi, SP3 update otw, http://www.pcpitstop.com/betapit/sec.asp?conid=24406204
  4. Kirja
    Hello, sorry for answearing so late, busy with work, Removed Combofix and programs u mention, and installed new one. Will do service pack 3, as soon as i get more free time. Changes to pc after changes. Start> control Panel > add remove programs ( takes forever to open) Also noticed > System > Automatic updates ( also takes forecer to open) Start> Turn ofF computer ( also on delay) Will use jv16 PowerTools 2011 again might fix it as last time.
  5. Kirja
    Hello, well Pc seemce to work ok , had issue not long ago where it just freeze. Couldn't open Add/remove program ( well it opened 1 minet after i double click) Start > turn off ( was on delay aswell 1-2 minets) Happened after i installed game AION. Found program named (jv16 PowerTools 2011) belive it was fixed. Looks like i need to do some updates. Yea i belive computer working fine. Also i still have such programs installed as Combofix and some others. ( not sure if its safe to uninstall them) Not sure if its right, but my arrow keys not working when i try to switch to safe mode or use last best setting for windows.
  6. Kirja
    Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Premium ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 13 Out of date Java installed! Adobe Flash Player Adobe Reader 8.1.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log````````````
  7. Kirja
    Hi. Eset: # utc_time=2011-06-02 08:33:36 # local_time=2011-06-02 04:33:36 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 299066 299066 0 0 # compatibility_mode=1792 16777175 100 0 296940 296940 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=100355 # found=23 # cleaned=23 # scan_time=2852 C:\Documents and Settings\Kirja\Local Settings\Application Data\Opera\Opera\temporary_downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Kirja\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\fijwkfxi.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\jynlddul.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\nmWEdfii.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\nmWEdfii.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP500\A0084604.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP502\A0091687.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093241.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093242.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP513\A0093243.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099825.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099826.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099827.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099828.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099829.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP517\A0099830.rbf Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{72E9BE16-0BB2-4395-9711-6937E479F076}\RP520\A0100363.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
  8. Kirja
    Hi, Well i haven't used Bitcoment in awhile, since i do not have much space on HD to dl anything, and since i do like play games some games like ( Dragon age) e.t.c req alot of space, just never thought of uninstaling it before, Wich els program's u'd like me to remove?
  9. Kirja
    DDS: DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Kirja at 9:10:09 on 2011-05-26 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2527 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\U-ABIT\uGuru\uGuru.exe C:\Program Files\Hawking\HWU54D\HWU54D.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCFDRTM.EXE C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Kirja\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.evony.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [skyTel] SkyTel.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet StartupFolder: c:\docume~1\kirja\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\hwu54d\HWU54D.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-19 11608] R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2010-2-24 14592] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-19 339624] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-19 269480] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-19 421032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-19 61960] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-22 2218600] S3 aaudstum;aaudstum;\??\c:\docume~1\kirja\locals~1\temp\aaudstum.sys --> c:\docume~1\kirja\locals~1\temp\aaudstum.sys [?] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2010-4-10 8704] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 pwlyrpob;pwlyrpob;\??\c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys --> c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys [?] S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [2009-4-12 273408] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-4-12 19200] . =============== Created Last 30 ================ . 2011-05-26 12:34:35 -------- d-sha-r- C:\cmdcons 2011-05-26 12:30:35 98816 ----a-w- c:\windows\sed.exe 2011-05-26 12:30:35 89088 ----a-w- c:\windows\MBR.exe 2011-05-26 12:30:35 256512 ----a-w- c:\windows\PEV.exe 2011-05-26 12:30:35 161792 ----a-w- c:\windows\SWREG.exe 2011-05-22 22:28:01 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-05-22 22:26:54 259932 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-05-22 22:26:54 259932 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-05-22 22:26:54 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-05-22 22:16:09 -------- d-----w- c:\windows\nview 2011-05-22 21:59:32 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-22 21:59:32 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-22 21:59:32 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-22 21:59:32 2770536 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-22 21:59:32 2116894 ----a-w- c:\windows\system32\nvdata.bin 2011-05-22 21:59:32 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-22 21:59:31 13000704 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-22 21:55:14 -------- d-----w- c:\program files\NVIDIA Corporation 2011-05-19 05:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 05:30:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 05:23:59 -------- d-----w- c:\documents and settings\kirja\application data\Avira 2011-05-19 05:17:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-19 05:17:04 -------- d-----w- c:\program files\Avira 2011-05-19 05:17:04 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-05-19 04:41:39 388096 ----a-r- c:\documents and settings\kirja\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-05-19 04:41:38 -------- d-----w- c:\program files\Trend Micro 2011-05-19 04:33:16 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite 2011-05-05 22:00:38 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011 . ==================== Find3M ==================== . 2011-05-18 03:56:43 98304 ----a-w- c:\windows\DUMP954a.tmp 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-08 05:14:00 5210112 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll 2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll 2011-04-08 05:14:00 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-04-08 02:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-04-08 02:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-08 02:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-04-08 02:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 02:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 02:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe 2011-04-08 02:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe . ============= FINISH: 9:10:30.53 ===============
  10. Kirja
    Hi. I am using single AV program, Paladin AV is rouge malware wich i had last summer, and had help to remove it here, how ever i can not locate it anywhere. Here is Combofix: ComboFix 11-05-25.03 - Kirja 05/26/2011 8:37.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2544 [GMT -4:00] Running from: c:\documents and settings\Kirja\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Kirja\Application Data\inst.exe c:\documents and settings\Kirja\WINDOWS c:\windows\system32\fijwkfxi.ini c:\windows\system32\jynlddul.ini c:\windows\system32\nmWEdfii.ini c:\windows\system32\nmWEdfii.ini2 . . ((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 ))))))))))))))))))))))))))))))) . . 2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\UpdatusUser 2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA 2011-05-22 22:28 . 2011-05-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2011-05-22 22:26 . 2011-05-22 22:33 259932 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-05-22 22:26 . 2011-05-22 22:33 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-05-22 22:26 . 2011-05-22 22:33 259932 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-05-22 22:25 . 2011-05-22 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2011-05-22 22:16 . 2011-05-22 22:16 -------- d-----w- c:\windows\nview 2011-05-22 21:59 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll 2011-05-22 21:59 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll 2011-05-22 21:59 . 2011-04-08 05:14 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-22 21:59 . 2011-04-08 05:14 2770536 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-22 21:59 . 2011-04-08 05:14 2116894 ----a-w- c:\windows\system32\nvdata.bin 2011-05-22 21:59 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-22 21:59 . 2011-04-08 05:14 13000704 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-22 21:55 . 2011-05-22 22:28 -------- d-----w- c:\program files\NVIDIA Corporation 2011-05-19 05:46 . 2011-05-19 05:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira 2011-05-19 05:30 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 05:30 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 05:23 . 2011-05-19 05:23 -------- d-----w- c:\documents and settings\Kirja\Application Data\Avira 2011-05-19 05:17 . 2011-04-06 12:51 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-19 05:17 . 2011-04-06 12:51 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-19 05:17 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-05-19 05:17 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-05-19 05:17 . 2011-05-19 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-05-19 05:17 . 2011-05-19 05:17 -------- d-----w- c:\program files\Avira 2011-05-19 04:41 . 2011-05-19 04:41 388096 ----a-r- c:\documents and settings\Kirja\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\program files\Trend Micro 2011-05-19 04:33 . 2011-05-19 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2011-05-05 22:00 . 2011-05-05 22:51 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-18 03:56 . 2008-06-05 02:58 98304 ----a-w- c:\windows\DUMP954a.tmp 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-08 05:14 . 2008-05-03 05:46 5210112 ----a-w- c:\windows\system32\nvcuda.dll 2011-04-08 05:14 . 2007-11-06 09:30 4111232 ----a-w- c:\windows\system32\nv4_disp.dll 2011-04-08 05:14 . 2007-11-06 09:30 2027008 ----a-w- c:\windows\system32\nvapi.dll 2011-04-08 05:14 . 2007-11-06 09:30 14856192 ----a-w- c:\windows\system32\nvoglnt.dll 2011-04-08 05:14 . 2007-11-06 09:30 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-04-08 02:15 . 2011-04-08 02:15 81920 ----a-w- c:\windows\system32\nvwddi.dll 2011-04-08 02:15 . 2011-04-08 02:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll 2011-04-08 02:15 . 2011-04-08 02:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll 2011-04-08 02:15 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-04-08 02:15 . 2011-04-08 02:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe 2011-04-08 02:15 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ------w- c:\program files\opera\program\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ------w- c:\program files\opera\program\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "ABIT uGuruIII"="c:\program files\U-ABIT\uGuru\uGuru.exe" [2007-04-11 425984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984] "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-06 281768] "NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192] . c:\documents and settings\Kirja\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU54D\HWU54D.exe [2011-1-7 458752] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-6-11 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 692224] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25173:TCP"= 25173:TCP:BitComet 25173 TCP "25173:UDP"= 25173:UDP:BitComet 25173 UDP "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "26744:TCP"= 26744:TCP:BitComet 26744 TCP "26744:UDP"= 26744:UDP:BitComet 26744 UDP "58188:TCP"= 58188:TCP:Pando Media Booster "58188:UDP"= 58188:UDP:Pando Media Booster "56370:TCP"= 56370:TCP:Pando Media Booster "56370:UDP"= 56370:UDP:Pando Media Booster "8381:TCP"= 8381:TCP:League of Legends Launcher "8381:UDP"= 8381:UDP:League of Legends Launcher "6986:TCP"= 6986:TCP:League of Legends Launcher "6986:UDP"= 6986:UDP:League of Legends Launcher "56506:TCP"= 56506:TCP:Pando Media Booster "56506:UDP"= 56506:UDP:Pando Media Booster "8382:TCP"= 8382:TCP:League of Legends Launcher "8382:UDP"= 8382:UDP:League of Legends Launcher "8383:TCP"= 8383:TCP:League of Legends Launcher "8383:UDP"= 8383:UDP:League of Legends Launcher . R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2/24/2010 7:46 AM 14592] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2/24/2010 6:22 AM 185472] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [5/19/2011 1:17 AM 339624] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [5/19/2011 1:17 AM 421032] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/22/2011 6:28 PM 2218600] S3 aaudstum;aaudstum;\??\c:\docume~1\Kirja\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Kirja\LOCALS~1\Temp\aaudstum.sys [?] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/18/2010 9:28 PM 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/18/2010 9:28 PM 30104] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [4/10/2010 5:34 PM 8704] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 pwlyrpob;pwlyrpob;\??\c:\docume~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys --> c:\docume~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys [?] S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [4/12/2009 7:32 PM 273408] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [4/12/2009 7:32 PM 19200] . Contents of the 'Scheduled Tasks' folder . 2011-05-26 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2008-06-07 13:27] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.evony.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS REMOVED - - - - . BHO-{F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-26 08:44 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-57989841-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*s*B*S%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-57989841-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
  11. Kirja
    DDS: DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by Kirja at 4:46:25 on 2011-05-22 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2498 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Outdated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} AV: Outpost Security Suite *Enabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9} FW: Outpost Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\U-ABIT\uGuru\uGuru.exe C:\Program Files\Hawking\HWU54D\HWU54D.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe C:\WINDOWS\ALCFDRTM.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kirja\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.evony.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - No File TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\uGuru.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun mRun: [skyTel] SkyTel.EXE mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice StartupFolder: c:\docume~1\kirja\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\hwu54d\HWU54D.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\iifdEWmn Hosts: 64.16.193.26 l2authd.lineage2.com Hosts: 216.107.250.194 update.nprotect.com Hosts: 216.107.250.194 nprotect.lineage2.com . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-19 11608] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-5-19 708760] R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2010-2-24 14592] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472] R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2011-5-19 2072592] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-5-19 339624] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-19 269480] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-5-19 421032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-19 61960] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-5-19 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-5-19 267624] R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-5-19 70160] R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-5-19 242040] R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-5-19 34096] S3 aaudstum;aaudstum;\??\c:\docume~1\kirja\locals~1\temp\aaudstum.sys --> c:\docume~1\kirja\locals~1\temp\aaudstum.sys [?] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-18 30104] S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2010-4-10 8704] S3 pwlyrpob;pwlyrpob;c:\docume~1\kirja\locals~1\temp\pwlyrpob.sys [2011-5-18 100736] S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [2009-4-12 273408] S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-4-12 19200] . =============== Created Last 30 ================ . 2011-05-19 05:44:00 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys 2011-05-19 05:43:59 708760 ----a-w- c:\windows\system32\drivers\SandBox.sys 2011-05-19 05:43:28 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys 2011-05-19 05:42:06 34280 ----a-w- c:\windows\system32\drivers\afw.sys 2011-05-19 05:41:47 -------- d-----w- c:\windows\system32\Filt 2011-05-19 05:41:47 -------- d-----w- c:\program files\Agnitum 2011-05-19 05:41:47 -------- d-----w- c:\documents and settings\kirja\application data\Agnitum 2011-05-19 05:40:48 -------- d-----w- c:\documents and settings\all users\application data\Agnitum 2011-05-19 05:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 05:30:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 05:23:59 -------- d-----w- c:\documents and settings\kirja\application data\Avira 2011-05-19 05:17:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-19 05:17:04 -------- d-----w- c:\program files\Avira 2011-05-19 05:17:04 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-05-19 04:41:39 388096 ----a-r- c:\documents and settings\kirja\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-05-19 04:41:38 -------- d-----w- c:\program files\Trend Micro 2011-05-19 04:33:16 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite 2011-05-05 22:00:38 -------- d-----w- C:\LeagueOfLegends.NA.04_26_2011 . ==================== Find3M ==================== . 2011-05-18 03:56:43 98304 ----a-w- c:\windows\DUMP954a.tmp 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr . ============= FINISH: 4:47:20.17 ===============
  12. Kirja
    STDSSKiller 011/05/22 04:38:01.0609 3432 Scan started 2011/05/22 04:38:01.0609 3432 Mode: Manual; 2011/05/22 04:38:01.0609 3432 ================================================================================ 2011/05/22 04:38:02.0078 3432 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys 2011/05/22 04:38:02.0125 3432 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/22 04:38:02.0156 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/22 04:38:02.0187 3432 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/05/22 04:38:02.0203 3432 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys 2011/05/22 04:38:02.0234 3432 afw (14ba5ca5d11771ce8e8b6cc6830a2436) C:\WINDOWS\system32\DRIVERS\afw.sys 2011/05/22 04:38:02.0265 3432 afwcore (1f3d61965a9bd278a205d3062176e45c) C:\WINDOWS\system32\drivers\afwcore.sys 2011/05/22 04:38:02.0343 3432 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/22 04:38:02.0421 3432 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys 2011/05/22 04:38:02.0468 3432 ASWFilt (1f9827d87260dad71555a34c7a8624c3) C:\WINDOWS\system32\Filt\ASWFilt.dll 2011/05/22 04:38:02.0484 3432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/22 04:38:02.0500 3432 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/22 04:38:02.0546 3432 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/05/22 04:38:02.0562 3432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/22 04:38:02.0609 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/22 04:38:02.0640 3432 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/05/22 04:38:02.0640 3432 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/05/22 04:38:02.0703 3432 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/22 04:38:02.0718 3432 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/05/22 04:38:02.0765 3432 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/05/22 04:38:02.0796 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/22 04:38:02.0812 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/22 04:38:02.0843 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/22 04:38:02.0859 3432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/22 04:38:02.0890 3432 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/22 04:38:02.0968 3432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/22 04:38:03.0000 3432 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/22 04:38:03.0015 3432 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/22 04:38:03.0031 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/22 04:38:03.0031 3432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/22 04:38:03.0062 3432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/22 04:38:03.0078 3432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/22 04:38:03.0093 3432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/22 04:38:03.0109 3432 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/22 04:38:03.0125 3432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/05/22 04:38:03.0156 3432 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/05/22 04:38:03.0187 3432 FStarForce (e626f53e373e521f75b59936a31a4124) C:\WINDOWS\system32\DRIVERS\FStarForce.sys 2011/05/22 04:38:03.0203 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/22 04:38:03.0218 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/22 04:38:03.0234 3432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/22 04:38:03.0250 3432 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/22 04:38:03.0281 3432 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/22 04:38:03.0296 3432 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/22 04:38:03.0343 3432 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/22 04:38:03.0359 3432 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/22 04:38:03.0500 3432 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/05/22 04:38:03.0531 3432 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/22 04:38:03.0546 3432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/05/22 04:38:03.0593 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/22 04:38:03.0625 3432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/22 04:38:03.0656 3432 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/22 04:38:03.0671 3432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/22 04:38:03.0703 3432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/22 04:38:03.0703 3432 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/22 04:38:03.0718 3432 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/05/22 04:38:03.0734 3432 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/22 04:38:03.0750 3432 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/22 04:38:03.0765 3432 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/22 04:38:03.0781 3432 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/22 04:38:03.0828 3432 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/05/22 04:38:03.0859 3432 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/05/22 04:38:03.0875 3432 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/05/22 04:38:03.0921 3432 Memctl (6dc926c53624755b07cfe254f3845afa) C:\Program Files\U-ABIT\FlashMenu\Memctl.sys 2011/05/22 04:38:03.0953 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/22 04:38:03.0984 3432 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/22 04:38:03.0984 3432 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/22 04:38:04.0000 3432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/22 04:38:04.0015 3432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/22 04:38:04.0046 3432 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/22 04:38:04.0078 3432 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/22 04:38:04.0093 3432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/22 04:38:04.0109 3432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/22 04:38:04.0125 3432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/22 04:38:04.0140 3432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/22 04:38:04.0156 3432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/22 04:38:04.0171 3432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/22 04:38:04.0187 3432 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/22 04:38:04.0203 3432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/22 04:38:04.0218 3432 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/22 04:38:04.0234 3432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/22 04:38:04.0250 3432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/22 04:38:04.0265 3432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/22 04:38:04.0281 3432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/22 04:38:04.0312 3432 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/22 04:38:04.0312 3432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/22 04:38:04.0343 3432 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/22 04:38:04.0390 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/22 04:38:04.0562 3432 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/05/22 04:38:04.0625 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/22 04:38:04.0640 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/22 04:38:04.0656 3432 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/22 04:38:04.0671 3432 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 2011/05/22 04:38:04.0687 3432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/22 04:38:04.0703 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/22 04:38:04.0718 3432 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/22 04:38:04.0765 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/22 04:38:04.0781 3432 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/22 04:38:04.0828 3432 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 2011/05/22 04:38:04.0906 3432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/22 04:38:04.0921 3432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/22 04:38:04.0937 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/22 04:38:05.0015 3432 pwlyrpob (6b1eea6e251f670b21eb348d4564f476) C:\DOCUME~1\Kirja\LOCALS~1\Temp\pwlyrpob.sys 2011/05/22 04:38:05.0046 3432 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/22 04:38:05.0109 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/22 04:38:05.0125 3432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/22 04:38:05.0156 3432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/22 04:38:05.0156 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/22 04:38:05.0187 3432 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/22 04:38:05.0187 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/22 04:38:05.0218 3432 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/22 04:38:05.0234 3432 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/22 04:38:05.0250 3432 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/22 04:38:05.0296 3432 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys 2011/05/22 04:38:05.0312 3432 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/05/22 04:38:05.0375 3432 SandBox (a981b8e884f25701e58c55b3c44d869e) C:\WINDOWS\system32\drivers\SandBox.sys 2011/05/22 04:38:05.0406 3432 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys 2011/05/22 04:38:05.0437 3432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/22 04:38:05.0468 3432 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 2011/05/22 04:38:05.0484 3432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/22 04:38:05.0531 3432 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/22 04:38:05.0562 3432 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/05/22 04:38:05.0578 3432 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/05/22 04:38:05.0578 3432 sptd - detected LockedFile.Multi.Generic (1) 2011/05/22 04:38:05.0593 3432 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/22 04:38:05.0609 3432 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/22 04:38:05.0656 3432 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/05/22 04:38:05.0671 3432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/22 04:38:05.0687 3432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/22 04:38:05.0765 3432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/22 04:38:05.0796 3432 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/22 04:38:05.0828 3432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/22 04:38:05.0843 3432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/22 04:38:05.0859 3432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/22 04:38:05.0890 3432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/22 04:38:05.0921 3432 UGURU (c3cd138762aab1797805c26bf5defcbe) C:\WINDOWS\system32\drivers\uGuru.sys 2011/05/22 04:38:05.0953 3432 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/22 04:38:05.0984 3432 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/22 04:38:06.0000 3432 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/22 04:38:06.0015 3432 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/22 04:38:06.0031 3432 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/22 04:38:06.0046 3432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/22 04:38:06.0062 3432 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/22 04:38:06.0093 3432 VBEngNT (8dfcd62c767741576bb9cd8da9854517) C:\WINDOWS\system32\drivers\VBEngNT.sys 2011/05/22 04:38:06.0125 3432 VBFilt (442e677f49d0e310a7b0841cb880e821) C:\WINDOWS\system32\Filt\VBFilt.dll 2011/05/22 04:38:06.0156 3432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/05/22 04:38:06.0171 3432 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/22 04:38:06.0187 3432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/22 04:38:06.0234 3432 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/05/22 04:38:06.0265 3432 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/22 04:38:06.0328 3432 Winflash (fd5b87cd55134bf3545116dbbd45be88) C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys 2011/05/22 04:38:06.0375 3432 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/05/22 04:38:06.0390 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/05/22 04:38:06.0437 3432 ZD1211U(Hawking Technologies) (4fee08bf688aaf439709ac767947119e) C:\WINDOWS\system32\DRIVERS\zd1211u.sys 2011/05/22 04:38:06.0468 3432 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS 2011/05/22 04:38:06.0484 3432 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS 2011/05/22 04:38:06.0625 3432 ================================================================================ 2011/05/22 04:38:06.0625 3432 Scan finished 2011/05/22 04:38:06.0625 3432 ================================================================================ 2011/05/22 04:38:06.0640 1312 Detected object count: 1 2011/05/22 04:38:32.0812 1312 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/05/22 04:38:32.0812 1312 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/05/22 04:38:32.0812 1312 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot 2011/05/22 04:38:32.0812 1312 LockedFile.Multi.Generic(sptd) - User select action: Delete 2011/05/22 04:38:37.0046 3224 Deinitialize success
  13. Kirja
    After 1 more error something went wrong, and my screen on log in did not change and essential cleaner do not pop up, maybe i deleted some file while was looking around. Was able to do Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:41:48 AM, on 5/19/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\U-ABIT\uGuru\uGuru.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Hawking\HWU54D\HWU54D.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ALCFDRTM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evony.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O1 - Hosts: 64.16.193.26 l2authd.lineage2.com O1 - Hosts: 216.107.250.194 update.nprotect.com O1 - Hosts: 216.107.250.194 nprotect.lineage2.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F92AE24D-2C39-4C17-8324-E93E9E0A37A2} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe" /runcleanupscript O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU54D\HWU54D.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5347/mcfscan.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 8533 bytes
  14. Kirja
    So is there anything that could be done? is there online Hijackthis scan wich would work since i can't open pretty much anything.
  15. Kirja
    Blue screen of death every 15 minets or so, well can't find any info about this one, guees its 1 of new rogues. Sorry for spaming. Was just little bit upset since its been a year or so since i got smth i can't remove. last 1 (Paladin antivirus) 1) Restart every 15 minets. 2) close ( i belive) or hide, any Program i am trying to open. 3) Start> run any cmd i use opens for 1 sec then hides or closes by itself as any other programs. 4) malwarebytes blocked. 5) Avast do not detect anything, and warning msg i get is that avastsvc.exe is infected Please activate ur antivirus software. 6) Can't run in safe mode. Hope this was helpful, unfortunatly can't post hijack log or anything els due to reasons i mention. Thank you in advance ^^
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.