Jump to content

possible rootkit infection (xxx.xxx uuu.uuu)


Recommended Posts

Hi there everyone.

I've been getting my internet access cut from my ISP for allegedly sending spam mails from my home network. It seems that my laptop (Windows 7 Home Premium x64) is infected with a rootkit of some kind. Upon scanning Malwarebytes revealed the presence of something suspicious:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4613

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

14.09.2010 20:10:58
mbam-log-2010-09-14 (20-10-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 633615
Time elapsed: 2 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Left 4 dead 2\Razor1911.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Filthgrinder\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Filthgrinder\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Filthgrinder\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Filthgrinder\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

After this first scan I ran a variety of rootkit scanners (Sophor, Avast rootkit scanner, GMER) and they all have returned negative results. Here is the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-15 21:32:44
Windows 6.1.7600
Running: whyclv04.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4A 0x93 0x48 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x7F 0xDF 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x58 0xD8 0x62 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x4E 0x50 0x5E 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF4 0x16 0x3F 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x7F 0xDF 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x46 0x46 0x36 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x4E 0x50 0x5E 0xDD ...

---- EOF - GMER 1.0.15 ----

A subsequent scan from Malwarebytes (after many reboots) has also turned up negative:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4613

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

16.09.2010 07:21:21
mbam-log-2010-09-16 (07-21-21).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 150588
Time elapsed: 31 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Is my machine clean and I

Link to post
Share on other sites

  • Root Admin

Please download and run the following tool and right click and Run as administrator

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Then download and run the following (just double click to run it) and post back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

You may also want to do a Factory Reset of your router and then make sure you put a password on it. Typically a reset on most can be performed by inserting a small paperclip into a small hole on the back of the router, but check the MFG Website if in doubt.

Link to post
Share on other sites

Hi AdvancedSetup

Thanks for the quick response. I tried to run DDS script earlier and it said that it only supports 32bit Operating systems (combofix also refuses to install).

Regarding the router, i've setup a MAC filter on it. The router was already password protected and our WiFi connection has WPA2 encryption with a key that is 63 random characters in length.

Link to post
Share on other sites

Since I couldn't get DDS to work I ran a OTL scan:

OTL logfile created on: 9/16/2010 7:59:55 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = E:\scan
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 22.65 Gb Free Space | 30.39% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 21.53 Gb Free Space | 10.30% Space Free | Partition Type: NTFS
Drive E: | 982.03 Mb Total Space | 51.14 Mb Free Space | 5.21% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FILTH-BOOK
Current User Name: Filthgrinder
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/09/16 11:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\scan\OTL.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/09/16 11:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\scan\OTL.exe
MOD - [2009/07/14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:[b]64bit:[/b] - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:[b]64bit:[/b] - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2009/07/17 15:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/12 20:39:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/08 18:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\619.tmp -- (MEMSWEEP2)
DRV:[b]64bit:[/b] - [2010/09/07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2010/06/22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2010/01/07 20:24:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009/10/15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2009/10/06 10:29:56 | 000,045,832 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R_DFU.sys -- (MADFUFTU8R)
DRV:[b]64bit:[/b] - [2009/10/06 10:29:52 | 000,195,592 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R.sys -- (MAUSBFASTTRACKULTRA8R)
DRV:[b]64bit:[/b] - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/05 12:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:[b]64bit:[/b] - [2009/05/22 16:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2008/12/08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:[b]64bit:[/b] - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009/09/01 17:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/09 22:46:07] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.34

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/11 12:40:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/11 12:40:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/08 18:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/01/07 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Filthgrinder\AppData\Roaming\Mozilla\Extensions
[2010/01/07 16:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filthgrinder\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/14 20:37:21 | 000,000,000 | ---D | M] -- C:\Users\Filthgrinder\AppData\Roaming\Mozilla\Firefox\Profiles\o9tx7oyb.default\extensions
[2010/09/01 06:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filthgrinder\AppData\Roaming\Mozilla\Firefox\Profiles\o9tx7oyb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/20 15:23:17 | 000,002,057 | ---- | M] () -- C:\Users\Filthgrinder\AppData\Roaming\Mozilla\Firefox\Profiles\o9tx7oyb.default\searchplugins\youtube-video-search.xml
[2010/01/07 15:57:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/04 07:06:05 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/04 07:06:05 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/04 07:06:05 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/04 07:06:05 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/15 22:58:56 | 000,000,022 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2966325028-1506091324-1951739124-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Filthgrinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Filthgrinder\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8:[b]64bit:[/b] - Extra context menu item: Append to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert link target to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selected links to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert selection to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - D:\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/14 10:24:02 | 000,000,071 | ---- | M] () - E:\autorun_usb.inf -- [ FAT32 ]
O33 - MountPoints2\{82e0274b-f07d-11de-904b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82e0274b-f07d-11de-904b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\NBDriver.exe -- File not found
O33 - MountPoints2\{a4346d7e-456c-11df-ab1d-e0cb4e4a8bba}\Shell - "" = AutoRun
O33 - MountPoints2\{a4346d7e-456c-11df-ab1d-e0cb4e4a8bba}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{a4346d7e-456c-11df-ab1d-e0cb4e4a8bba}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{a4346d7e-456c-11df-ab1d-e0cb4e4a8bba}\Shell\install\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{b96525c1-1402-11df-a010-e0cb4e4a8bba}\Shell - "" = AutoRun
O33 - MountPoints2\{b96525c1-1402-11df-a010-e0cb4e4a8bba}\Shell\AutoRun\command - "" = E:\VTP_Manager.exe -- File not found
O33 - MountPoints2\{e5ed6b17-4791-11df-b29f-e0cb4e4a8bba}\Shell - "" = AutoRun
O33 - MountPoints2\{e5ed6b17-4791-11df-b29f-e0cb4e4a8bba}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/09/15 22:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2010/09/15 22:58:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2010/09/15 22:58:35 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\abelhadigital.com
[2010/09/15 22:57:27 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 22:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/15 17:47:06 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Filthgrinder\Desktop\HJTInstall.exe
[2010/09/15 17:47:05 | 000,864,120 | ---- | C] (ALWIL Software) -- C:\Users\Filthgrinder\Desktop\aswar.exe
[2010/09/15 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\Desktop\HostsMan
[2010/09/15 17:47:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Filthgrinder\Desktop\TFC.exe
[2010/09/14 17:42:33 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\Malwarebytes
[2010/09/14 17:42:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/14 17:42:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/14 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/14 17:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/14 07:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/13 19:09:33 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/13 19:09:33 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/13 19:09:33 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/13 19:09:32 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/13 19:09:31 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/13 19:09:25 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/13 19:09:25 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/12 13:10:03 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Local\Apps
[2010/09/09 19:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2010/09/09 19:01:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/09/09 19:01:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/09/09 19:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/09/09 19:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/09/09 18:57:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/08/30 20:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/30 20:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/30 19:57:41 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/08/30 19:57:41 | 000,069,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2010/08/30 19:57:41 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/08/30 19:57:34 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/08/30 19:57:33 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/08/30 19:57:33 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/30 19:57:33 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/30 19:57:32 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/08/30 19:57:32 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/08/30 19:57:32 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/08/30 19:57:32 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/08/30 19:57:30 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/08/30 19:57:30 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/08/30 19:57:30 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/08/30 19:57:30 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/08/30 19:57:30 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/08/30 19:57:28 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/08/30 19:57:28 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/08/30 19:57:28 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/08/30 19:57:28 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/08/30 19:57:26 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/08/30 19:57:26 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/08/30 19:57:26 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010/08/30 19:57:26 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/08/30 18:23:16 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/08/30 18:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/30 18:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/30 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\Documents\ForceField Shared Files
[2010/08/30 18:08:18 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\CheckPoint
[2010/08/30 18:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/08/30 18:07:57 | 000,033,160 | ---- | C] (Zone Labs Inc.) -- C:\Windows\zllsputility_loc0407.dll
[2010/08/30 18:07:56 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2010/08/30 18:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/08/13 06:59:52 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/13 06:59:52 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/13 06:59:51 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/13 06:59:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/13 06:59:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/13 06:59:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/13 06:59:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/13 06:59:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/13 06:59:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/13 06:59:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/13 06:59:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/13 06:59:45 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/07/31 13:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/31 13:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/17 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\Apple Computer
[2010/07/17 14:25:55 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Local\Apple Computer
[2010/07/17 14:25:50 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/07/17 14:25:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/07/17 14:25:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/07/17 14:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/17 14:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/07/17 14:24:57 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Local\Apple
[2010/07/17 14:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/07/17 14:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/17 14:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/17 14:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/07/17 14:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/07/14 07:12:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/11 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\Documents\Bioshock
[2010/07/11 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\Bioshock
[2010/07/11 17:30:32 | 000,000,000 | RH-D | C] -- C:\Users\Filthgrinder\AppData\Roaming\SecuROM
[2010/07/09 16:17:18 | 015,314,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/07/09 16:17:18 | 001,882,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/07/09 16:17:18 | 001,585,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/07/09 16:17:18 | 000,282,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll
[2010/07/09 16:17:18 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/06/26 12:59:57 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/26 12:59:57 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/26 12:59:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/26 12:59:57 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/26 12:59:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/26 12:59:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/26 12:59:56 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/26 12:59:56 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 19:31:22 | 000,000,000 | ---D | C] -- C:\Users\Filthgrinder\AppData\Roaming\QuickScan
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/09/16 19:59:48 | 003,145,728 | -HS- | M] () -- C:\Users\Filthgrinder\NTUSER.DAT
[2010/09/16 19:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 19:48:27 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 18:00:14 | 001,297,471 | -H-- | M] () -- C:\Users\Filthgrinder\AppData\Local\IconCache.db
[2010/09/16 17:51:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/16 17:47:54 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 17:47:54 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 17:45:20 | 000,715,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/16 17:45:20 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/16 17:45:20 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/16 17:40:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/16 17:40:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 06:55:50 | 000,359,929 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\dds.scr
[2010/09/15 22:02:28 | 000,002,099 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\HijackThis.lnk
[2010/09/15 16:41:48 | 000,864,120 | ---- | M] (ALWIL Software) -- C:\Users\Filthgrinder\Desktop\aswar.exe
[2010/09/15 16:32:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Filthgrinder\Desktop\TFC.exe
[2010/09/15 16:30:24 | 000,613,888 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\Scan.doc
[2010/09/15 16:29:28 | 000,000,086 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\kavwebscan.html
[2010/09/15 16:28:46 | 003,845,170 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\ComboFix.exe
[2010/09/15 16:28:16 | 000,293,376 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\whyclv04.exe
[2010/09/15 08:31:22 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Filthgrinder\Desktop\HJTInstall.exe
[2010/09/14 20:28:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/14 20:13:48 | 000,002,116 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010/09/14 17:42:17 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 19:09:34 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/09 19:23:55 | 000,001,457 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/09/09 19:02:54 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 17:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 16:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 16:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 16:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 16:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 16:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/21 17:09:51 | 002,379,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/08/04 18:43:17 | 000,210,176 | ---- | M] () -- C:\Users\Filthgrinder\Desktop\One reklamation.pdf
[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/10 00:38:00 | 019,114,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/07/10 00:38:00 | 014,513,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/07/10 00:38:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/07/10 00:38:00 | 012,471,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/07/10 00:38:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/07/10 00:38:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/07/10 00:38:00 | 007,002,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/07/10 00:38:00 | 006,116,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/07/10 00:38:00 | 005,107,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/07/10 00:38:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/07/10 00:38:00 | 003,089,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/07/10 00:38:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/07/10 00:38:00 | 002,761,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/07/10 00:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/07/10 00:38:00 | 002,037,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/07/10 00:38:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/07/10 00:38:00 | 000,660,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvudisp.exe
[2010/07/10 00:38:00 | 000,382,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/07/10 00:38:00 | 000,314,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/07/10 00:38:00 | 000,260,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010/07/10 00:38:00 | 000,260,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/07/10 00:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 00:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/10 00:38:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/07/09 16:17:18 | 015,314,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010/07/09 16:17:18 | 001,882,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010/07/09 16:17:18 | 001,585,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010/07/09 16:17:18 | 000,282,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll
[2010/07/09 16:17:18 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010/07/07 14:03:20 | 000,660,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2010/06/30 09:11:36 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/30 09:11:35 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/30 09:09:20 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/30 08:21:47 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/30 08:21:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/30 08:19:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/24 07:27:43 | 000,000,036 | ---- | M] () -- C:\Users\Filthgrinder\AppData\Local\housecall.guid.cache
[2010/06/22 00:07:48 | 000,029,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/06/22 00:07:46 | 000,659,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuhda6.exe
[2010/06/22 00:07:44 | 000,255,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2010/06/22 00:07:41 | 000,069,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2010/06/22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/06/19 09:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/06/19 08:53:18 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/06/19 08:33:29 | 003,955,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/06/19 08:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/06/19 08:23:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/16 06:57:18 | 000,359,929 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\dds.scr
[2010/09/15 22:02:28 | 000,002,099 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\HijackThis.lnk
[2010/09/15 17:47:06 | 000,000,086 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\kavwebscan.html
[2010/09/15 17:47:05 | 003,845,170 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\ComboFix.exe
[2010/09/15 17:47:05 | 000,293,376 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\whyclv04.exe
[2010/09/15 17:47:04 | 000,613,888 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\Scan.doc
[2010/09/14 17:42:17 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/13 19:09:34 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/09 19:02:54 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk
[2010/08/30 18:18:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/08/30 18:07:57 | 000,011,144 | ---- | C] () -- C:\Windows\SysWow64\imsinstall_loc0407.dll
[2010/08/30 18:07:57 | 000,007,048 | ---- | C] () -- C:\Windows\SysWow64\imslsp_install_loc0407.dll
[2010/08/04 18:43:16 | 000,210,176 | ---- | C] () -- C:\Users\Filthgrinder\Desktop\One reklamation.pdf
[2010/06/24 07:27:43 | 000,000,036 | ---- | C] () -- C:\Users\Filthgrinder\AppData\Local\housecall.guid.cache
[2010/06/10 20:19:44 | 000,035,509 | ---- | C] () -- C:\Users\Filthgrinder\AppData\Roaming\SQLite3.dll
[2010/01/12 20:45:16 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/01/09 23:29:48 | 000,007,598 | ---- | C] () -- C:\Users\Filthgrinder\AppData\Local\Resmon.ResmonCfg
[2010/01/09 23:10:40 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/12/24 13:24:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/24 13:05:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/24 12:56:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/24 12:55:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:24051EFF
< End of report >

Link to post
Share on other sites

  • Root Admin

Well I don't see anything obvious in the logs here except this (which is not all that bad, just stands out is all), I also find it curious that I can DDS on an x64 Windows box but you can't.

C:\ProgramData\Temp

I don't believe the Temp folder is there by default from a clean Windows installation (at least I don't have it on a couple systems) and it has an alternate data stream on it which again is odd for a folder.

Can you make sure hidden files are turned off and look and see if you find anything in that folder and if not I'd just delete it and create a new one.

Everyone has different opinions on software. Myself I think the built-in firewall works quite well and ZoneAlarm is a good firewall as well but has had numerous issues with being a resource hog and even removal issues.

At this time I don't see anything obvious in the logs to indicate an infection.

You may want to review your ZoneAlarm logs to see what they say about sending out any data at said times. Also you can install WireShark and do some traffic scans and review for anything unexpected going out. http://www.wireshark.org/

Link to post
Share on other sites

Okay well as said - currently don't see anything in the logs to indicate an infection. Wireshark or other methods to monitor it may be in order to review for a few days to verify and ensure that it's not this system doing it.

OK. I just wanted to make sure that my system is clean because as I said in my opening post I don't wat my ISP to cut my connection again.

Thanks for your help.

Leo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.