mtc777 Posted September 17, 2010 ID:314921 Share Posted September 17, 2010 After malware cleaning, my pc is been acting strange. 1. Computer boots slower than ussual. After "welcome" screen it just shows wallpaper without icons for about 1 minute before continuing.2. System works normally (fresh boot) until I plug in portable disc drive (with its own power supply). The drive is not recognised and if I start Total commander or Control panel, both processes are listed in taskmanager, but they dont appear on the main screen. I can start multiple instances but they show up only in task manager. 3. The processes mentioned above also can`t be killed and in most cases PC needs hard reset4. USB flash drives work normally regardless when I plug them inOn the other hand USB disk works normaly if I plug it in BEFORE i boot or start PC. My system:Asus PK5Intel Core2 E6550 @2.33 GHz2 GB ramGeforce 8800 GTSHere is my malware cleaning topic so you can see what actions have been taken:http://forums.malwarebytes.org/index.php?showtopic=62505DDSGMER Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 17, 2010 Root Admin ID:314979 Share Posted September 17, 2010 Well I'm a bit curious why CF found stuff a second time. Please run the following and post back the requested information.STEP 01Click on START - RUN and copy / paste the entry below into the run line and click OKCMD /C NETSH FIREWALL RESETClick on START - RUN and copy / paste the entry below into the run line and click OKCMD /C NETSH int ip reset c:\resetlog.txtClick on START - RUN and copy / paste the entry below into the run line and click OKCMD /C netsh winsock reset catalogSTEP 02You may have corrupted files on your disk. Please try running the following.First close ALL Applications as this routine will automatically restart your computer.Click on START - RUN and copy / paste the following entry into the box and click OKCMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30STEP 03Please download to your Desktop: Dr.Web CureItAfter the file has downloaded, disable your current Anti-Virus and disconnect from the InternetDoubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.Once the short scan has finished, Click on the Complete scan radio button.Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the LanguageChoose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)On the File types tab ensure you select All filesClick on the Actions tab and set the following:Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = ReportInfected packages Archive = Move, E-mails = Report, Containers = MoveMalware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = MoveDo not change the Rename extension - default is: #??Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\Leave prompt on Action checked[*]On the Log file tab leave the Log to file checked.[*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log[*]Log mode = Append[*]Encoding = ANSI[*]Details Leave Names of file packers and Statistics checked.[*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.[*]On the General tab leave the Scan Priority on High[*]Click the Apply button at the bottom, and then the OK button.[*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.[*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives[*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.[*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.[*]Click 'Yes to all' if it asks if you want to cure/move the files.[*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)[*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list[*]Save the report to your Desktop. The report will be called DrWeb.csv[*]Close Dr.Web Cureit.[*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.[*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.STEP 04Download DDS and save it to your desktophttp://download.bleepingcomputer.com/sUBs/dds.scrDisable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txtSTEP 05Review your Microsoft Updates settings and make sure you set them up properly.STEP 06Please download the Microsoft Genuine Advantage Diagnostic Tool Double-click to run it and press the CONTINUE button and allow the program to check your system. When completed cick the COPY button and post back the results on your next reply. Link to post Share on other sites More sharing options...
mtc777 Posted September 18, 2010 Author ID:315297 Share Posted September 18, 2010 DRWEB-Cureit logrkill.com;C:\Documents and Settings\Matic\Desktop\Cleanup;Trojan.MulDrop1.46285;Incurable.Moved.;eXeem_BETA_0.24.exe/setup.exe\{tmp}\VVSNI_WhenU_installInst.exe;E:\CD_Utils\eXeem_0.21\eXeem_BETA_0.24.exe/setup.exe;Adware.SaveNow;;setup.exe;E:\CD_Utils\eXeem_0.21;Container contains infected objects;;eXeem_BETA_0.24.exe;E:\CD_Utils\eXeem_0.21;Archive contains infected objects;Moved.;Patch.exe;E:\CD_Utils\_Mp3_utils\tag&rename.3.1.7\Crack;Tool.ASEye.2;;A0354482.exe/setup.exe\{tmp}\VVSNI_WhenU_installInst.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718\A0354482.exe/setup.exe;Adware.SaveNow;;setup.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Container contains infected objects;;A0354482.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Archive contains infected objects;Moved.;A0354483.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Trojan.PWS.Wsgame.23336;Incurable.Moved.;DDS (Ver_10-03-17.01) - NTFSx86 Run by Matic at 20:20:19.45 on Sat 09/18/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1619 [GMT 2:00]AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Online Armor\OAcat.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NOD32 Antivirus\ekrn.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\NOD32 Antivirus\egui.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXEC:\Program Files\ObjectDock\ObjectDock.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXEC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Matic\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.si/BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllmRun: [egui] "c:\program files\nod32 antivirus\egui.exe" /hide /waitservicemRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXEmRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\docume~1\matic\startm~1\programs\startup\stardo~1.lnk - c:\program files\objectdock\ObjectDock.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dllDPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284480311906DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\iconpackager\iprepair.dllSEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL================= FIREFOX ===================FF - ProfilePath - c:\docume~1\matic\applic~1\mozilla\firefox\profiles\gnebaclb.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=FF - prefs.js: browser.startup.homepage - hxxp://www.microtforum.com/forum/FF - plugin: c:\documents and settings\matic\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-9-7 201168]R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-9-7 38856]R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-9-7 25000]R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-9-7 29272]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]R2 ekrn;Eset Service;c:\program files\nod32 antivirus\ekrn.exe [2008-2-20 472320]R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2010-9-7 380272]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-18 38656]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-17 20952]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-17 304464]S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2010-9-7 3638240]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-4 1684736]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-12 137344]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-12 8320]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-10-20 13225]S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-10 27064]S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-10-28 61600]S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-10-28 9360]S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-10-28 97184]S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-12-10 88688]S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-12-10 18704]S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-10-28 86560]S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-12-10 90800]S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\drivers\Z550bus.sys [2008-3-1 60800]S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\drivers\Z550mdfl.sys [2008-3-1 9264]S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\drivers\Z550mdm.sys [2008-3-1 96352]S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\Z550mgmt.sys [2008-3-1 87824]S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\drivers\Z550obex.sys [2008-3-1 85696]============== File Associations ===============.txt=UltraEdit.txt=============== Created Last 30 ================2010-09-18 12:18:47 24832 ----a-w- c:\windows\system32\12184746841.dll2010-09-18 10:14:29 0 d-----w- c:\documents and settings\matic\DoctorWeb2010-09-17 14:11:39 0 d-s---w- C:\ComboFix2010-09-17 08:21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-09-17 08:21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-09-17 08:21:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-09-17 07:13:28 34 ----a-w- c:\windows\system32\msghdf16.ocx2010-09-17 07:13:24 34 ----a-w- c:\windows\system32\rnplf16.dll2010-09-17 07:12:21 152848 ----a-w- c:\windows\system32\COMDLG32.OCX2010-09-17 06:32:41 0 d-sha-r- C:\cmdcons2010-09-16 11:38:36 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys2010-09-16 10:39:30 0 d-----w- c:\program files\Proces Explorer2010-09-14 16:01:20 0 d-----w- c:\windows\system32\SoftwareDistribution2010-09-14 08:42:21 0 d-----w- c:\program files\Spybot2010-09-12 20:57:01 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure2010-09-12 14:23:20 0 d-----w- c:\program files\ESET2010-09-11 20:26:47 20 ----a-w- c:\documents and settings\matic\defogger_reenable2010-09-10 21:42:29 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys2010-09-10 21:42:23 0 d-----w- c:\program files\Revo Uninstaller Pro2010-09-10 21:37:53 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-09-10 20:19:50 0 d-----w- c:\program files\Trend Micro2010-09-10 08:50:28 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-09-08 07:15:51 0 d-----w- c:\docume~1\matic\applic~1\SUPERAntiSpyware.com2010-09-08 07:15:51 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-09-08 07:15:21 0 d-----w- c:\program files\SUPERAntiSpyware2010-09-07 15:22:02 0 d-----w- c:\docume~1\matic\applic~1\OnlineArmor2010-09-07 15:22:02 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor2010-09-07 15:21:28 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys2010-09-07 15:21:28 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys2010-09-07 15:21:28 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys2010-09-07 15:21:28 201168 ----a-w- c:\windows\system32\drivers\OADriver.sys2010-09-07 15:19:13 0 d-----w- c:\program files\Online Armor2010-09-07 07:42:41 1096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg2010-09-07 07:33:07 16384 ---ha-w- C:\SZKGFS.dat2010-09-07 07:29:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard2010-09-07 07:28:35 0 d-----w- c:\program files\common files\iS32010-09-07 07:28:35 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!2010-09-07 07:04:48 48 ----a-w- c:\windows\wininit.ini2010-09-06 10:06:48 0 d-s---w- c:\documents and settings\matic\UserData2010-09-04 19:21:29 0 d-----w- c:\program files\Subtitle Workshop2010-08-27 17:33:51 0 d-----w- c:\program files\common files\Data2010-08-27 17:31:46 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll2010-08-20 11:30:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}2010-08-20 11:16:14 0 d-----w- c:\program files\IconPackager==================== Find3M ====================2010-08-12 12:48:08 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin2010-08-12 12:48:05 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin2010-07-26 08:13:40 108032 ----a-w- c:\windows\system32\ff_vfw.dll2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll2009-11-19 19:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll2009-11-19 19:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll2006-06-23 20:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe============= FINISH: 20:21:59.79 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/18/2007 4:03:33 PMSystem Uptime: 9/18/2010 8:16:27 PM (0 hours ago)Motherboard: ASUSTeK Computer INC. | | P5KProcessor: Intel® Core2 Duo CPU E6550 @ 2.33GHz | LGA775 | 2337/333mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 78 GiB total, 15.217 GiB free.D: is FIXED (NTFS) - 64 GiB total, 26.271 GiB free.E: is FIXED (NTFS) - 152 GiB total, 3.999 GiB free.S: is FIXED (NTFS) - 4 GiB total, 1.885 GiB free.X: is CDROM ()==== Disabled Device Manager Items =============Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}Description: Standard 101/102-Key or Microsoft Natural PS/2 KeyboardDevice ID: ACPI\PNP0303\4&1400782C&0Manufacturer: (Standard keyboards)Name: Standard 101/102-Key or Microsoft Natural PS/2 KeyboardPNP Device ID: ACPI\PNP0303\4&1400782C&0Service: i8042prt==== System Restore Points ===================RP718: 9/17/2010 9:37:35 PM - System Checkpoint==== Installed Programs ====================== Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now