Jump to content

USB trouble

mtc777

By mtc777
in General Windows PC Help

 Share

Recommended Posts

mtc777

mtc777

Posted
Posted

After malware cleaning, my pc is been acting strange.

1. Computer boots slower than ussual. After "welcome" screen it just shows wallpaper without icons for about 1 minute before continuing.

2. System works normally (fresh boot) until I plug in portable disc drive (with its own power supply). The drive is not recognised and if I start Total commander or Control panel, both processes are listed in taskmanager, but they dont appear on the main screen. I can start multiple instances but they show up only in task manager.

3. The processes mentioned above also can`t be killed and in most cases PC needs hard reset

4. USB flash drives work normally regardless when I plug them in

On the other hand USB disk works normaly if I plug it in BEFORE i boot or start PC.

My system:

Asus PK5

Intel Core2 E6550 @2.33 GHz

2 GB ram

Geforce 8800 GTS

Here is my malware cleaning topic so you can see what actions have been taken:

http://forums.malwarebytes.org/index.php?showtopic=62505

DDS

GMER

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well I'm a bit curious why CF found stuff a second time.

Please run the following and post back the requested information.

STEP 01

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C netsh winsock reset catalog

STEP 02

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

STEP 03

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

STEP 04

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 05

Review your Microsoft Updates settings and make sure you set them up properly.

STEP 06

Please download the Microsoft Genuine Advantage Diagnostic Tool

Double-click to run it and press the CONTINUE button and allow the program to check your system. When completed cick the COPY button and post back the results on your next reply.

Link to post
Share on other sites
mtc777

mtc777

Posted
  • Author
Posted

DRWEB-Cureit log

rkill.com;C:\Documents and Settings\Matic\Desktop\Cleanup;Trojan.MulDrop1.46285;Incurable.Moved.;

eXeem_BETA_0.24.exe/setup.exe\{tmp}\VVSNI_WhenU_installInst.exe;E:\CD_Utils\eXeem_0.21\eXeem_BETA_0.24.exe/setup.exe;Adware.SaveNow;;

setup.exe;E:\CD_Utils\eXeem_0.21;Container contains infected objects;;

eXeem_BETA_0.24.exe;E:\CD_Utils\eXeem_0.21;Archive contains infected objects;Moved.;

Patch.exe;E:\CD_Utils\_Mp3_utils\tag&rename.3.1.7\Crack;Tool.ASEye.2;;

A0354482.exe/setup.exe\{tmp}\VVSNI_WhenU_installInst.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718\A0354482.exe/setup.exe;Adware.SaveNow;;

setup.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Container contains infected objects;;

A0354482.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Archive contains infected objects;Moved.;

A0354483.exe;E:\System Volume Information\_restore{12103DBF-3C63-4F65-9CD9-D91CFC666C38}\RP718;Trojan.PWS.Wsgame.23336;Incurable.Moved.;

DDS (Ver_10-03-17.01) - NTFSx86

Run by Matic at 20:20:19.45 on Sat 09/18/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1619 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\NOD32 Antivirus\egui.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE

C:\Program Files\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Matic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.si/

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

mRun: [egui] "c:\program files\nod32 antivirus\egui.exe" /hide /waitservice

mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE

mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\matic\startm~1\programs\startup\stardo~1.lnk - c:\program files\objectdock\ObjectDock.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284480311906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\iconpackager\iprepair.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matic\applic~1\mozilla\firefox\profiles\gnebaclb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.microtforum.com/forum/

FF - plugin: c:\documents and settings\matic\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-9-7 201168]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-9-7 38856]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-9-7 25000]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-9-7 29272]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 ekrn;Eset Service;c:\program files\nod32 antivirus\ekrn.exe [2008-2-20 472320]

R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2010-9-7 380272]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-10-18 38656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-17 20952]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-17 304464]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]

S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2010-9-7 3638240]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-4 1684736]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-12 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-12 8320]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2007-10-20 13225]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-9-10 27064]

S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2007-10-28 61600]

S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2007-10-28 9360]

S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2007-10-28 97184]

S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2007-12-10 88688]

S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2007-12-10 18704]

S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2007-10-28 86560]

S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2007-12-10 90800]

S3 Z550bus;Sony Ericsson Z550 driver (WDM);c:\windows\system32\drivers\Z550bus.sys [2008-3-1 60800]

S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;c:\windows\system32\drivers\Z550mdfl.sys [2008-3-1 9264]

S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;c:\windows\system32\drivers\Z550mdm.sys [2008-3-1 96352]

S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\Z550mgmt.sys [2008-3-1 87824]

S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;c:\windows\system32\drivers\Z550obex.sys [2008-3-1 85696]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-09-18 12:18:47 24832 ----a-w- c:\windows\system32\12184746841.dll

2010-09-18 10:14:29 0 d-----w- c:\documents and settings\matic\DoctorWeb

2010-09-17 14:11:39 0 d-s---w- C:\ComboFix

2010-09-17 08:21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-17 08:21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-17 08:21:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-17 07:13:28 34 ----a-w- c:\windows\system32\msghdf16.ocx

2010-09-17 07:13:24 34 ----a-w- c:\windows\system32\rnplf16.dll

2010-09-17 07:12:21 152848 ----a-w- c:\windows\system32\COMDLG32.OCX

2010-09-17 06:32:41 0 d-sha-r- C:\cmdcons

2010-09-16 11:38:36 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys

2010-09-16 10:39:30 0 d-----w- c:\program files\Proces Explorer

2010-09-14 16:01:20 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-09-14 08:42:21 0 d-----w- c:\program files\Spybot

2010-09-12 20:57:01 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure

2010-09-12 14:23:20 0 d-----w- c:\program files\ESET

2010-09-11 20:26:47 20 ----a-w- c:\documents and settings\matic\defogger_reenable

2010-09-10 21:42:29 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-09-10 21:42:23 0 d-----w- c:\program files\Revo Uninstaller Pro

2010-09-10 21:37:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 20:19:50 0 d-----w- c:\program files\Trend Micro

2010-09-10 08:50:28 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 07:15:51 0 d-----w- c:\docume~1\matic\applic~1\SUPERAntiSpyware.com

2010-09-08 07:15:51 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-09-08 07:15:21 0 d-----w- c:\program files\SUPERAntiSpyware

2010-09-07 15:22:02 0 d-----w- c:\docume~1\matic\applic~1\OnlineArmor

2010-09-07 15:22:02 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor

2010-09-07 15:21:28 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2010-09-07 15:21:28 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys

2010-09-07 15:21:28 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys

2010-09-07 15:21:28 201168 ----a-w- c:\windows\system32\drivers\OADriver.sys

2010-09-07 15:19:13 0 d-----w- c:\program files\Online Armor

2010-09-07 07:42:41 1096 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-09-07 07:33:07 16384 ---ha-w- C:\SZKGFS.dat

2010-09-07 07:29:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard

2010-09-07 07:28:35 0 d-----w- c:\program files\common files\iS3

2010-09-07 07:28:35 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-09-07 07:04:48 48 ----a-w- c:\windows\wininit.ini

2010-09-06 10:06:48 0 d-s---w- c:\documents and settings\matic\UserData

2010-09-04 19:21:29 0 d-----w- c:\program files\Subtitle Workshop

2010-08-27 17:33:51 0 d-----w- c:\program files\common files\Data

2010-08-27 17:31:46 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll

2010-08-20 11:30:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}

2010-08-20 11:16:14 0 d-----w- c:\program files\IconPackager

==================== Find3M ====================

2010-08-12 12:48:08 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-08-12 12:48:05 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-26 08:13:40 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll

2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll

2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll

2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll

2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll

2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll

2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll

2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll

2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe

2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe

2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll

2009-11-19 19:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll

2009-11-19 19:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll

2006-06-23 20:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 20:21:59.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/18/2007 4:03:33 PM

System Uptime: 9/18/2010 8:16:27 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K

Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz | LGA775 | 2337/333mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 78 GiB total, 15.217 GiB free.

D: is FIXED (NTFS) - 64 GiB total, 26.271 GiB free.

E: is FIXED (NTFS) - 152 GiB total, 3.999 GiB free.

S: is FIXED (NTFS) - 4 GiB total, 1.885 GiB free.

X: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&1400782C&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&1400782C&0

Service: i8042prt

==== System Restore Points ===================

RP718: 9/17/2010 9:37:35 PM - System Checkpoint

==== Installed Programs ======================

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.