Hey my computers have been running slow and not loading all pages my living computer is running average speed did scan on avast and it shows i have win32 rootkit and win32 trojan -jen other unable to delete or move to chest i have a hijack this log any help would be very appreciated.
log is for my computer in my living room i will post log for room computer which seems to have most of the problems.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:41 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra ‘Tools’ menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555312500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file - 9489 bytes
im all new to this but i wrote done the locations of the files that avast found it doesnt look to be that they showed on hi jack this i might have done it wrong but here are the results from boot scan
windows\instsp2.exe win 32:rootkit gen (rtk)
c:windows\system32\busoguze.dll win32 trojan-gen(other)
windows\system32\dijanumo.dll win32 trojan -gen (other)
An analysis of your HJT log shows the following :
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra ‘Tools’ menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. toolbar.dll - AOL toolbar.
Also related to the information at the below link :
http://www.threatexpert.com/report.aspx?md5=8d926957ede6c1de165d8d7ebd1e24a3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:17 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238555312500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file - 8939 bytes
this is a log from my comp in the living room can you please analyze and let me know if there is anything that needs to be fixed or addressed, any help will be much appreciated.
An analysis of your second HJT log shows little to worry about. Only one thing of note.
We didn’t detect any active process of a firewall on your system.
Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
I suppose you are using Windows firewall?
Otherwise, a good HJT log.
In my opinion, HJT is becoming useless.You appear to have 3 nasties
windows\instsp2.exe win 32:rootkit gen (rtk)
c:windows\system32\busoguze.dll win32 trojan-gen(other)
windows\system32\dijanumo.dll win32 trojan -gen (other)
I’m beginning to think T.M bought HJT, so they could run it into the ground.When was the last time it was upgraded/updated ?
Well HJT doesn’t do anything, it is just an analysis tool and as such is only as good as the analysis, it doesn’t flag things as malicious.
However, if avast has detected those files it may also have checked for any associated registry entries and removed those too, so these wouldn’t have appeared in a HJT log, (so nothing to analyse).
I assumed Avast was unable to remove, and had removed nothing, so any registry entries were still there, but not detected by HJT.
I don’t know where you made that assumption from as the OP reported those as what avast detected (and removed on a boot-time scan), from his other system in Reply #2. So are unrelated to the latest HJT log from a different system.
When rootkits are involved they too would obscure running processes from HJT, as they do from many other security applications, so it isn’t unusual to see them not appear in a purely analysis tool (as it has no anti-rootkit functionality).
I was refering to his 1st post on Apr 14 when he said Avast was unable to delete or move win32 trojan, the same date he posted the HJT log. The boot scan was done on the 15th.( I assume )
A lot of malware now bypasses HJT and hides in other areas - The current replacement tool of choice used on at least four forums that I frequent and assist is OTListit one of the Oldtimer family of scanners and it is very effective. This is the scan from my system
OTListIt logfile created on: 19/04/2009 18:31:37 - Run 13
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = D:\Users\Martin\Downloads\WinPFind35
Windows Vista Ultimate Edition Service Pack 2, v.286 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 98.93% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 56.17 Gb Total Space | 29.54 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
Drive D: | 91.37 Gb Total Space | 49.28 Gb Free Space | 53.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 9.05 Gb Total Space | 4.57 Gb Free Space | 50.49% Space Free | Partition Type: NTFS
Drive K: | 67.29 Gb Total Space | 40.13 Gb Free Space | 59.64% Space Free | Partition Type: NTFS
Computer Name: MARTIN-PC
Current User Name: Martin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/01/30 23:27:50 | 02,927,616 | ---- | M] (Microsoft Corporation) – D:\Windows\Explorer.EXE
PRC - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) – D:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation) – D:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) – D:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/03/27 19:22:13 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) – D:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2007/04/14 18:33:30 | 00,868,352 | ---- | M] (CaledosLAB) – D:\Program Files\CaledosLAB\Caledos Automatic Wallpaper Changer\CaledosWallpaper6.exe
PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/08/31 19:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) – D:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) – D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) – D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 19:50:50 | 00,114,528 | ---- | M] (Microsoft Corporation) – D:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) – D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/08 22:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) – D:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/03 03:07:18 | 00,240,544 | R— | M] (Adobe Systems, Inc.) – D:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/03/20 17:57:02 | 00,499,200 | ---- | M] (OldTimer Tools) – D:\Users\Martin\Downloads\WinPFind35\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2006/10/16 22:13:28 | 00,230,944 | ---- | M] (Acronis) – D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe – (AcrSch2Svc [On_Demand | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) – D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe – (Apple Mobile Device [On_Demand | Stopped])
SRV - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv [Auto | Running])
SRV - [2008/08/08 09:46:13 | 00,700,416 | ---- | M] (ATI Technologies Inc.) – D:\Windows\system32\Ati2evxx.exe – (Ati External Event Utility [On_Demand | Stopped])
SRV - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) – D:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) – D:\Program Files\Bonjour\mDNSResponder.exe – (Bonjour Service [On_Demand | Stopped])
SRV - [2008/12/14 18:02:50 | 00,067,400 | ---- | M] (Microsoft Corporation) – D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) – D:\Program Files\Creative\Shared Files\CTDevSrv.exe – (CTDevice_Srv [Auto | Running])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) – D:\Windows\ehome\ehRecvr.exe – (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) – D:\Windows\ehome\ehsched.exe – (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) – D:\Windows\ehome\ehstart.dll – (ehstart [On_Demand | Stopped])
SRV - [2008/12/16 17:50:38 | 00,043,872 | ---- | M] (Microsoft Corporation) – D:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe – (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) – D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe – (IDriverT [On_Demand | Stopped])
SRV - [2008/12/16 17:50:30 | 00,879,432 | ---- | M] (Microsoft Corporation) – D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe – (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) – D:\Program Files\iPod\bin\iPodService.exe – (iPod Service [On_Demand | Stopped])
SRV - [2008/12/16 17:50:32 | 00,129,864 | ---- | M] (Microsoft Corporation) – D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe – (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/12 20:18:49 | 00,360,192 | ---- | M] (TuneUp Software) – D:\Windows\System32\TuneUpDefragService.exe – (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2008/12/12 20:18:50 | 00,603,904 | ---- | M] (TuneUp Software) – D:\Windows\System32\TUProgSt.exe – (TuneUp.ProgramStatisticsSvc [On_Demand | Stopped])
SRV - [2008/12/11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) – D:\Windows\System32\uxtuneup.dll – (UxTuneUp [Auto | Running])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) – D:\Program Files\Windows Defender\mpsvc.dll – (WinDefend [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) – D:\Program Files\Windows Media Player\wmpnetwk.exe – (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\adp94xx.sys – (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\adpahci.sys – (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\adpu160m.sys – (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\adpu320.sys – (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\djsvs.sys – (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) – D:\Windows\system32\drivers\aliide.sys – (aliide [Disabled | Stopped])
DRV - [2007/06/29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) – D:\Windows\system32\DRIVERS\AmdLLD.sys – (AmdLLD [On_Demand | Running])
DRV - [2005/09/05 11:21:06 | 00,362,944 | ---- | M] (NETGEAR, Inc.) – D:\Windows\system32\DRIVERS\WG11TND5.sys – (AR5523 [On_Demand | Running])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\arc.sys – (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) – D:\Windows\system32\drivers\arcsas.sys – (arcsas [Disabled | Stopped])
DRV - [2009/02/05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) – D:\Windows\system32\DRIVERS\aswFsBlk.sys – (aswFsBlk [Auto | Running])
DRV - [2009/02/05 22:06:59 | 00,051,792 | ---- | M] (ALWIL Software) – D:\Windows\system32\DRIVERS\aswMonFlt.sys – (aswMonFlt [Auto | Running])
DRV - [2009/02/05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) – D:\Windows\System32\drivers\aswRdr.sys – (aswRdr [System | Running])
DRV - [2009/02/05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) – D:\Windows\System32\drivers\aswSP.sys – (aswSP [System | Running])
DRV - [2009/02/05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) – D:\Windows\System32\drivers\aswTdi.sys – (aswTdi [System | Running])
DRV - [2008/08/08 10:31:29 | 03,895,808 | ---- | M] (ATI Technologies Inc.) – D:\Windows\system32\DRIVERS\atikmdag.sys – (atikmdag [On_Demand | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) – D:\Windows\system32\drivers\brfiltlo.sys – (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) – D:\Windows\system32\drivers\brfiltup.sys – (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) – D:\Windows\system32\drivers\brserid.sys – (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) – D:\Windows\system32\drivers\brserwdm.sys – (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) – D:\Windows\system32\drivers\brusbmdm.sys – (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) – D:\Windows\system32\drivers\brusbser.sys – (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) – D:\Windows\system32\drivers\cmdide.sys – (cmdide [Disabled | Stopped])
DRV - [2009/04/03 12:17:04 | 00,037,904 | ---- | M] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\crpf.sys – (crpf [Boot | Running])
DRV - [2009/04/03 12:18:10 | 00,040,464 | ---- | M] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\csdf.sys – (csdf [Boot | Running])
DRV - [2009/01/15 10:15:26 | 00,015,360 | ---- | M] (Microsoft Corporation) – D:\Windows\system32\DRIVERS\dc3d.sys – (dc3d [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) – D:\Windows\system32\DRIVERS\E1G60I32.sys – (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) – D:\Windows\system32\drivers\elxstor.sys – (elxstor [Disabled | Stopped])
DRV - [2009/02/25 20:22:12 | 00,009,728 | ---- | M] () – D:\Windows\system32\epmntdrv.sys – (epmntdrv [On_Demand | Stopped])
DRV - [2009/02/25 20:22:12 | 00,003,072 | ---- | M] () – D:\Windows\system32\EuGdiDrv.sys – (EuGdiDrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) – D:\Windows\System32\Drivers\GEARAspiWDM.sys – (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) – D:\Windows\system32\drivers\hpcisss.sys – (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) – D:\Windows\system32\drivers\iastorv.sys – (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) – D:\Windows\system32\drivers\iirsp.sys – (iirsp [Disabled | Stopped])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) – D:\Windows\system32\drivers\iteatapi.sys – (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) – D:\Windows\system32\drivers\iteraid.sys – (iteraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) – D:\Windows\system32\drivers\lsi_fc.sys – (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) – D:\Windows\system32\drivers\lsi_sas.sys – (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) – D:\Windows\system32\drivers\lsi_scsi.sys – (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) – D:\Windows\system32\drivers\megasas.sys – (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) – D:\Windows\system32\drivers\mraid35x.sys – (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) – D:\Windows\system32\drivers\nfrd960.sys – (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) – D:\Windows\system32\drivers\ntrigdigi.sys – (ntrigdigi [Disabled | Stopped])
DRV - [2007/08/31 19:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) – D:\Windows\system32\DRIVERS\NuidFltr.sys – (NuidFltr [On_Demand | Running])
DRV - [2006/12/08 05:25:00 | 04,462,152 | ---- | M] (NVIDIA Corporation) – D:\Windows\system32\DRIVERS\nvlddmkm.sys – (nvlddmkm [On_Demand | Stopped])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) – D:\Windows\system32\drivers\nvraid.sys – (nvraid [Disabled | Stopped])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) – D:\Windows\system32\drivers\nvstor.sys – (nvstor [Boot | Running])
DRV - [2008/01/26 03:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) – D:\Windows\system32\DRIVERS\nvstor32.sys – (nvstor32 [Boot | Running])
DRV - [2007/08/21 09:13:03 | 00,024,064 | ---- | M] (Microsoft Corporation) – D:\Windows\system32\DRIVERS\point32k.sys – (Point32 [On_Demand | Running])
DRV - [2009/03/24 12:03:08 | 00,007,808 | ---- | M] (Secunia) – D:\Windows\system32\DRIVERS\psi_mf.sys – (PSI [On_Demand | Stopped])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) – D:\Windows\system32\drivers\ql2300.sys – (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) – D:\Windows\system32\drivers\ql40xx.sys – (ql40xx [Disabled | Stopped])
DRV - [2008/08/08 10:31:29 | 03,895,808 | ---- | M] (ATI Technologies Inc.) – D:\Windows\system32\DRIVERS\atikmdag.sys – (R300 [On_Demand | Stopped])
DRV - [2005/03/21 11:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) – D:\Windows\System32\sabprocenum.sys – (SABProcEnum [On_Demand | Stopped])
DRV - [2009/03/27 19:22:13 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) – D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS – (SASDIFSV [System | Running])
DRV - [2008/11/06 17:18:54 | 00,007,408 | R— | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) – D:\Program Files\SUPERAntiSpyware\SASENUM.SYS – (SASENUM [On_Demand | Running])
DRV - [2008/11/06 17:18:52 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) – D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys – (SASKUTIL [System | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateworld.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\{22119944-ED35-4ab1-910B-E619EA06A115}: D:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2008/07/08 19:16:36 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/09 20:01:43 | 00,000,000 | —D | M]
O1 HOSTS File: (2 bytes) - D:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM…\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM…\Run: [IntelliPoint] “D:\Program Files\Microsoft IntelliPoint\ipoint.exe” (Microsoft Corporation)
O4 - HKLM…\Run: [itype] “D:\Program Files\Microsoft IntelliType Pro\itype.exe” (Microsoft Corporation)
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU…\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2007\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2007\Wizard.html
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2007\Parser.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra ‘Tools’ menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra ‘Tools’ menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra ‘Tools’ menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - D:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - D:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - D:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - D:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: Microsoft XML Parser for Java file:///D:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces{967E33F9-D88B-49FA-9F4D-DC82959DC49A}\NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - D:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - D:\Windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat – [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - D:\autoexec.bat – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/04/19 18:04:17 | 00,007,180 | ---- | C] () – D:\Users\Martin\Desktop\SysRestorePoint_v12.zip
[2009/04/19 09:50:05 | 00,562,019 | ---- | C] () – D:\Users\Martin\Desktop\KIF_0162.JPG
[2009/04/19 09:49:57 | 00,583,920 | ---- | C] () – D:\Users\Martin\Desktop\KIF_0161.JPG
[2009/04/12 09:41:16 | 00,000,004 | ---- | C] () – D:\Windows\csdf.bak
[2009/04/11 18:06:10 | 00,000,000 | —D | C] – D:\Users\Martin\AppData\Local\Apple Computer
[2009/04/10 18:17:05 | 00,000,004 | ---- | C] () – D:\Windows\csdf_sdum.dat
[2009/04/10 18:07:28 | 00,040,464 | ---- | C] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\csdf.sys
[2009/04/10 18:07:28 | 00,037,904 | ---- | C] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\crpf.sys
[2009/04/10 18:07:28 | 00,007,928 | ---- | C] (COMODO Security Solutions Inc.) – D:\Windows\System32\cnat.exe
[2009/04/10 18:07:26 | 00,000,000 | —D | C] – D:\Program Files\COMODO
[2009/04/07 21:33:05 | 00,000,000 | —D | C] – D:\Program Files\iPod
[2009/04/07 21:33:03 | 00,000,000 | —D | C] – D:\ProgramData{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/07 21:33:03 | 00,000,000 | —D | C] – D:\Program Files\iTunes
[2009/04/07 21:31:54 | 00,000,000 | —D | C] – D:\Program Files\Bonjour
[2009/04/01 21:27:29 | 00,000,000 | —D | C] – D:\Users\Martin\Documents\DVDVideoSoft
[2009/03/31 22:56:23 | 00,000,394 | -H-- | C] () – D:\Windows\tasks\User_Feed_Synchronization-{1FE75B64-8298-4D79-B25D-27EB3AF04F19}.job
[2009/03/29 21:34:50 | 00,076,406 | ---- | C] () – D:\Users\Martin\Desktop\p901_01_jpg_400.jpg
[2009/03/29 15:29:05 | 00,001,239 | RH-- | C] () – D:\Windows\EPMBatch.ept
[2009/03/29 15:27:36 | 00,000,011 | ---- | C] () – D:\Windows\EuBcd.ini
[2009/03/29 15:25:34 | 01,907,712 | ---- | C] () – D:\Windows\System32\BootMan.exe
[2009/03/29 15:25:34 | 00,086,408 | ---- | C] () – D:\Windows\System32\setupempdrv03.exe
[2009/03/29 15:25:34 | 00,014,848 | ---- | C] () – D:\Windows\System32\EuEpmGdi.dll
[2009/03/29 15:25:34 | 00,009,728 | ---- | C] () – D:\Windows\System32\epmntdrv.sys
[2009/03/29 15:25:34 | 00,003,072 | ---- | C] () – D:\Windows\System32\EuGdiDrv.sys
[2009/03/29 15:25:26 | 00,000,000 | —D | C] – D:\Program Files\EASEUS
[2009/03/26 21:43:04 | 00,000,000 | —D | C] – D:\Program Files\MSECache
[2009/03/25 22:21:50 | 00,000,000 | —D | C] – D:\Program Files\Secunia
[2009/03/25 00:11:09 | 00,000,000 | —D | C] – D:\Program Files\VS Revo Group
[2009/03/24 20:06:39 | 00,000,000 | —D | C] – D:\Program Files\WinAce
========== Files - Modified Within 30 Days ==========
[1 D:\Windows\System32*.tmp files]
[2009/04/19 18:26:18 | 00,002,577 | ---- | M] () – D:\Windows\System32\config.nt
[2009/04/19 18:04:20 | 00,007,180 | ---- | M] () – D:\Users\Martin\Desktop\SysRestorePoint_v12.zip
[2009/04/19 18:00:01 | 00,000,488 | ---- | M] () – D:\Windows\tasks\1-Click Maintenance.job
[2009/04/19 17:13:01 | 00,003,680 | -H-- | M] () – D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/19 17:13:01 | 00,003,680 | -H-- | M] () – D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/19 15:29:58 | 00,690,960 | ---- | M] () – D:\Windows\System32\PerfStringBackup.INI
[2009/04/19 15:29:58 | 00,600,266 | ---- | M] () – D:\Windows\System32\perfh009.dat
[2009/04/19 15:29:58 | 00,105,772 | ---- | M] () – D:\Windows\System32\perfc009.dat
[2009/04/19 15:13:01 | 00,000,006 | -H-- | M] () – D:\Windows\tasks\SA.DAT
[2009/04/19 15:12:55 | 00,067,584 | --S- | M] () – D:\Windows\bootstat.dat
[2009/04/19 11:19:45 | 04,253,963 | -H-- | M] () – D:\Users\Martin\AppData\Local\IconCache.db
[2009/04/19 11:03:33 | 00,000,394 | -H-- | M] () – D:\Windows\tasks\User_Feed_Synchronization-{1FE75B64-8298-4D79-B25D-27EB3AF04F19}.job
[2009/04/19 09:50:49 | 00,583,920 | ---- | M] () – D:\Users\Martin\Desktop\KIF_0161.JPG
[2009/04/19 09:50:33 | 00,562,019 | ---- | M] () – D:\Users\Martin\Desktop\KIF_0162.JPG
[2009/04/12 09:41:16 | 00,000,004 | ---- | M] () – D:\Windows\csdf.bak
[2009/04/10 18:17:05 | 00,000,004 | ---- | M] () – D:\Windows\csdf_sdum.dat
[2009/04/03 12:18:10 | 00,040,464 | ---- | M] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\csdf.sys
[2009/04/03 12:17:04 | 00,037,904 | ---- | M] (COMODO Security Solutions Inc.) – D:\Windows\System32\drivers\crpf.sys
[2009/04/03 12:16:20 | 00,007,928 | ---- | M] (COMODO Security Solutions Inc.) – D:\Windows\System32\cnat.exe
[2009/03/29 21:34:32 | 00,076,406 | ---- | M] () – D:\Users\Martin\Desktop\p901_01_jpg_400.jpg
[2009/03/29 16:28:28 | 00,001,239 | RH-- | M] () – D:\Windows\EPMBatch.ept
[2009/03/29 15:54:12 | 00,000,011 | ---- | M] () – D:\Windows\EuBcd.ini
[2009/03/24 12:03:08 | 00,007,808 | ---- | M] (Secunia) – D:\Windows\System32\drivers\psi_mf.sys
yeah i only have windwos firewall on this computer. does anyone know of a good free firewall? and r yall saying this computer is fine now?
- Online Armour
- PcTools
- Comodo
- ZoneAlarm