crazy things - Page 3

abaddon · #31 July 31st, 2010, 01:24 PM

A0020327.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Packed.142;Deleted.;
A0020328.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.MulDrop.6135;Deleted.;
A0020329.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.DownLoader.18468;Delete d.;
A0020330.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert;Deleted.;
A0020331.exe\Resource.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109\A0020331.exe;Trojan.Popclick.4 4;;
A0020331.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Container contains infected objects;Moved.;
A0020332.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert.17551;Incurab le.Moved.;
A0020333.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert;Deleted.;
A0020334.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert.15485;Incurab le.Moved.;
A0020335.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert;Deleted.;
A0020336.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.DownLoader.60727;Delete d.;
A0020337.old;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert.234;Deleted.;
A0020338.exe;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert.1496;Deleted. ;
A0020339.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Trojan.Fakealert.440;Deleted.;
A0020340.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Adware.Websearch;Moved.;
A0020341.dll;C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109;Program.Winfixer.11;Moved.;
rau001978.exe;C:\WINDOWS;Adware.Dudu;Moved.;

**Jintan** · #32 August 1st, 2010, 12:28 AM

That took out quite a bit. Let's see if that "bit" includes whatever was blocking ComboFix from completing. Go ahead and try ComboFix again please.

abaddon · #33 August 1st, 2010, 12:47 AM

no luck. i tried to scan in regular mode and safe mode it just restarted the comp both times as soon as it started trying to scan. it let it do an update though

**Jintan** · #34 August 1st, 2010, 01:16 AM

The earlier logs showed a malware startup, loading from a setting that could load it into all the running processes there. Let's change that to it's usual empty default setting, and see if what that was running is what is causing the ComboFix problem.

Temp disable security software, and open Avenger again.

Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Code:

Begin copying here:
Files to move:
C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109\A0010127.exe:exe.exe | C:\ads.vir
Registry values to replace with dummy: 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

Assuming that went okay, I would like to check a file removed with Avenger.

Go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file on your computer.

C:\avenger\backup.zip

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Also try ComboFix again. If still not running all the way, run and post back a new RSIT scan log please.

**Jintan** · #35 August 1st, 2010, 01:20 AM

If you are reviewing the last steps, don't act on them just yet. The script is not quite correct for what I am seeking.

**Jintan** · #36 August 1st, 2010, 01:21 AM

Nope, in reviewing again, the previously posted Avenger script is just fine. Sorry about the confusion.

abaddon · #37 August 1st, 2010, 01:41 AM

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109\A0010127.exe:exe.exe" not found!
File move operation "C:\System Volume Information\_restore{FBFDD040-7F27-4104-B6AE-E3A12A0ED189}\RP109\A0010127.exe:exe.exe|C:\ads.vi r" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not query size of registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs"
Replacement with dummy of registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

abaddon · #38 August 1st, 2010, 01:46 AM

okay here is the link

http://thespykiller.co.uk/index.php/...6.new.html#new

abaddon · #39 August 1st, 2010, 01:57 AM

i still cant run the combofix. i dont know if this is relevant but i ran a free registry scanner and it found over 1,000 problems but i had to pay to repair them so they didnt get fixed.

abaddon · #40 August 1st, 2010, 01:58 AM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Krystian Kipp at 2010-07-31 20:57:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (60%) free of 20 GB
Total RAM: 511 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:44 PM, on 7/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krystian Kipp\Desktop\RSIT.exe
C:\trend micro\Krystian Kipp.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ntsvc32. dll,
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HBLiteSA] "C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win1D.tmp.exe
O4 - HKCU\..\Run: [Zwdv] "C:\Program Files\W?nSxS\l?ass.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.1\webbuying.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\KRYSTI~1\MYDOCU~1\MCROSO~1.NET\chkntf s.exe" -vt yazb
O4 - HKCU\..\Run: [Ieuu] "C:\WINDOWS\MANTEC~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\Temp\stdrun2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153005414718
O20 - Winlogon Notify: partnershipreg - Invalid registry found
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtesejig.html

--
End of file - 4188 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Free Registry Fix reminder.job
C:\WINDOWS\tasks\Free Registry Fix.job
C:\WINDOWS\tasks\RegSERVO.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"HBLiteSA"=C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe [2010-04-08 768816]
"avp"=C:\WINDOWS\TEMP\win1D.tmp.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Zwdv"=C:\Program Files\W?nSxS\l?ass.exe []
"WinPop"=C:\Program Files\WinPop\winpop.exe []
"Windows update loader"=C:\Windows\xpupdate.exe []
"WebBuying"=C:\Program Files\Web Buying\v1.8.1\webbuying.exe []
"uTorrent"=C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe [2010-07-24 327472]
"Service Pack 1"=C:\WINDOWS\system32\vedxg6ame4.exe []
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-10-13 1694208]
"Ltho"=C:\DOCUME~1\KRYSTI~1\MYDOCU~1\MCROSO~1.NET\ chkntfs.exe -vt yazb []
"Ieuu"=C:\WINDOWS\MANTEC~1\mmc.exe -vt yazb []
"Brave-Sentry"=C:\Program Files\BraveSentry\BraveSentry.exe []

Free Registry Fix reminder.job
Free Registry Fix.job
RegSERVO.job
SA.DAT

C:\Documents and Settings\Krystian Kipp\Start Menu\Programs\Startup
TA_Start.lnk - C:\WINDOWS\Temp\stdrun2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjvd32]
winjvd32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FWSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\FWSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
"C:\WINDOWS\system32\xblrhkrj.exe"="C:\WINDOWS\sys tem32\xbl"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\syst em32\svchost.exe:*:Enabled:svchost"
"C:\WINDOWS\TEMP\win18.tmp.exe"="C:\WINDOWS\TEMP\w in18.tmp.exe:*:Enabled:win18.tmp"
"C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe"="C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-31 20:52:56 ----SD---- C:\ComboFix
2010-07-31 20:52:56 ----SD---- \ComboFix
2010-07-31 20:52:56 ----SD---- \ComboFix
2010-07-31 20:39:39 ----A---- C:\avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt
2010-07-31 20:30:54 ----SHD---- C:\Config.Msi
2010-07-31 20:30:54 ----SHD---- \Config.Msi
2010-07-31 20:30:54 ----SHD---- \Config.Msi
2010-07-31 20:17:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-31 20:15:26 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-07-31 20:15:25 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-07-31 20:15:24 ----A---- C:\WINDOWS\system32\mfc70.dll
2010-07-31 19:45:01 ----ASH---- C:\hiberfil.sys
2010-07-31 19:45:01 ----ASH---- \hiberfil.sys
2010-07-31 19:45:01 ----ASH---- \hiberfil.sys
2010-07-31 08:18:25 ----D---- C:\WINDOWS\pss
2010-07-30 23:37:38 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-24 21:03:45 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-24 20:33:01 ----D---- C:\Documents and Settings\All Users\Application Data\Driver Whiz
2010-07-24 20:27:28 ----D---- C:\WINDOWS\messenger
2010-07-24 20:27:18 ----D---- C:\WINDOWS\windows nt
2010-07-24 20:27:18 ----D---- C:\WINDOWS\windows media player
2010-07-24 20:27:18 ----D---- C:\WINDOWS\internet explorer
2010-07-24 20:27:16 ----D---- C:\WINDOWS\movie maker
2010-07-24 20:25:04 ----A---- C:\WINDOWS\000001_.tmp
2010-07-24 19:42:39 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\uTorrent
2010-07-24 19:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\RegSERVO
2010-07-24 14:01:53 ----D---- C:\Avenger
2010-07-24 14:01:53 ----D---- \Avenger
2010-07-24 14:01:53 ----D---- \Avenger

abaddon · #41 August 1st, 2010, 01:59 AM

2010-07-19 03:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-19 03:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-19 03:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-19 03:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-19 03:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-19 03:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-19 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-19 03:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-19 03:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-07-19 03:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-07-19 03:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-19 03:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-19 03:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-19 03:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-07-19 03:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-19 03:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-19 03:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-19 03:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-19 03:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-19 03:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-19 03:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-19 03:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-19 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-19 03:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-19 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-19 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-19 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-19 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-07-19 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-19 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-07-19 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-19 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-19 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-19 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-19 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-07-19 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-07-19 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-19 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-19 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-19 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-19 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-19 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-19 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-07-19 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-19 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-19 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-12 23:42:12 ----A---- C:\Boot.bak
2010-07-12 23:42:12 ----A---- \Boot.bak
2010-07-12 23:42:12 ----A---- \Boot.bak
2010-07-12 23:42:02 ----RASHD---- C:\cmdcons
2010-07-12 23:42:02 ----RASHD---- \cmdcons
2010-07-12 23:42:02 ----RASHD---- \cmdcons
2010-07-12 23:40:20 ----A---- C:\WINDOWS\zip.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWSC.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWREG.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\sed.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\PEV.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\MBR.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\grep.exe
2010-07-12 23:40:14 ----D---- C:\WINDOWS\ERDNT
2010-07-12 23:40:03 ----D---- C:\Qoobox
2010-07-12 23:40:03 ----D---- \Qoobox
2010-07-12 23:40:03 ----D---- \Qoobox
2010-07-12 20:35:54 ----D---- C:\Powertoys for Windows XP
2010-07-12 20:35:54 ----D---- \Powertoys for Windows XP
2010-07-12 20:35:54 ----D---- \Powertoys for Windows XP
2010-07-12 20:35:28 ----D---- C:\WINDOWS\Downloaded Installations
2010-07-12 18:15:39 ----A---- C:\mbr.exe
2010-07-12 18:15:39 ----A---- \mbr.exe
2010-07-12 18:15:39 ----A---- \mbr.exe
2010-07-12 17:05:49 ----D---- C:\Install
2010-07-12 17:05:49 ----D---- \Install
2010-07-12 17:05:49 ----D---- \Install
2010-07-12 16:26:58 ----D---- C:\trend micro
2010-07-12 16:26:58 ----D---- C:\rsit
2010-07-12 16:26:58 ----D---- \trend micro
2010-07-12 16:26:58 ----D---- \trend micro
2010-07-12 16:26:58 ----D---- \rsit
2010-07-12 16:26:58 ----D---- \rsit
2010-07-12 12:48:23 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-07-12 10:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-12 10:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-12 10:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-12 10:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-12 10:15:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-12 10:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-12 10:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-12 10:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-12 10:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-07-12 10:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-12 10:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-12 10:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-12 10:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-12 10:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-12 10:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-12 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-07-12 10:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-12 10:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-11 21:58:16 ----D---- C:\ESET
2010-07-11 21:58:16 ----D---- \ESET
2010-07-11 21:58:16 ----D---- \ESET
2010-07-11 21:21:54 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-07-11 21:21:54 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2010-07-11 18:57:43 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-07-11 18:26:41 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\Adobe
2010-07-11 18:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\HBLiteSA
2010-07-11 18:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2010-07-11 18:21:00 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\HBLite
2010-07-11 18:02:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-11 17:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-11 17:48:50 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-11 17:45:32 ----RSD---- C:\WINDOWS\assembly
2010-07-11 17:38:59 ----D---- C:\WINDOWS\Common Files
2010-07-11 17:38:42 ----D---- C:\WINDOWS\Program Files
2010-07-11 17:38:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-11 17:32:56 ----ASHD---- C:\Settings
2010-07-11 17:32:56 ----ASHD---- \Settings
2010-07-11 17:32:56 ----ASHD---- \Settings
2010-07-11 17:32:52 ----D---- C:\WINDOWS\Minidump
2010-07-11 17:27:41 ----A---- C:\WINDOWS\system32\mcrh.tmp
2010-07-11 16:39:38 ----A---- C:\WINDOWS\mgrs.exe

======List of files/folders modified in the last 1 months======

2010-07-31 20:54:30 ----D---- C:\WINDOWS
2010-07-31 20:54:30 ----D---- \WINDOWS
2010-07-31 20:54:30 ----D---- \WINDOWS
2010-07-31 20:53:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-31 20:53:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-31 20:53:16 ----D---- C:\WINDOWS\Prefetch
2010-07-31 20:40:19 ----D---- C:\WINDOWS\Temp
2010-07-31 20:39:40 ----D---- C:\WINDOWS\system32\drivers
2010-07-31 20:31:29 ----SHD---- C:\WINDOWS\Installer
2010-07-31 20:25:16 ----SD---- C:\WINDOWS\Tasks
2010-07-31 20:16:52 ----D---- C:\WINDOWS\system32
2010-07-31 20:16:51 ----RD---- C:\Program Files
2010-07-31 20:16:51 ----RD---- \Program Files
2010-07-31 20:16:51 ----RD---- \Program Files
2010-07-31 19:45:54 ----RASH---- C:\boot.ini
2010-07-31 19:45:54 ----RASH---- \boot.ini
2010-07-31 19:45:54 ----RASH---- \boot.ini
2010-07-31 19:45:54 ----A---- C:\WINDOWS\win.ini
2010-07-31 19:45:54 ----A---- C:\WINDOWS\system.ini
2010-07-31 19:23:27 ----HD---- C:\WINDOWS\inf
2010-07-24 20:58:15 ----D---- C:\WINDOWS\security
2010-07-24 20:33:44 ----SD---- C:\Documents and Settings\Krystian Kipp\Application Data\Microsoft
2010-07-24 20:27:26 ----D---- C:\WINDOWS\Help
2010-07-24 20:26:57 ----D---- C:\WINDOWS\system32\usmt
2010-07-24 20:26:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-24 20:26:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-24 20:25:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-24 20:24:24 ----D---- C:\WINDOWS\EHome
2010-07-19 03:30:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-19 03:26:25 ----D---- C:\WINDOWS\system32\wbem
2010-07-19 03:26:25 ----D---- C:\WINDOWS\AppPatch
2010-07-19 03:10:14 ----A---- C:\WINDOWS\imsins.BAK
2010-07-19 03:10:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-19 03:09:07 ----D---- C:\WINDOWS\WinSxS
2010-07-12 17:08:41 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\Mozilla
2010-07-12 12:48:21 ----SH---- C:\WINDOWS\system32\fhkmp.ini
2010-07-12 10:10:16 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-12 00:54:02 ----D---- C:\WINDOWS\system32\X2
2010-07-12 00:53:53 ----D---- C:\WINDOWS\system32\win
2010-07-12 00:53:01 ----D---- C:\WINDOWS\system32\f06WtR
2010-07-12 00:52:54 ----D---- C:\WINDOWS\system32\f02WtR
2010-07-12 00:52:47 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-12 00:49:09 ----D---- C:\WINDOWS\system32\A1
2010-07-11 23:59:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-11 21:52:58 ----D---- C:\WINDOWS\??mantec
2010-07-11 18:57:43 ----D---- C:\WINDOWS\Debug
2010-07-11 18:07:23 ----D---- C:\Documents and Settings
2010-07-11 18:07:23 ----D---- \Documents and Settings
2010-07-11 18:07:23 ----D---- \Documents and Settings
2010-07-02 15:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\KRYSTI~1\LOCALS~1\Temp\cpuz132\cpu z132_x32.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
S3 iscFlash;iscFlash; \??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 asc3550u;asc3550u; C:\WINDOWS\system32\drivers\asc3550u.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-07-15 65536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2007-08-13 14336]
S4 Net Agent;Net Agent; C:\WINDOWS\dls0523pmw.exe []

-----------------EOF-----------------

**Jintan** · #42 August 2nd, 2010, 03:00 AM

Those flakey "reg cleaner/optimizer" programs are, at best, useless, and too often provide the means to damage something.

Not real sure what to make of these entries:

2010-07-31 20:52:56 ----SD---- C:\ComboFix
2010-07-31 20:52:56 ----SD---- \ComboFix
2010-07-31 20:52:56 ----SD---- \ComboFix
2010-07-31 20:39:39 ----A---- C:\avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt

The missing drive letter ones suggest some sort of function that is causing these tools to not run correctly. We will check a scan that may show what these folders actually are. For now, best we can do is just remove whatever shows in this log.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Open Avenger again.

Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.

Code:

Begin copying here:
Drivers to delete:
ICF
Net Agent
dwshd
asc3550u
Files to delete:
C:\WINDOWS\tasks\Free Registry Fix reminder.job
C:\WINDOWS\tasks\Free Registry Fix.job
C:\WINDOWS\tasks\RegSERVO.job
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\mgrs.exe
C:\WINDOWS\dls0523pmw.exe
C:\WINDOWS\System32\drivers\dwshd.sys
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\xblrhkrj.exe
C:\Documents and Settings\Krystian Kipp\Start Menu\Programs\Startup\TA_Start.lnk
C:\WINDOWS\Temp\stdrun2.exe
Folders to delete:  
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\win
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\f02WtR
C:\Program Files\WinAntiVirus Pro 2006
C:\WINDOWS\system32\xbl
C:\Program Files\BraveSentry
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {E9BD0828-1FD9-410C-A50F-43EBE65D310F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | avp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Zwdv
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WinPop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows update loader
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | WebBuying
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Service Pack 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Ltho
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Ieuu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Brave-Sentry
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjvd32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg

Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.

---------

After the reboot try ComboFix again, and post that log with the C:\avenger.txt log please. If ComboFix still doesn't work run and post back a new RSIT scan.

Also download MS Sysinternal's Junction.zip from here to your desktop, then unzip that. Then in that folder locate the Junction.exe file, and place a copy of that directly on your desktop.

Go to Start - Run, and copy/paste the following command line, and then press OK:

cmd /c "%userprofile%\desktop\junction.exe" -s c:\ >log.txt&log.txt

Once you have accepted the agreement a command window will open. When the scan complete a log.txt will open in Notepad. Paste those contents back here please. This will also be saved as "log.txt" in your current user's folder (example - C:\Documents and Settings\yourusername).

abaddon · #43 August 2nd, 2010, 03:17 AM

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Aug 01 22:05:19 2010

22:05:14: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Zwdv"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:05:19: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Aug 01 22:10:27 2010

22:10:03: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Zwdv"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:06: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|WinPop"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:11: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Windows update loader"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:13: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|WebBuying"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:13: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Service Pack 1"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:18: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Ltho"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:21: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Ieuu"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
22:10:21: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run|Brave-Sentry"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ICF" deleted successfully.
Driver "Net Agent" deleted successfully.
Driver "dwshd" deleted successfully.
Driver "asc3550u" deleted successfully.
File "C:\WINDOWS\tasks\Free Registry Fix reminder.job" deleted successfully.
File "C:\WINDOWS\tasks\Free Registry Fix.job" deleted successfully.
File "C:\WINDOWS\tasks\RegSERVO.job" deleted successfully.
File "C:\WINDOWS\system32\mcrh.tmp" deleted successfully.
File "C:\WINDOWS\mgrs.exe" deleted successfully.

Error: file "C:\WINDOWS\dls0523pmw.exe" not found!
Deletion of file "C:\WINDOWS\dls0523pmw.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\System32\drivers\dwshd.sys" not found!
Deletion of file "C:\WINDOWS\System32\drivers\dwshd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\asc3550u.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\asc3550u.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\fhkmp.ini" deleted successfully.

Error: file "C:\WINDOWS\system32\xblrhkrj.exe" not found!
Deletion of file "C:\WINDOWS\system32\xblrhkrj.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Krystian Kipp\Start Menu\Programs\Startup\TA_Start.lnk" deleted successfully.

Error: file "C:\WINDOWS\Temp\stdrun2.exe" not found!
Deletion of file "C:\WINDOWS\Temp\stdrun2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\system32\X2" deleted successfully.
Folder "C:\WINDOWS\system32\win" deleted successfully.
Folder "C:\WINDOWS\system32\f06WtR" deleted successfully.
Folder "C:\WINDOWS\system32\f02WtR" deleted successfully.
Folder "C:\Program Files\WinAntiVirus Pro 2006" deleted successfully.

Error: folder "C:\WINDOWS\system32\xbl" not found!
Deletion of folder "C:\WINDOWS\system32\xbl" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\BraveSentry" not found!
Deletion of folder "C:\Program Files\BraveSentry" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Explorer\ShellExecuteHooks|{E9BD0828-1FD9-410C-A50F-43EBE65D310F}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run|avp" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjvd32" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

abaddon · #44 August 2nd, 2010, 03:24 AM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Krystian Kipp at 2010-08-01 22:23:35
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (63%) free of 20 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:40 PM, on 8/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Krystian Kipp\Desktop\RSIT.exe
C:\trend micro\Krystian Kipp.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ntsvc32. dll,
O4 - HKLM\..\Run: [HBLiteSA] "C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Zwdv] "C:\Program Files\W?nSxS\l?ass.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.1\webbuying.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\KRYSTI~1\MYDOCU~1\MCROSO~1.NET\chkntf s.exe" -vt yazb
O4 - HKCU\..\Run: [Ieuu] "C:\WINDOWS\MANTEC~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153005414718
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtesejig.html

--
End of file - 4034 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"HBLiteSA"=C:\Program Files\HBLite\bin\11.0.181.0\HBLiteSA.exe [2010-04-08 768816]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MS CONFIG.EXE [2004-08-04 158208]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Zwdv"=C:\Program Files\W?nSxS\l?ass.exe []
"WinPop"=C:\Program Files\WinPop\winpop.exe []
"Windows update loader"=C:\Windows\xpupdate.exe []
"WebBuying"=C:\Program Files\Web Buying\v1.8.1\webbuying.exe []
"uTorrent"=C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe [2010-07-24 327472]
"Service Pack 1"=C:\WINDOWS\system32\vedxg6ame4.exe []
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2004-10-13 1694208]
"Ltho"=C:\DOCUME~1\KRYSTI~1\MYDOCU~1\MCROSO~1.NET\ chkntfs.exe -vt yazb []
"Ieuu"=C:\WINDOWS\MANTEC~1\mmc.exe -vt yazb []
"Brave-Sentry"=C:\Program Files\BraveSentry\BraveSentry.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

SA.DAT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FWSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\FWSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
"C:\WINDOWS\system32\xblrhkrj.exe"="C:\WINDOWS\sys tem32\xbl"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\syst em32\svchost.exe:*:Enabled:svchost"
"C:\WINDOWS\TEMP\win18.tmp.exe"="C:\WINDOWS\TEMP\w in18.tmp.exe:*:Enabled:win18.tmp"
"C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe"="C:\Documents and Settings\Krystian Kipp\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-01 22:19:28 ----SD---- C:\ComboFix
2010-08-01 22:19:28 ----SD---- \ComboFix
2010-08-01 22:19:28 ----SD---- \ComboFix
2010-08-01 19:09:39 ----SHD---- C:\Config.Msi
2010-08-01 19:09:39 ----SHD---- \Config.Msi
2010-08-01 19:09:39 ----SHD---- \Config.Msi
2010-08-01 15:55:06 ----D---- C:\Documents and Settings\All Users\Application Data\Driver Mender
2010-07-31 20:39:39 ----A---- C:\avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt
2010-07-31 20:39:39 ----A---- \avenger.txt
2010-07-31 20:17:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-31 20:15:26 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-07-31 20:15:25 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-07-31 20:15:24 ----A---- C:\WINDOWS\system32\mfc70.dll
2010-07-31 19:45:01 ----ASH---- C:\hiberfil.sys
2010-07-31 19:45:01 ----ASH---- \hiberfil.sys
2010-07-31 19:45:01 ----ASH---- \hiberfil.sys
2010-07-31 08:18:25 ----D---- C:\WINDOWS\pss
2010-07-30 23:37:38 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-24 21:03:45 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-24 20:33:01 ----D---- C:\Documents and Settings\All Users\Application Data\Driver Whiz
2010-07-24 20:27:28 ----D---- C:\WINDOWS\messenger
2010-07-24 20:27:18 ----D---- C:\WINDOWS\windows nt
2010-07-24 20:27:18 ----D---- C:\WINDOWS\windows media player
2010-07-24 20:27:18 ----D---- C:\WINDOWS\internet explorer
2010-07-24 20:27:16 ----D---- C:\WINDOWS\movie maker
2010-07-24 20:25:04 ----A---- C:\WINDOWS\000001_.tmp
2010-07-24 19:42:39 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\uTorrent
2010-07-24 19:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\RegSERVO
2010-07-24 14:01:53 ----D---- C:\Avenger
2010-07-24 14:01:53 ----D---- \Avenger
2010-07-24 14:01:53 ----D---- \Avenger

abaddon · #45 August 2nd, 2010, 03:25 AM

2010-07-19 03:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-19 03:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-07-19 03:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-07-19 03:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-07-19 03:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-07-19 03:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-07-19 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-07-19 03:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-07-19 03:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-07-19 03:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-07-19 03:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-19 03:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-07-19 03:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-07-19 03:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-07-19 03:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-07-19 03:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-07-19 03:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-07-19 03:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-19 03:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-07-19 03:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-07-19 03:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-07-19 03:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-07-19 03:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-07-19 03:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-07-19 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-07-19 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-07-19 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-19 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-07-19 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-07-19 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-07-19 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-07-19 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-07-19 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-07-19 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-07-19 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-07-19 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-07-19 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-07-19 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-07-19 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-19 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-07-19 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-19 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-07-19 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-07-19 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-07-19 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-07-19 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-07-12 23:42:12 ----A---- C:\Boot.bak
2010-07-12 23:42:12 ----A---- \Boot.bak
2010-07-12 23:42:12 ----A---- \Boot.bak
2010-07-12 23:42:02 ----RASHD---- C:\cmdcons
2010-07-12 23:42:02 ----RASHD---- \cmdcons
2010-07-12 23:42:02 ----RASHD---- \cmdcons
2010-07-12 23:40:20 ----A---- C:\WINDOWS\zip.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWSC.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\SWREG.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\sed.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\PEV.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\MBR.exe
2010-07-12 23:40:20 ----A---- C:\WINDOWS\grep.exe
2010-07-12 23:40:14 ----D---- C:\WINDOWS\ERDNT
2010-07-12 23:40:03 ----D---- C:\Qoobox
2010-07-12 23:40:03 ----D---- \Qoobox
2010-07-12 23:40:03 ----D---- \Qoobox
2010-07-12 20:35:54 ----D---- C:\Powertoys for Windows XP
2010-07-12 20:35:54 ----D---- \Powertoys for Windows XP
2010-07-12 20:35:54 ----D---- \Powertoys for Windows XP
2010-07-12 20:35:28 ----D---- C:\WINDOWS\Downloaded Installations
2010-07-12 18:15:39 ----A---- C:\mbr.exe
2010-07-12 18:15:39 ----A---- \mbr.exe
2010-07-12 18:15:39 ----A---- \mbr.exe
2010-07-12 17:05:49 ----D---- C:\Install
2010-07-12 17:05:49 ----D---- \Install
2010-07-12 17:05:49 ----D---- \Install
2010-07-12 16:26:58 ----D---- C:\trend micro
2010-07-12 16:26:58 ----D---- C:\rsit
2010-07-12 16:26:58 ----D---- \trend micro
2010-07-12 16:26:58 ----D---- \trend micro
2010-07-12 16:26:58 ----D---- \rsit
2010-07-12 16:26:58 ----D---- \rsit
2010-07-12 12:48:23 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-07-12 10:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-07-12 10:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-07-12 10:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-07-12 10:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-07-12 10:15:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-07-12 10:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-12 10:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-12 10:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-07-12 10:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-07-12 10:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-07-12 10:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-07-12 10:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-12 10:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-07-12 10:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-07-12 10:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-07-12 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-07-12 10:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-07-12 10:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-07-11 21:58:16 ----D---- C:\ESET
2010-07-11 21:58:16 ----D---- \ESET
2010-07-11 21:58:16 ----D---- \ESET
2010-07-11 21:21:54 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-07-11 21:21:54 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2010-07-11 18:57:43 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-07-11 18:26:41 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\Adobe
2010-07-11 18:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\HBLiteSA
2010-07-11 18:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2010-07-11 18:21:00 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\HBLite
2010-07-11 18:02:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-11 17:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-11 17:48:50 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-11 17:45:32 ----RSD---- C:\WINDOWS\assembly
2010-07-11 17:38:59 ----D---- C:\WINDOWS\Common Files
2010-07-11 17:38:42 ----D---- C:\WINDOWS\Program Files
2010-07-11 17:38:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-11 17:32:56 ----ASHD---- C:\Settings
2010-07-11 17:32:56 ----ASHD---- \Settings
2010-07-11 17:32:56 ----ASHD---- \Settings
2010-07-11 17:32:52 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2010-08-01 22:21:54 ----D---- C:\WINDOWS
2010-08-01 22:21:54 ----D---- \WINDOWS
2010-08-01 22:21:54 ----D---- \WINDOWS
2010-08-01 22:20:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-01 22:19:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-01 22:19:29 ----D---- C:\WINDOWS\Prefetch
2010-08-01 22:11:52 ----SD---- C:\WINDOWS\Tasks
2010-08-01 22:11:52 ----RD---- C:\Program Files
2010-08-01 22:11:52 ----RD---- \Program Files
2010-08-01 22:11:52 ----RD---- \Program Files
2010-08-01 22:11:52 ----D---- C:\WINDOWS\system32\drivers
2010-08-01 22:11:52 ----D---- C:\WINDOWS\system32
2010-08-01 19:09:54 ----SHD---- C:\WINDOWS\Installer
2010-08-01 16:36:26 ----RASH---- C:\boot.ini
2010-08-01 16:36:26 ----RASH---- \boot.ini
2010-08-01 16:36:26 ----RASH---- \boot.ini
2010-08-01 16:36:26 ----A---- C:\WINDOWS\win.ini
2010-08-01 16:36:26 ----A---- C:\WINDOWS\system.ini
2010-07-31 20:40:19 ----D---- C:\WINDOWS\Temp
2010-07-31 19:23:27 ----HD---- C:\WINDOWS\inf
2010-07-24 20:58:15 ----D---- C:\WINDOWS\security
2010-07-24 20:33:44 ----SD---- C:\Documents and Settings\Krystian Kipp\Application Data\Microsoft
2010-07-24 20:27:26 ----D---- C:\WINDOWS\Help
2010-07-24 20:26:57 ----D---- C:\WINDOWS\system32\usmt
2010-07-24 20:26:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-24 20:26:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-24 20:25:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-24 20:24:24 ----D---- C:\WINDOWS\EHome
2010-07-19 03:30:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-19 03:26:25 ----D---- C:\WINDOWS\system32\wbem
2010-07-19 03:26:25 ----D---- C:\WINDOWS\AppPatch
2010-07-19 03:10:14 ----A---- C:\WINDOWS\imsins.BAK
2010-07-19 03:10:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-19 03:09:07 ----D---- C:\WINDOWS\WinSxS
2010-07-12 17:08:41 ----D---- C:\Documents and Settings\Krystian Kipp\Application Data\Mozilla
2010-07-12 10:10:16 ----D---- C:\WINDOWS\ServicePackFiles
2010-07-12 00:52:47 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-12 00:49:09 ----D---- C:\WINDOWS\system32\A1
2010-07-11 23:59:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-11 21:52:58 ----D---- C:\WINDOWS\??mantec
2010-07-11 18:57:43 ----D---- C:\WINDOWS\Debug
2010-07-11 18:07:23 ----D---- C:\Documents and Settings
2010-07-11 18:07:23 ----D---- \Documents and Settings
2010-07-11 18:07:23 ----D---- \Documents and Settings
2010-07-02 15:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\KRYSTI~1\LOCALS~1\Temp\cpuz132\cpu z132_x32.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
S3 iscFlash;iscFlash; \??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-07-15 65536]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------