Thread: My log file.. (computer is sucking) [F]
View Single Post
Old 06-27-2008, 02:52 PM   #5 (permalink)
sharkskinman
Newb Techie
 
Join Date: Nov 2006
Posts: 20
Default Re: My log file.. (computer is sucking) [P]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 19:33 . 2008-06-27 19:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-27 15:23 . 2008-06-27 15:23 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-06-27 11:32 . 2008-06-27 11:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-27 11:31 . 2008-06-27 11:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-27 10:30 . 2008-06-27 10:30 <DIR> d-------- C:\Program Files\CCleaner
2008-06-27 10:18 . 2008-06-27 10:18 <DIR> d-------- C:\VundoFix Backups
2008-06-26 20:08 . 2008-06-26 20:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 18:35 . 2008-06-26 18:35 <DIR> d-------- C:\Program Files\SourceTec
2008-06-26 16:28 . 2008-06-27 14:04 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-16 00:53 . 2008-06-16 00:53 <DIR> d-------- C:\Program Files\ScrollBar
2008-06-16 00:53 . 2008-06-16 00:53 <DIR> d-------- C:\Documents and Settings\Project Mayhem\Application Data\Sam Francke
2008-06-16 00:01 . 2008-02-14 14:30 17,542 --a------ C:\WINDOWS\SothinkScroller.ico
2008-06-16 00:00 . 2008-06-26 17:34 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-06-16 00:00 . 2008-02-14 14:30 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-16 00:00 . 2008-02-14 14:30 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-12 03:23 . 2008-06-12 03:23 268 --ah----- C:\sqmdata17.sqm
2008-06-12 03:23 . 2008-06-12 03:23 244 --ah----- C:\sqmnoopt17.sqm
2008-06-11 11:01 . 2008-06-11 11:01 <DIR> d-------- C:\Program Files\QuickTime
2008-06-11 09:49 . 2008-06-11 09:49 268 --ah----- C:\sqmdata16.sqm
2008-06-11 09:49 . 2008-06-11 09:49 244 --ah----- C:\sqmnoopt16.sqm
2008-06-11 04:27 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 04:27 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 14:12 . 2008-06-10 14:12 268 --ah----- C:\sqmdata15.sqm
2008-06-10 14:12 . 2008-06-10 14:12 244 --ah----- C:\sqmnoopt15.sqm
2008-05-28 12:50 . 2008-06-17 20:20 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-27 18:38 --------- d-----w C:\Program Files\Steam
2008-06-27 18:33 --------- d-----w C:\Program Files\Common Files\Real
2008-06-27 15:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-27 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-27 14:52 --------- d-----w C:\Documents and Settings\Project Mayhem\Application Data\uTorrent
2008-06-14 00:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-11 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-11 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 11:09 --------- d-----w C:\Documents and Settings\Project Mayhem\Application Data\eBookPro6
2008-06-03 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-03 11:58 --------- d-----w C:\Program Files\GlobalSCAPE
2008-06-03 11:14 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-26 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-26 11:14 --------- d-----w C:\Program Files\CyberLink
2008-05-26 11:14 --------- d-----w C:\Documents and Settings\Project Mayhem\Application Data\CyberLink
2008-05-20 22:50 --------- d-----w C:\Program Files\DivX
2008-05-20 13:39 --------- d-----w C:\Program Files\Alwil Software
2008-05-15 12:42 --------- d-----w C:\Documents and Settings\Project Mayhem\Application Data\GlobalSCAPE
2008-05-15 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-13 20:01 --------- d-----w C:\Documents and Settings\Project Mayhem\Application Data\Vso
2008-05-08 22:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Thunderbird
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-01-26 10:49 47,360 ----a-w C:\Documents and Settings\Project Mayhem\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-04-10 09:15 868352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-31 20:33 1271032]
"µTorrent"="C:\Documents and Settings\Project Mayhem\Desktop\utorrent.exe" [2008-03-23 18:01 219952]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"uTorrent"="C:\Documents and Settings\Project Mayhem\Desktop\utorrent.exe" [2008-03-23 18:01 219952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 10:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [2007-09-12 12:52 172032]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 18:33 77824]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-14 23:10 91432]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-27 19:33 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]

C:\Documents and Settings\Project Mayhem\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-30 12:41:43 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Project Mayhem\\Desktop\\utorrent.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Documents and Settings\\Project Mayhem\\Desktop\\My Work\\RatioKing\\RatioMaster.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\SteamApps\\hewhohasissues\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 LachesisFltr;Lachesis Mouse Driver;C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 12:04]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 19:37:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-06-27 19:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 18:41:48

Pre-Run: 39,166,046,208 bytes free
Post-Run: 41,071,407,104 bytes free

672 --- E O F --- 2008-06-21 02:00:47
sharkskinman is offline