Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anything amiss?


  • Please log in to reply

#1
In training

In training

    Member

  • Member
  • PipPip
  • 36 posts
Logfile of HijackThis v1.99.1
Scan saved at 15:53:18, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\keep safe\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167330954078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Thats all of it now :whistling:

Edited by In training, 31 December 2006 - 09:55 AM.

  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Browse here D:\keep safe\hijackthis\HijackThis.exe and rename Hijackthis.exe to HJT.exe

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply along with a new Hijack log

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
In training

In training

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Attached File  ComboFix.txt   28.3KB   213 downloads

Logfile of HijackThis v1.99.1
Scan saved at 22:44:40, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\keep safe\hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167330954078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Like that? :whistling:
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Can you paste the combo log directly into this thread, they get all jumbled and are hard to read when you attach them :blink:
  • 0

#5
In training

In training

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Happy reading :whistling:

"raiye" - 06-12-31 22:41:27.65 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\raiye\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-31 to 2006-12-31 ))))))))))))))))))))))))))))))))))


2006-12-31 11:28 <DIR> d-------- C:\DOCUME~1\raiye\APPLIC~1\Adobe
2006-12-28 21:12 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-12-28 21:12 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-12-28 21:12 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-12-28 21:12 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-12-28 21:12 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-12-28 21:12 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-12-28 21:12 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-12-28 20:28 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-12-28 19:38 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-28 19:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-28 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-28 17:42 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-28 17:42 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-28 17:42 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-28 17:42 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-28 17:42 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-28 17:42 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-28 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-28 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-28 16:33 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-28 13:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2006-12-27 18:38 <DIR> d-------- C:\Program Files\Real
2006-12-27 18:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-27 18:38 <DIR> d-------- C:\Program Files\Common Files\Real
2006-12-27 18:37 <DIR> d-------- C:\DOCUME~1\raiye\APPLIC~1\Real
2006-12-27 18:33 <DIR> d-------- C:\My Downloads
2006-12-27 14:12 8,192 --a------ C:\WINDOWS\system32\SiSPInst.dll
2006-12-27 14:12 49,152 --a------ C:\WINDOWS\InstFunc.exe
2006-12-27 14:12 337,320 --a------ C:\WINDOWS\difxapi.dll
2006-12-27 14:12 12,288 --a------ C:\WINDOWS\InstFunc.dll
2006-12-25 08:08 <DIR> d-------- C:\Program Files\PC Comfort Limited
2006-12-25 08:06 <DIR> dr--s---- C:\WINDOWS\assembly
2006-12-25 08:06 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-12-25 08:06 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-12-21 13:06 <DIR> d-------- C:\DOCUME~1\raiye\APPLIC~1\Talkback
2006-12-21 13:05 <DIR> d-------- C:\DOCUME~1\raiye\APPLIC~1\Thunderbird
2006-12-21 11:45 <DIR> d-------- C:\Program Files\RegistryFix
2006-12-21 01:19 <DIR> d-------- C:\Program Files\SpeedFan
2006-12-20 15:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-20 15:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-17 11:01 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-17 11:01 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-12-17 10:53 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-17 10:47 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-17 10:46 <DIR> d-------- C:\WINDOWS\provisioning
2006-12-17 10:46 <DIR> d-------- C:\WINDOWS\peernet
2006-12-17 10:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2006-12-17 10:40 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-17 10:37 <DIR> d-------- C:\WINDOWS\EHome
2006-12-17 10:32 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-12-17 10:32 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-12-17 10:32 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-12-17 10:32 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-12-17 10:32 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2006-12-17 10:32 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-12-17 10:32 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-12-17 10:32 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-12-17 10:32 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-12-17 10:32 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-12-17 10:32 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-12-17 10:32 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-12-17 10:32 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-17 10:32 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-12-17 10:32 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-12-17 10:32 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-12-17 10:32 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-12-17 10:32 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-12-17 10:32 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-12-17 10:32 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-12-17 10:32 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-12-17 10:32 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-12-17 10:32 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-12-17 10:32 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-12-17 10:32 32,866 --------- C:\WINDOWS\slrundll.exe
2006-12-17 10:32 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-12-17 10:32 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-12-17 10:32 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-12-17 10:32 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-12-17 10:32 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-12-17 10:32 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-12-17 10:32 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-12-17 10:32 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2006-12-17 10:32 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-12-17 10:32 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-12-17 10:32 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-12-17 10:32 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-12-17 10:32 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-12-17 10:32 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-12-17 10:32 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-12-17 10:32 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-12-17 10:32 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-12-17 10:32 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-12-17 10:32 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-12-17 10:32 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-12-17 10:32 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-12-17 10:32 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-12-17 10:32 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-12-17 10:32 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-12-17 10:32 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-12-17 10:32 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-12-17 10:32 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-12-17 10:32 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-12-17 10:32 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-12-17 10:32 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-12-17 10:31 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2006-12-17 10:31 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-12-17 10:31 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2006-12-17 10:31 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2006-12-17 10:31 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-12-17 10:31 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-12-17 10:31 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-12-17 10:31 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-12-17 10:31 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-12-17 10:31 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-12-17 10:31 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-12-17 10:31 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-12-17 10:31 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-12-17 10:31 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-12-17 10:31 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-12-17 10:31 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-12-17 10:31 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-12-17 10:31 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-12-17 10:31 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-12-17 10:31 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-12-17 10:31 4,096 --------- C:\WINDOWS\system32\MP4SDMOD.dll
2006-12-17 10:31 4,096 --------- C:\WINDOWS\system32\MP43DMOD.dll
2006-12-17 10:31 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2006-12-17 10:31 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll
2006-12-17 10:31 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-12-17 10:31 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-12-17 10:31 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-12-17 10:31 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-12-17 10:31 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-12-17 10:31 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-12-17 10:31 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-12-17 10:31 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2006-12-17 10:31 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2006-12-17 10:31 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2006-12-17 10:31 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-12-17 10:31 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2006-12-17 10:31 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-17 10:31 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-12-17 10:31 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-12-17 10:31 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-12-17 10:31 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-12-17 10:31 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-17 10:31 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-12-17 10:31 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll
2006-12-17 10:31 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-12-17 10:31 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-12-17 10:31 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-12-17 10:31 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-12-17 10:31 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2006-12-17 10:31 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-12-17 10:30 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-12-17 10:30 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-12-17 10:30 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-12-17 10:30 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-17 10:30 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-12-17 10:30 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-12-17 10:30 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-12-17 10:30 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-12-17 10:30 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-12-17 10:30 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-12-17 10:30 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-12-17 10:30 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-12-17 10:30 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-12-17 10:30 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-12-17 10:30 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-12-17 10:30 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-12-17 10:30 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-12-17 10:30 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-12-17 10:30 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-12-17 10:30 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-12-17 10:30 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-12-17 10:30 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-12-17 10:30 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-12-17 10:30 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-12-17 10:30 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-12-17 10:30 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-12-17 10:30 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-12-17 10:30 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-12-17 10:30 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-12-17 10:30 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-12-17 10:30 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-12-17 10:30 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-12-17 10:30 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-12-17 10:30 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-12-17 10:30 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-12-17 10:30 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-12-17 10:30 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-12-17 10:30 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-12-17 10:30 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-12-17 10:30 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-12-17 10:30 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-12-17 10:30 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-12-17 10:30 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-12-17 10:30 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-12-17 10:30 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-12-17 10:30 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-12-17 10:30 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-12-17 10:30 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-12-17 10:30 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-12-17 10:30 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-12-17 10:30 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-12-17 10:30 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-12-17 10:30 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-12-17 10:30 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-17 10:30 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-12-16 20:04 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-16 20:04 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-16 18:48 74,752 --a------ C:\WINDOWS\system32\olecli32.dll
2006-12-16 18:48 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-16 18:48 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-16 18:48 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-16 18:48 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2006-12-16 18:48 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-16 18:48 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-16 18:48 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-12-16 18:48 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-16 18:48 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-16 18:48 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-16 18:47 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-16 18:47 87,552 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-12-16 18:47 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2006-12-16 18:47 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-16 18:47 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-12-16 18:47 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-16 18:47 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-16 18:47 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
2006-12-16 18:47 123,392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-12-16 18:47 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-16 18:47 101,888 --a------ C:\WINDOWS\system32\cscdll.dll
2006-12-16 18:46 56,832 --a------ C:\WINDOWS\system32\authz.dll
2006-12-16 18:42 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-12-16 18:42 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-16 12:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-12-16 12:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-16 12:44 <DIR> d-------- C:\DOCUME~1\raiye\APPLIC~1\SUPERAntiSpyware.com
2006-12-14 13:52 <DIR> d--h----- C:\WINDOWS\system32\nfomon
2006-12-14 13:52 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\nfo
2006-12-14 13:51 <DIR> d--h----- C:\WINDOWS\system32\vidmon
2006-12-14 13:51 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\vidmon
2006-12-14 13:27 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-13 21:06 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-12-13 21:06 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-12-13 21:06 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-12-13 21:06 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-12-13 21:06 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-12-13 21:06 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-12-13 21:06 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-12-13 21:06 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-12-10 16:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-10 16:01 <DIR> d-------- C:\DOCUME~1\raiye\Contacts
2006-12-10 14:02 512 --ah----- C:\WINDOWS\system32\kwfuxvy.exe
2006-12-06 15:33 0 --ah----- C:\WINDOWS\system32\easvi.exe
2006-12-05 14:21 0 --ah----- C:\WINDOWS\system32\bwghgcvm.exe
2006-12-04 20:03 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-12-03 23:34 <DIR> d-------- C:\DOCUME~1\raiye\Incomplete
2006-12-03 23:22 <DIR> d-------- C:\DOCUME~1\raiye\.limewire
2006-12-03 13:07 0 --ah----- C:\WINDOWS\system32\srzcdes.exe
2006-12-02 09:33 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-02 09:32 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-02 09:32 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-02 09:32 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-02 09:32 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-02 09:32 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-02 09:32 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-02 09:32 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-02 09:32 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-02 09:32 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-02 09:32 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-02 09:32 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-02 09:32 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-02 09:32 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-02 09:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-12-02 09:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-31 21:07 -------- d-------- C:\Program Files\msn messenger
2006-12-31 15:58 -------- d---s---- C:\DOCUME~1\raiye\Application Data\microsoft
2006-12-31 11:28 -------- d-------- C:\DOCUME~1\raiye\Application Data\adobe
2006-12-27 18:40 -------- d-------- C:\DOCUME~1\raiye\Application Data\real
2006-12-21 13:06 -------- d-------- C:\DOCUME~1\raiye\Application Data\thunderbird
2006-12-21 13:06 -------- d-------- C:\DOCUME~1\raiye\Application Data\talkback
2006-12-21 13:06 -------- d-------- C:\DOCUME~1\raiye\Application Data\mozilla
2006-12-18 21:55 -------- d-------- C:\Program Files\java
2006-12-17 19:51 -------- d-------- C:\Program Files\messenger
2006-12-17 10:46 -------- d-------- C:\Program Files\movie maker
2006-12-17 10:43 -------- d-------- C:\Program Files\windows nt
2006-12-16 12:44 -------- d-------- C:\DOCUME~1\raiye\Application Data\superantispyware.com
2006-12-04 10:24 -------- d--h----- C:\Program Files\windowsupdate
2006-11-28 22:02 -------- d-------- C:\DOCUME~1\raiye\Application Data\sun
2006-11-25 07:42 -------- d-------- C:\Program Files\google
2006-11-21 19:15 -------- d-------- C:\Program Files\Common Files\java
2006-11-21 19:07 -------- d-------- C:\DOCUME~1\raiye\Application Data\google
2006-11-21 17:59 -------- d-------- C:\DOCUME~1\raiye\Application Data\media player classic
2006-11-21 15:34 0 --ah----- C:\WINDOWS\system32\ktuydg.exe
2006-11-21 15:03 -------- d-------- C:\Program Files\k-lite codec pack
2006-11-21 15:02 -------- d-------- C:\DOCUME~1\raiye\Application Data\macromedia
2006-11-21 14:44 -------- d-------- C:\Program Files\alwil software
2006-11-21 14:23 -------- d-------- C:\Program Files\c-media 3d audio
2006-11-21 14:17 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-21 14:08 0 -rahs---- C:\MSDOS.SYS
2006-11-21 14:08 0 -rahs---- C:\IO.SYS
2006-11-21 14:08 0 --a------ C:\CONFIG.SYS
2006-11-21 14:08 0 --a------ C:\AUTOEXEC.BAT
2006-11-21 14:08 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-21 14:07 -------- d-------- C:\Program Files\online services
2006-11-21 14:06 -------- d-------- C:\Program Files\Common Files\mssoap
2006-11-21 14:05 -------- d-------- C:\Program Files\msn gaming zone
2006-11-21 13:57 62 --ahs---- C:\DOCUME~1\raiye\Application Data\desktop.ini
2006-11-21 13:57 -------- d-------- C:\Program Files\Common Files\speechengines
2006-11-21 13:57 -------- d-------- C:\Program Files\Common Files\odbc
2006-11-10 10:38 258048 --a------ C:\WINDOWS\system32\sisparse.dll
2006-11-10 10:38 172032 --a------ C:\WINDOWS\system32\sisinst.dll
2006-11-10 10:37 49152 --a------ C:\WINDOWS\system32\sisbase.dll
2006-11-10 07:08 3457536 --a------ C:\WINDOWS\system32\sisgrv.dll
2006-11-10 07:03 266752 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
2006-11-09 19:28 16896 --a------ C:\WINDOWS\system32\drivers\srvkp.sys
2006-11-09 19:28 1571001 --a------ C:\WINDOWS\system32\sisgl.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 13:44 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Completion time: 06-12-31 22:42:52.56
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Lets run a quick check for Vundo

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


If vundo fix doesn't find anything please continue with the directions below, if it does then please post the results before continuing.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. .


Please open SUPERAntiSpyware
  • Click the "Check for updates button"
  • Let it update
  • Close SUPERAntiSpyware
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Show hidden files and folders
  • Click start >>> control panel
  • click the tools tab and then click folder options
  • Click view
  • tick the show hidden files and folders radio button
  • Uncheck hide extensions for known file types
  • Uncheck hide protected operating system files
  • Click Apply then Ok
Using windows (rightclick start, left click explore) delete the following files:
C:\WINDOWS\system32\srzcdes.exe
C:\WINDOWS\system32\kwfuxvy.exe
C:\WINDOWS\system32\bwghgcvm.exe
C:\WINDOWS\system32\easvi.exe
C:\WINDOWS\system32\ktuydg.exe

Rescan with Hijackthis and save the log. Save it somewhere you will remember for posting later.

Please open SUPERAntiSpyware
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • If it doesnt ask to reboot, reboot manually
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • [b]Please paste that information here for me. Also post the Hijack log from safemode please[b]
Please let me know how things went :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP