Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help Trojan.Met.MSV/VES [RESOLVED]


  • This topic is locked This topic is locked

#1
saltgrass

saltgrass

    Member

  • Member
  • PipPip
  • 22 posts
I used smitfraudfix on Trojan.Zlob and am now stuck. thnk you


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:28 AM, on 2/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\schtasks.exe
C:\hp\kbd\kbd.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SXG Advisor - {E48B3E0C-2D23-4249-BE65-23A8719284E3} - C:\Windows\dmdqdrxgxq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: emotrlq - {7B1E78A2-2FC8-4947-A9D1-5177D10B38E6} - C:\Windows\emotrlq.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SBI] C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-356271094-2385272641-840254142-1001\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'jd')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O21 - SSODL: admggxp - {68124E06-DFF2-4C29-A1CB-4763FDD040EA} - C:\Windows\admggxp.dll
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11205 bytes
  • 0

Advertisements


#2
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
O yea and panda doesnt work with vista it says.
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for responding so quickly, did option one here is the scan.
After i rebooted my computer now looks like "xp" instead of "Vista".

SmitFraudFix v2.288

Scan done at 1:32:44.78, Wed 02/13/2008
Run from C:\Users\jd\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\Windows\emotrlq.dll deleted.
C:\Windows\admggxp.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{96937438-5D7D-4E57-88EC-E26F22C50024}: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96937438-5D7D-4E57-88EC-E26F22C50024}: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96937438-5D7D-4E57-88EC-E26F22C50024}: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the DSS logs
  • 0

#6
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Oops sorry i mis read thought i was supposed to do option one OR option 2. Ok heres the rest.







Deckard's System Scanner v20071014.68
Run by god on 2008-02-13 11:58:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
16: 2008-02-13 10:00:52 UTC - RP18 - Windows Update
15: 2008-02-13 07:00:04 UTC - RP17 - Scheduled Checkpoint
14: 2008-02-12 15:19:14 UTC - RP16 - ComboFix created restore point
13: 2008-02-12 14:34:56 UTC - RP15 - SiSoftware Sandra Lite
12: 2008-02-12 14:29:07 UTC - RP14 - SiSoftware Sandra Lite


-- First Restore Point --
1: 2008-02-10 22:21:37 UTC - RP2 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as god.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:27 AM, on 2/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\hp\kbd\kbd.exe
C:\Users\jd\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\god.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBI] C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\god\AppData\Local\Temp\isDel.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Systweak AntiSpyware 2008] "C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe" /autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-356271094-2385272641-840254142-1001\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'jd')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6613 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys

S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-13 10:00:00 406 --a------ C:\Windows\Tasks\Systweak AntiSpyware 2008 Update Checker.job
2008-02-12 01:09:50 380 --a------ C:\Windows\Tasks\Systweak AntiSpyware 2008.job


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 11:58:32 0 d-------- \Deckard
2008-02-13 01:36:18 2147483647 --ahs---- \hiberfil.sys
2008-02-13 01:32:51 3954 --a------ C:\Windows\system32\tmp.reg
2008-02-12 08:18:58 0 d-------- \QooBox
2008-02-12 08:18:56 68096 --a------ C:\Windows\system32\zip.exe
2008-02-12 08:18:56 98816 --a------ C:\Windows\system32\sed.exe
2008-02-12 08:18:56 80412 --a------ C:\Windows\system32\grep.exe
2008-02-12 08:18:56 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-12 07:30:44 0 d-------- C:\Program Files\SiSoftware
2008-02-12 04:07:01 0 d--hs---- \Config.Msi
2008-02-12 02:16:43 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-12 02:16:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 02:15:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 01:31:35 0 d-------- C:\Users\All Users\Grisoft
2008-02-12 01:09:50 0 d-------- C:\Users\All Users\Systweak
2008-02-12 01:09:38 0 d-------- C:\Program Files\Systweak AntiSpyware
2008-02-12 00:44:54 0 d-------- C:\Program Files\Trend Micro
2008-02-11 23:20:46 0 d-------- C:\Program Files\Alwil Software
2008-02-11 23:12:26 0 d-a------ C:\Users\All Users\TEMP
2008-02-11 09:45:15 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-02-11 09:45:10 0 d-------- C:\Program Files\Enigma Software Group
2008-02-11 01:02:22 0 d-------- C:\Windows\PCHEALTH
2008-02-11 00:58:28 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 00:58:21 0 d-------- C:\Program Files\Windows Live
2008-02-11 00:57:50 0 d-------- C:\Users\All Users\WLInstaller
2008-02-10 16:15:57 0 d-------- C:\Windows\SoftwareDistribution
2008-02-10 16:13:54 0 d--hs---- \System Volume Information
2008-02-10 16:11:48 2147483647 --ahs---- \pagefile.sys
2008-02-10 15:50:43 0 dr------- C:\Users\jd\Searches
2008-02-10 15:50:26 0 dr------- C:\Users\jd\Contacts
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Templates
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Start Menu
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\SendTo
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Recent
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\PrintHood
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\NetHood
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\My Documents
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Local Settings
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Cookies
2008-02-10 15:50:03 0 d--hs---- C:\Users\jd\Application Data
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Videos
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Saved Games
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Pictures
2008-02-10 15:49:59 786432 --ahs---- C:\Users\jd\NTUSER.DAT
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Music
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Links
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Favorites
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Downloads
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Documents
2008-02-10 15:49:59 0 dr------- C:\Users\jd\Desktop
2008-02-10 15:49:59 0 d--h----- C:\Users\jd\AppData
2008-02-10 15:29:26 0 dr------- C:\Users\god\Searches
2008-02-10 15:29:16 0 dr------- C:\Users\god\Contacts
2008-02-10 15:29:11 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Templates
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Start Menu
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\SendTo
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Recent
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\PrintHood
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\NetHood
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\My Documents
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Local Settings
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Cookies
2008-02-10 15:26:23 0 d--hs---- C:\Users\god\Application Data
2008-02-10 15:26:22 0 dr------- C:\Users\god\Videos
2008-02-10 15:26:22 0 dr------- C:\Users\god\Saved Games
2008-02-10 15:26:22 0 dr------- C:\Users\god\Pictures
2008-02-10 15:26:22 786432 --ahs---- C:\Users\god\NTUSER.DAT
2008-02-10 15:26:22 0 dr------- C:\Users\god\Music
2008-02-10 15:26:22 0 dr------- C:\Users\god\Links
2008-02-10 15:26:22 0 dr------- C:\Users\god\Favorites
2008-02-10 15:26:22 0 dr------- C:\Users\god\Downloads
2008-02-10 15:26:22 0 dr------- C:\Users\god\Documents
2008-02-10 15:26:22 0 dr------- C:\Users\god\Desktop
2008-02-10 15:26:22 0 d--h----- C:\Users\god\AppData
2008-02-10 15:21:38 0 d--hs---- C:\Users\All Users\Templates
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Templates
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Start Menu
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\SendTo
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Recent
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\PrintHood
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\NetHood
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\My Documents
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Local Settings
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Cookies
2008-02-10 15:21:37 0 d--hs---- C:\Users\Default\Application Data
2008-02-10 15:21:37 0 d--hs---- C:\Users\All Users\Start Menu
2008-02-10 15:21:37 0 d--hs---- C:\Users\All Users\Favorites
2008-02-10 15:21:37 0 d--hs---- C:\Users\All Users\Documents
2008-02-10 15:21:37 0 d--hs---- C:\Users\All Users\Desktop
2008-02-10 15:21:37 0 d--hs---- C:\Users\All Users\Application Data
2008-02-10 15:21:37 0 d--hs---- \Documents and Settings


-- Find3M Report ---------------------------------------------------------------

2008-02-12 06:39:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 04:23:22 0 d-------- C:\Program Files\Common Files
2008-02-12 02:16:28 0 d-------- C:\Users\god\AppData\Roaming\SUPERAntiSpyware.com
2008-02-12 01:31:46 0 d-------- C:\Users\god\AppData\Roaming\Grisoft
2008-02-12 01:09:50 0 d-------- C:\Users\god\AppData\Roaming\Systweak
2008-02-11 09:45:15 0 d-------- C:\Users\god\AppData\Roaming\Yahoo!
2008-02-10 15:37:28 0 d-------- C:\Program Files\Windows Sidebar
2008-02-10 15:37:28 0 d-------- C:\Program Files\Windows Mail
2008-02-10 15:30:45 0 d-------- C:\Users\god\AppData\Roaming\Hewlett-Packard
2008-02-10 15:30:09 0 d-------- C:\Users\god\AppData\Roaming\Symantec
2008-02-10 15:29:19 0 d-------- C:\Users\god\AppData\Roaming\Identities
2008-02-10 15:28:48 0 d-------- C:\Users\god\AppData\Roaming\Macromedia
2007-12-08 01:03:03 74 --a------ \autoexec.bat
2007-12-08 00:52:01 102451 --a------ C:\Windows\hpqins13.dat
2007-12-08 00:44:18 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-08 00:26:27 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/08/2007 12:02 AM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [04/18/2007 08:01 AM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 09:16 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 04:59 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/12/2007 05:36 PM]
"RtHDVCpl"="RtHDVCpl.exe" [10/25/2007 06:52 AM C:\WINDOWS\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 04:06 AM]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [04/07/2007 03:56 AM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"SBI"="C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 05:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 05:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 05:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/10/2008 03:32 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [10/03/2007 07:02 PM]
"Systweak AntiSpyware 2008"="C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe" [02/09/2008 03:26 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"isDeleteMe"="C:\Windows\system32\cmd.exe" /c "C:\Users\god\AppData\Local\Temp\isDel.bat"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdmnopx"= {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-13 12:00:30 ------------














Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 3061.69 MiB / 2145.67 MiB
Pagefile Memory (total/avail): 6311.86 MiB / 4602.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.38 MiB

C: is Fixed (NTFS) - 325.89 GiB total, 285.82 GiB free.
D: is Fixed (NTFS) - 9.46 GiB total, 1.28 GiB free.
E: is CDROM (No Media)
F: is Removable (Unformatted)
G: is Removable (Unformatted)
H: is Removable (Unformatted)
I: is Removable (Unformatted)

\\.\PHYSICALDRIVE0 - ST3360320AS - 335.35 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 325.89 GiB - C:
\PARTITION1 - Installable File System - 9.46 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080213-0] v4.7.1098 (ALWIL Software)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\god\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOD-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
LOCALAPPDATA=C:\Users\god\AppData\Local
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\god\AppData\Local\Temp
TMP=C:\Users\god\AppData\Local\Temp
USERDOMAIN=god-PC
USERNAME=god
USERPROFILE=C:\Users\god
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

god (admin)
jd


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
--> "C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
--> "C:\Program Files\HP Games\Peggle\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
--> "C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFAD41A9-9687-48A3-848F-693C11451433}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor --> MsiExec.exe /X{e96b3d28-47d6-43cc-98fd-7069eeab6b11}
HP Update --> MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.16.1 --> MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LightScribe Template Labeler --> MsiExec.exe /X{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}
Microsoft Office Home and Student 60 day trial --> c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}\muveesetup.exe -removeonly -runfromtemp
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Power2Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5 --> MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SiSoftware Sandra Lite XII.SP1 --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\unins000.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.inf
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Systweak® AntiSpyware 2008 1.0 --> "C:\Program Files\Systweak AntiSpyware\unins000.exe"
WeatherBug Gadget --> MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1518 / Success
Event Submitted/Written: 02/13/2008 11:55:19 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1508 / Warning
Event Submitted/Written: 02/13/2008 03:15:28 AM
Event ID/Source: 6006 / Wlclntfy
Event Description:
The winlogon notification subscriber <TrustedInstaller> took 62 second(s) to handle the notification event (CreateSession).

Event Record #/Type1507 / Warning
Event Submitted/Written: 02/13/2008 03:15:25 AM
Event ID/Source: 6005 / Wlclntfy
Event Description:
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Event Record #/Type1506 / Error
Event Submitted/Written: 02/13/2008 03:15:14 AM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type1502 / Success
Event Submitted/Written: 02/13/2008 03:14:23 AM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7150 / Warning
Event Submitted/Written: 02/13/2008 11:59:42 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%god-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %god-PC27 can't undo changes that you allow.

For more information please see the following:
%god-PC275

Scan ID: {A3B945BC-16D0-4727-9A2A-30E9A0B6AEDB}

User: god-PC\jd

Name: %god-PC271

ID: %god-PC272

Severity ID: %god-PC273

Category ID: %god-PC274

Path Found: %god-PC276

Alert Type: %god-PC278

Detection Type: 1.1.1505.02

Event Record #/Type7149 / Warning
Event Submitted/Written: 02/13/2008 11:59:42 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%god-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %god-PC27 can't undo changes that you allow.

For more information please see the following:
%god-PC275

Scan ID: {6B1B041A-FC10-4417-8B00-444770B204B0}

User: god-PC\jd

Name: %god-PC271

ID: %god-PC272

Severity ID: %god-PC273

Category ID: %god-PC274

Path Found: %god-PC276

Alert Type: %god-PC278

Detection Type: 1.1.1505.02

Event Record #/Type7148 / Warning
Event Submitted/Written: 02/13/2008 11:59:42 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%god-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %god-PC27 can't undo changes that you allow.

For more information please see the following:
%god-PC275

Scan ID: {E8EB81DB-CFF3-4658-AE26-63E4543D59C8}

User: god-PC\jd

Name: %god-PC271

ID: %god-PC272

Severity ID: %god-PC273

Category ID: %god-PC274

Path Found: %god-PC276

Alert Type: %god-PC278

Detection Type: 1.1.1505.02

Event Record #/Type7147 / Warning
Event Submitted/Written: 02/13/2008 11:59:39 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%god-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %god-PC27 can't undo changes that you allow.

For more information please see the following:
%god-PC275

Scan ID: {E42F10C8-F871-42C3-9E9F-E34A631208AB}

User: god-PC\jd

Name: %god-PC271

ID: %god-PC272

Severity ID: %god-PC273

Category ID: %god-PC274

Path Found: %god-PC276

Alert Type: %god-PC278

Detection Type: 1.1.1505.02

Event Record #/Type7146 / Warning
Event Submitted/Written: 02/13/2008 11:59:40 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%god-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %god-PC27 can't undo changes that you allow.

For more information please see the following:
%god-PC275

Scan ID: {C14A62E7-505D-42D0-BD8B-F9511FEB4DEB}

User: god-PC\jd

Name: %god-PC271

ID: %god-PC272

Severity ID: %god-PC273

Category ID: %god-PC274

Path Found: %god-PC276

Alert Type: %god-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-02-13 12:00:30 ------------
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SBI] C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\god\AppData\Local\Temp\isDel.bat"
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#8
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok heres logs wasnt sure if you wanted both or just the second so im sending both.




Malwarebytes' Anti-Malware 1.03
Database version: 359

Scan type: Quick Scan
Objects scanned: 24464
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{8583184e-fb0b-44d8-9f86-79db93bedf0c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4b26b97-81d7-451e-bfb2-f9a46ce8e5df} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e2455d0f-e5e3-4742-9f98-b0596dc10745} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:51 AM, on 2/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBI] C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Systweak AntiSpyware 2008] "C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe" /autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-356271094-2385272641-840254142-1001\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'jd')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7108 bytes
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log
  • 0

#10
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I tried last step twice but they keep coming back.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:56 AM, on 2/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...forum/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBI] C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bdmnopx - {BC865160-8B00-4000-918D-24DC459A5F21} - C:\Windows\bdmnopx.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6979 bytes
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Disabled MS Config Items, Reg - File Additional Folder Scans and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Rootkit Search change that to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#12
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok got scan done here is log
in middle of scan avast alerted me twice of "win32.inject.ev trj






[code=auto:0]WinPFind35 logfile created on: 2/15/2008 11:54:09 AM
WinPFind35U Version Beta51 Folder = C:\Users\god\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 279.13 Gb Free Space | 85.65% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 1.28 Gb Free Space | 13.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOD-PC
Current User Name: god
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ]
dtsrvc.exe -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ]
hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ]
hpsysdrv.exe -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ]
osd.exe -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ]
dthtml.exe -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ]
antispyware.exe -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 256536 bytes | Modified Date = 1/2/2008 5:07:04 PM | Attr = ]
hookmanager.exe -> %CommonProgramFiles%\Portrait Displays\Shared\HookManager.exe -> Portrait Displays Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 6/29/2007 5:53:34 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 67128 bytes | Modified Date = 5/16/2007 9:56:44 AM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ]
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HP Games\My HP Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181800 bytes | Modified Date = 7/23/2007 4:33:06 PM | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ]
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 213176 bytes | Modified Date = 12/12/2007 5:31:58 PM | Attr = ]
(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 1253568 bytes | Modified Date = 12/12/2007 5:32:20 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 2:51:38 AM | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 2:51:32 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 2:51:00 AM | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 2:50:11 AM | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17592 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ]
(aswRdr) aswRdr [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 1:24:45 AM | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 1:24:46 AM | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 1:25:24 AM | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 1:24:47 AM | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_ldr.071003-1500) | Size = 19128 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 12:30:54 AM | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 2:51:34 AM | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 985600 bytes | Modified Date = 12/7/2006 8:03:32 AM | Attr = ]
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 258048 bytes | Modified Date = 12/7/2006 8:04:40 AM | Attr = ]
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.6.0.1011 | Size = 305176 bytes | Modified Date = 7/12/2007 9:35:02 AM | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1409 | Size = 2016256 bytes | Modified Date = 1/2/2008 4:48:28 PM | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 2:50:17 AM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5502 built by: WinDDK | Size = 2015192 bytes | Modified Date = 10/25/2007 7:26:10 AM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:07 AM | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:04 AM | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 7:26:58 AM | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 2:49:53 AM | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 2:49:59 AM | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 2:50:19 AM | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 12:36:50 AM | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 2:50:24 AM | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 2:50:13 AM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkfwd.sys -> File not found
(PdiPorts) Portrait Displays low level device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 10:27:00 AM | Attr = ]
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 2:51:45 AM | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.201.1228.2007 built by: WinDDK | Size = 104448 bytes | Modified Date = 12/28/2007 11:21:54 AM | Attr = ]
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\sandra.sys -> SiSoftware [Ver = 10.7.1.1 built by: WinDDK | Size = 21920 bytes | Modified Date = 11/17/2007 8:41:24 AM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/1/2006 11:37:21 PM | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 2:50:16 AM | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found
(SymIMMP) SymIMMP [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 2:49:56 AM | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 2:50:03 AM | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 2:50:45 AM | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20152 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 2:50:41 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 659968 bytes | Modified Date = 12/7/2006 8:04:26 AM | Attr = ]
(XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.02 built by: WinDDK | Size = 8192 bytes | Modified Date = 11/28/2006 9:44:52 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 4:06:32 AM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ]
DT HPW -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ]
HP Health Check Scheduler -> [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ]
hpsysdrv -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 141848 bytes | Modified Date = 1/2/2008 5:07:08 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\KbdStub.exe -> [Ver = | Size = 65536 bytes | Modified Date = 12/8/2006 9:16:56 AM | Attr = ]
OsdMaestro -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ]
Persistence -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ]
SBI -> %SystemDrive%\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe -> File not found
SunJavaUpdateReg -> %SystemRoot%\System32\jureg.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 54936 bytes | Modified Date = 4/7/2007 3:56:47 AM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 7:02:02 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
Systweak AntiSpyware 2008 -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{BC865160-8B00-4000-918D-24DC459A5F21} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdmnopx.dll [bdmnopx] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 5:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 200704 bytes | Modified Date = 1/2/2008 4:33:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 5/30/2007 2:18:26 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 501400 bytes | Modified Date = 4/7/2007 3:56:44 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 5/30/2007 2:18:26 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 501400 bytes | Modified Date = 4/7/2007 3:56:44 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{96937438-5D7D-4E57-88EC-E26F22C50024} -> (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab[SysData Class] ->
{88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab[XML DOM Document 4.0] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/13/2008 11:58:32 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3211042816 bytes | Modified Date = 2/14/2008 3:27:57 PM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2/12/2008 8:18:58 AM | Attr = ]
Swsetup -> %SystemDrive%\Swsetup -> [Folder | Created Date = 2/13/2008 12:59:27 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 2/10/2008 4:13:54 PM | Attr = HS]
103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> [Ver = | Size = 1811 bytes | Modified Date = 2/10/2008 3:27:29 PM | Attr = RHS]
aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
PdiPorts.sys -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Modified Date = 1/9/2004 2:13:58 AM | Attr = ]
AntiSpyNative32.exe -> %SystemRoot%\System32\AntiSpyNative32.exe -> [Ver = | Size = 21744 bytes | Modified Date = 2/9/2008 3:21:48 PM | Attr = ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 6:04:28 AM | Attr = ]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 5:54:04 AM | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 3:03:55 AM | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 172032 bytes | Modified Date = 1/2/2008 4:33:24 PM | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = &nbs
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You can ignore Avast

Can you attach the report please
  • 0

#14
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3954 bytes | Modified Date = 2/13/2008 1:32:51 AM | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2/12/2008 8:19:42 AM | Attr = ]
ijl15.dll -> %SystemRoot%\ijl15.dll -> Intel Corporation [Ver = 1,5,4,36 | Size = 372736 bytes | Modified Date = 6/1/2001 9:26:00 AM | Attr = ]
Microsoft.VC80.ATL.manifest -> %SystemRoot%\Microsoft.VC80.ATL.manifest -> [Ver = | Size = 456 bytes | Modified Date = 9/23/2005 12:22:44 AM | Attr = ]
Microsoft.VC80.CRT.manifest -> %SystemRoot%\Microsoft.VC80.CRT.manifest -> [Ver = | Size = 522 bytes | Modified Date = 9/23/2005 12:22:40 AM | Attr = ]
Microsoft.VC80.MFC.manifest -> %SystemRoot%\Microsoft.VC80.MFC.manifest -> [Ver = | Size = 550 bytes | Modified Date = 9/23/2005 1:37:00 AM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Created Date = 2/11/2008 1:02:22 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2/10/2008 4:15:57 PM | Attr = ]
Systweak AntiSpyware 2008 Update Checker.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008 Update Checker.job -> [Ver = | Size = 406 bytes | Modified Date = 2/15/2008 10:00:00 AM | Attr = ]
Systweak AntiSpyware 2008.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008.job -> [Ver = | Size = 380 bytes | Modified Date = 2/12/2008 1:09:50 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Application Data -> %AllUsersProfile%\Application Data -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->
Desktop -> %AllUsersProfile%\Desktop -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
Documents -> %AllUsersProfile%\Documents -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
Favorites -> %AllUsersProfile%\Favorites -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Created Date = 2/12/2008 1:31:35 AM | Attr = ]
LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [Ver = | Size = 987348 bytes | Modified Date = 2/12/2008 4:07:18 AM | Attr = ]
Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Created Date = 2/14/2008 1:31:31 AM | Attr = ]
ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [Ver = | Size = 258 bytes | Modified Date = 2/14/2008 1:39:27 AM | Attr = RHS]
Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/12/2008 2:16:43 AM | Attr = ]
Systweak -> %AllUsersProfile%\Systweak -> [Folder | Created Date = 2/12/2008 1:09:50 AM | Attr = ]
TEMP -> %AllUsersProfile%\TEMP -> [Folder | Created Date = 2/11/2008 11:12:26 PM | Attr = ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
Templates -> %AllUsersProfile%\Templates -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS]
WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Created Date = 2/11/2008 12:57:50 AM | Attr = ]
Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Created Date = 2/11/2008 9:45:15 AM | Attr = ]
DisplayTune -> %AppData%\DisplayTune -> [Folder | Created Date = 2/13/2008 1:22:52 PM | Attr = ]
Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/12/2008 1:31:46 AM | Attr = ]
Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Created Date = 2/10/2008 3:28:31 PM | Attr = ]
Identities -> %AppData%\Identities -> [Folder | Created Date = 2/10/2008 3:29:19 PM | Attr = ]
Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 2/10/2008 3:28:48 PM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2/14/2008 1:31:44 AM | Attr = ]
Media Center Programs -> %AppData%\Media Center Programs -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = S]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/12/2008 2:16:28 AM | Attr = ]
Symantec -> %AppData%\Symantec -> [Folder | Created Date = 2/10/2008 3:30:09 PM | Attr = ]
Systweak -> %AppData%\Systweak -> [Folder | Created Date = 2/12/2008 1:09:50 AM | Attr = ]
Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 2/11/2008 9:45:15 AM | Attr = ]
Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Modified Date = 2/10/2008 3:40:40 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 72192 bytes | Modified Date = 2/12/2008 7:31:09 AM | Attr = ]
Hewlett-Packard -> %UserProfile%\AppData\Local\Hewlett-Packard -> [Folder | Created Date = 2/10/2008 3:30:40 PM | Attr = ]
History -> %UserProfile%\AppData\Local\History -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2425709 bytes | Modified Date = 2/14/2008 3:26:49 PM | Attr = H ]
Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ]
Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Created Date = 2/10/2008 3:26:22 PM | Attr = ]
Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Created Date = 2/10/2008 3:29:14 PM | Attr = ]
My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS]
My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS]
My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Created Date = 2/10/2008 3:21:38 PM | Attr = HS]
desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
My Music -> %UserProfile%\Documents\My Music -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Created Date = 2/10/2008 3:26:23 PM | Attr = HS]
AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 991 bytes | Modified Date = 2/12/2008 1:31:38 AM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Modified Date = 2/14/2008 1:31:32 AM | Attr = ]
MSN.lnk -> %SystemDrive%\Users\Public\Desktop\MSN.lnk -> [Ver = | Size = 1989 bytes | Modified Date = 12/8/2007 1:17:46 AM | Attr = ]
SiSoftware Sandra Lite XII.SP1.lnk -> %SystemDrive%\Users\Public\Desktop\SiSoftware Sandra Lite XII.SP1.lnk -> [Ver = | Size = 1155 bytes | Modified Date = 2/12/2008 7:35:48 AM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Modified Date = 2/12/2008 2:16:31 AM | Attr = ]
desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 2/12/2008 12:44:54 AM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1304224 bytes | Modified Date = 2/14/2008 1:31:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
sp36365.exe -> %UserProfile%\Desktop\sp36365.exe -> Hewlett-Packard Company [Ver = 1.30 | Size = 23811328 bytes | Modified Date = 2/13/2008 1:17:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/15/2008 11:50:23 AM | Attr = ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 11:50:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
Portrait Displays -> %CommonProgramFiles%\Portrait Displays -> [Folder | Created Date = 2/13/2008 1:20:05 PM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 2/11/2008 12:58:28 AM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2/12/2008 2:15:43 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
$Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 2/10/2008 3:50:54 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/13/2008 11:58:32 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3211042816 bytes | Modified Date = 2/14/2008 3:27:57 PM | Attr = HS]
hp -> %SystemDrive%\hp -> [Folder | Modified Date = 2/10/2008 3:40:46 PM | Attr = H ]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 2/12/2008 3:07:45 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/14/2008 1:41:24 AM | Attr = R ]
ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 2/14/2008 1:39:27 AM | Attr = H ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2/12/2008 8:22:41 AM | Attr = ]
Swsetup -> %SystemDrive%\Swsetup -> [Folder | Modified Date = 2/13/2008 12:59:27 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/15/2008 12:00:08 AM | Attr = HS]
Users -> %SystemDrive%\Users -> [Folder | Modified Date = 2/10/2008 3:49:58 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/14/2008 3:07:22 AM | Attr = ]
103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> [Ver = | Size = 1811 bytes | Modified Date = 2/10/2008 3:27:29 PM | Attr = RHS]
en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 2/15/2008 11:35:40 AM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3472 bytes | Modified Date = 2/15/2008 11:35:40 AM | Attr = H ]
AntiSpyNative32.exe -> %SystemRoot%\System32\AntiSpyNative32.exe -> [Ver = | Size = 21744 bytes | Modified Date = 2/9/2008 3:21:48 PM | Attr = ]
catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 2/13/2008 1:22:14 PM | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 2/14/2008 11:40:25 AM | Attr = ]
config.nt -> %SystemRoot%\System32\config.nt -> [Ver = | Size = 2577 bytes | Modified Date = 2/11/2008 11:21:13 PM | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 288216 bytes | Modified Date = 2/13/2008 1:36:30 AM | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 3:03:55 AM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 2/14/2008 1:39:27 AM | Attr = H ]
inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = ]
migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 2/13/2008 3:12:30 AM | Attr = ]
NDF -> %SystemRoot%\System32\NDF -> [Folder | Modified Date = 2/12/2008 8:24:04 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 103818 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 618410 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 2/13/2008 12:25:24 PM | Attr = ]
restore -> %SystemRoot%\System32\restore -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = ]
Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 2/12/2008 1:09:51 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3954 bytes | Modified Date = 2/13/2008 1:32:51 AM | Attr = ]
WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 2/12/2008 7:46:55 AM | Attr = ]
XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 2/10/2008 3:37:28 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/13/2008 3:12:29 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/12/2008 4:21:22 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 2/15/2008 11:33:39 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/10/2008 3:34:13 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/13/2008 12:09:31 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2/13/2008 11:58:57 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/15/2008 11:34:13 AM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/14/2008 3:07:28 AM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = R S]
Panther -> %SystemRoot%\Panther -> [Folder | Modified Date = 2/10/2008 4:18:06 PM | Attr = ]
PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Modified Date = 2/11/2008 1:02:22 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/15/2008 11:50:47 AM | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 2/13/2008 3:15:15 AM | Attr = ]
servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 2/14/2008 3:01:40 AM | Attr = ]
SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 2/10/2008 3:26:27 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/10/2008 3:31:16 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 2/10/2008 3:29:11 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 2/12/2008 8:21:47 AM | Attr = ]
System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 2/14/2008 3:07:25 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/12/2008 4:19:28 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/15/2008 11:50:41 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 2/14/2008 3:07:31 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/14/2008 3:28:04 PM | Attr = H ]
Systweak AntiSpyware 2008 Update Checker.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008 Update Checker.job -> [Ver = | Size = 406 bytes | Modified Date = 2/15/2008 10:00:00 AM | Attr = ]
Systweak AntiSpyware 2008.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008.job -> [Ver = | Size = 380 bytes | Modified Date = 2/12/2008 1:09:50 AM | Attr = ]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 12/8/2007 12:01:24 AM | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5824 bytes | Modified Date = 2/14/2008 11:52:53 AM | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8169 bytes | Modified Date = 2/14/2008 11:52:53 AM | Attr = ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 6348 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 120 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 828 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 23572 bytes | Modified Date = 2/15/2008 12:43:14 AM | Attr = ]
god.dat -> C:\ProgramData\Microsoft\User Account Pictures\god.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/10/2008 3:26:23 PM | Attr = ]
jd.dat -> C:\ProgramData\Microsoft\User Account Pictures\jd.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/10/2008 3:50:04 PM | Attr = ]
SSUPDATE.EXE -> C:\Users\god\AppData\Local\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ]
7 C:\Users\god\AppData\Local\Temp\*.tmp files -> C:\Users\god\AppData\Local\Temp\*.tmp ->
setup.exe -> C:\Users\god\AppData\Local\Temp\byeFDCF.tmp\Disk1\setup.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 121064 bytes | Modified Date = 2/13/2008 1:17:41 PM | Attr = ]
setup.ini -> C:\Users\god\AppData\Local\Temp\byeFDCF.tmp\Disk1\setup.ini -> [Ver = | Size = 675 bytes | Modified Date = 2/13/2008 1:17:41 PM | Attr = ]
WT_Plugin.dll -> C:\WINDOWS\Temp\nsk30B5.tmp\WT_Plugin.dll -> [Ver = 1.0.0.53 | Size = 167936 bytes | Modified Date = 2/14/2008 7:18:24 PM | Attr = ]
WT_Plugin.dll -> C:\WINDOWS\Temp\nsqF675.tmp\WT_Plugin.dll -> [Ver = 1.0.0.53 | Size = 167936 bytes | Modified Date = 2/14/2008 8:12:45 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Application Data -> %AllUsersProfile%\Application Data -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->
Desktop -> %AllUsersProfile%\Desktop -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
Documents -> %AllUsersProfile%\Documents -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
Favorites -> %AllUsersProfile%\Favorites -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
Grisoft -> %AllUsersProfile%\Grisoft -> [Folder | Modified Date = 2/12/2008 1:31:35 AM | Attr = ]
Hewlett-Packard -> %AllUsersProfile%\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:54 PM | Attr = ]
LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [Ver = | Size = 987348 bytes | Modified Date = 2/12/2008 4:07:18 AM | Attr = ]
Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [Folder | Modified Date = 2/14/2008 1:31:31 AM | Attr = ]
Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = S]
ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [Ver = | Size = 258 bytes | Modified Date = 2/14/2008 1:39:27 AM | Attr = RHS]
Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Modified Date = 2/10/2008 3:21:37 PM | Attr = HS]
SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/12/2008 2:16:43 AM | Attr = ]
Symantec -> %AllUsersProfile%\Symantec -> [Folder | Modified Date = 2/12/2008 4:24:28 AM | Attr = ]
Systweak -> %AllUsersProfile%\Systweak -> [Folder | Modified Date = 2/12/2008 1:09:50 AM | Attr = ]
TEMP -> %AllUsersProfile%\TEMP -> [Folder | Modified Date = 2/12/2008 4:05:55 AM | Attr = ]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
Templates -> %AllUsersProfile%\Templates -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS]
WildTangent -> %AllUsersProfile%\WildTangent -> [Folder | Modified Date = 2/14/2008 8:12:57 PM | Attr = ]
WLInstaller -> %AllUsersProfile%\WLInstaller -> [Folder | Modified Date = 2/11/2008 12:57:50 AM | Attr = ]
Yahoo! Companion -> %AllUsersProfile%\Yahoo! Companion -> [Folder | Modified Date = 2/11/2008 9:45:15 AM | Attr = ]
DisplayTune -> %AppData%\DisplayTune -> [Folder | Modified Date = 2/13/2008 1:22:52 PM | Attr = ]
Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/12/2008 1:31:46 AM | Attr = ]
Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:45 PM | Attr = ]
Identities -> %AppData%\Identities -> [Folder | Modified Date = 2/10/2008 3:29:19 PM | Attr = ]
Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 2/10/2008 3:28:48 PM | Attr = ]
Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2/14/2008 1:31:44 AM | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/14/2008 1:34:17 AM | Attr = S]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/12/2008 2:16:28 AM | Attr = ]
Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 2/10/2008 3:30:09 PM | Attr = ]
Systweak -> %AppData%\Systweak -> [Folder | Modified Date = 2/12/2008 1:09:50 AM | Attr = ]
Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 2/11/2008 9:45:15 AM | Attr = ]
Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 680 bytes | Modified Date = 2/10/2008 3:40:40 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 72192 bytes | Modified Date = 2/12/2008 7:31:09 AM | Attr = ]
Hewlett-Packard -> %UserProfile%\AppData\Local\Hewlett-Packard -> [Folder | Modified Date = 2/10/2008 3:30:40 PM | Attr = ]
History -> %UserProfile%\AppData\Local\History -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 2425709 bytes | Modified Date = 2/14/2008 3:26:49 PM | Attr = H ]
Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 2/10/2008 3:30:11 PM | Attr = ]
Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 2/15/2008 11:47:22 AM | Attr = ]
Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Modified Date = 2/14/2008 3:22:57 PM | Attr = ]
My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS]
My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS]
My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Modified Date = 2/10/2008 3:21:38 PM | Attr = HS]
desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
My Music -> %UserProfile%\Documents\My Music -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Modified Date = 2/10/2008 3:26:23 PM | Attr = HS]
AVG Anti-Spyware.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 991 bytes | Modified Date = 2/12/2008 1:31:38 AM | Attr = ]
Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 820 bytes | Modified Date = 2/14/2008 1:31:32 AM | Attr = ]
SiSoftware Sandra Lite XII.SP1.lnk -> %SystemDrive%\Users\Public\Desktop\SiSoftware Sandra Lite XII.SP1.lnk -> [Ver = | Size = 1155 bytes | Modified Date = 2/12/2008 7:35:48 AM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %SystemDrive%\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 904 bytes | Modified Date = 2/12/2008 2:16:31 AM | Attr = ]
desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1876 bytes | Modified Date = 2/12/2008 12:44:54 AM | Attr = ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1304224 bytes | Modified Date = 2/14/2008 1:31:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
sp36365.exe -> %UserProfile%\Desktop\sp36365.exe -> Hewlett-Packard Company [Ver = 1.30 | Size = 23811328 bytes | Modified Date = 2/13/2008 1:17:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/15/2008 11:50:23 AM | Attr = ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 11:50:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 2/10/2008 3:29:26 PM | Attr = HS]
microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 2/11/2008 1:03:31 AM | Attr = ]
Portrait Displays -> %CommonProgramFiles%\Portrait Displays -> [Folder | Modified Date = 2/13/2008 1:20:13 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/12/2008 6:39:27 AM | Attr = ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 2/11/2008 1:02:07 AM | Attr = HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/12/2008 2:15:43 AM | Attr = ]

[File Purity- Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\ProgramData\TEMP:DFC5A2B2 106 bytes
scan completed successfully
hidden files: 1

< End of report >
[/code]
  • 0

#15
saltgrass

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
what is file extension i need to attach?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP