Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help Trojan.Met.MSV/VES [RESOLVED]

Started by saltgrass , Feb 12 2008 04:19 AM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 15 February 2008 - 01:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Text is the file extension, you should be able to just go to Browse > Select the log > Upload > And there it will be
  • 0

Advertisements

#17
saltgrass
Posted 15 February 2008 - 01:43 PM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here ya go
  • 0

#18
saltgrass
Posted 15 February 2008 - 01:43 PM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
what am i doing wrong why wont they attach?
  • 0

#19
Rorschach112
Posted 15 February 2008 - 01:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Make sure you click Upload
  • 0

#20
saltgrass
Posted 15 February 2008 - 01:46 PM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Upload failed. You are not permitted to upload this type of file
  • 0

#21
saltgrass
Posted 15 February 2008 - 03:18 PM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here it is :) , sorry bout that i had just woke up call it a "stoner moment". :)

Attached Files


  • 0

#22
Rorschach112
Posted 17 February 2008 - 06:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No problem :)

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> HP Health Check Scheduler -> [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
YY -> SBI -> %SystemDrive%\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JBW8CLR\install_sbd_en[1].exe
YN -> Windows Defender -> MSASCui.exe
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> {BC865160-8B00-4000-918D-24DC459A5F21} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdmnopx.dll [bdmnopx]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
NY -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
NY -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console]
[Files/Folders - Created Within 30 days]
NY -> Deckard -> %SystemDrive%\Deckard
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YY -> 8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
YY -> @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
[Files/Folders - Modified Within 30 days]
YY -> 7 C:\Users\god\AppData\Local\Temp\*.tmp files -> C:\Users\god\AppData\Local\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> 8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
YY -> @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sp36365.exe:Zone.Identifier
YY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here




Also post a new DSS log
  • 0

#23
saltgrass
Posted 18 February 2008 - 01:30 AM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
After the fix it makes me reboot and a log never pops up so i reran and copyied the log after i ran winpfind35 as follows, ill put dss after it. Thank you again for your help.



[code=auto:0]WinPFind35 logfile created on: 2/18/2008 12:43:23 AM
WinPFind35U Version Beta51 Folder = C:\Users\god\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 99.08% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.89 Gb Total Space | 277.17 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 1.28 Gb Free Space | 13.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOD-PC
Current User Name: god
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ]
dtsrvc.exe -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ]
hpsysdrv.exe -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ]
osd.exe -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 4:06:32 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ]
hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ]
dthtml.exe -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ]
hpadvisor.exe -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 7:02:02 PM | Attr = ]
igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 256536 bytes | Modified Date = 1/2/2008 5:07:04 PM | Attr = ]
antispyware.exe -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
hookmanager.exe -> %CommonProgramFiles%\Portrait Displays\Shared\HookManager.exe -> Portrait Displays Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 6/29/2007 5:53:34 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ]
hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 67128 bytes | Modified Date = 5/16/2007 9:56:44 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 7:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 6:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 5:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 5:59:01 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 5:31:10 AM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Portrait Displays\Shared\DTSRVC.exe -> [Ver = | Size = 73728 bytes | Modified Date = 6/29/2007 5:54:16 PM | Attr = ]
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HP Games\My HP Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181800 bytes | Modified Date = 7/23/2007 4:33:06 PM | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 6:30:52 PM | Attr = ]
(IAANTMON) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 5:36:12 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 5:16:08 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 213176 bytes | Modified Date = 12/12/2007 5:31:58 PM | Attr = ]
(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 1253568 bytes | Modified Date = 12/12/2007 5:32:20 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 9:44:58 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 2:51:38 AM | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 2:51:32 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 2:51:00 AM | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 2:50:11 AM | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17592 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ]
(aswRdr) aswRdr [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 1:24:45 AM | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 1:24:46 AM | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 1:25:24 AM | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 1:24:44 AM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 1:24:47 AM | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_ldr.071003-1500) | Size = 19128 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 12:30:54 AM | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 2:51:34 AM | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_DP.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 985600 bytes | Modified Date = 12/7/2006 8:03:32 AM | Attr = ]
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSXHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 258048 bytes | Modified Date = 12/7/2006 8:04:40 AM | Attr = ]
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.6.0.1011 | Size = 305176 bytes | Modified Date = 7/12/2007 9:35:02 AM | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ]
(igfx) igfx [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\igdkmd32.sys -> Intel Corporation [Ver = 7.14.10.1409 | Size = 2016256 bytes | Modified Date = 1/2/2008 4:48:28 PM | Attr = ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 2:50:17 AM | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5502 built by: WinDDK | Size = 2015192 bytes | Modified Date = 10/25/2007 7:26:10 AM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:07 AM | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:09 AM | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:04 AM | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/19/2006 7:26:58 AM | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 2:49:53 AM | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 2:49:59 AM | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 2:50:19 AM | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 12:36:50 AM | Attr = ]
(nvraid) nvraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 88680 bytes | Modified Date = 11/2/2006 2:50:24 AM | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0822 (NT.060926-1359) | Size = 40040 bytes | Modified Date = 11/2/2006 2:50:13 AM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> system32\DRIVERS\nwlnkfwd.sys -> File not found
(PdiPorts) Portrait Displays low level device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ]
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 19072 bytes | Modified Date = 12/12/2005 10:27:00 AM | Attr = ]
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 2:51:45 AM | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.201.1228.2007 built by: WinDDK | Size = 104448 bytes | Modified Date = 12/28/2007 11:21:54 AM | Attr = ]
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite XI.SP1a\sandra.sys -> SiSoftware [Ver = 10.7.1.1 built by: WinDDK | Size = 21920 bytes | Modified Date = 11/17/2007 8:41:24 AM | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/1/2006 11:37:21 PM | Attr = ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 2:50:10 AM | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 2:50:16 AM | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 2:50:05 AM | Attr = ]
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found
(SymIMMP) SymIMMP [Kernel | On_Demand | Stopped] -> system32\DRIVERS\SymIM.sys -> File not found
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 2:49:56 AM | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 2:50:03 AM | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 2:51:25 AM | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 2:50:35 AM | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 2:50:45 AM | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20152 bytes | Modified Date = 12/8/2007 12:00:16 AM | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 2:50:41 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.61.00 built by: WinDDK | Size = 659968 bytes | Modified Date = 12/7/2006 8:04:26 AM | Attr = ]
(XAudio) XAudio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.sys -> Conexant Systems, Inc. [Ver = 1.02 built by: WinDDK | Size = 8192 bytes | Modified Date = 11/28/2006 9:44:52 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 2:25:42 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 4:06:32 AM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 6:00:23 AM | Attr = ]
DT HPW -> %ProgramFiles%\Portrait Displays\HP My Display\dthtml.exe -> Portrait Displays, Inc [Ver = 1.0.0.1 | Size = 278528 bytes | Modified Date = 6/29/2007 5:56:06 PM | Attr = ]
HotKeysCmds -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 166424 bytes | Modified Date = 1/2/2008 5:06:52 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 5:24:20 PM | Attr = ]
hpsysdrv -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 8:01:34 AM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 5:36:10 PM | Attr = ]
IgfxTray -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 141848 bytes | Modified Date = 1/2/2008 5:07:08 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\KbdStub.exe -> [Ver = | Size = 65536 bytes | Modified Date = 12/8/2006 9:16:56 AM | Attr = ]
OsdMaestro -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 4:59:00 AM | Attr = ]
Persistence -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 7.14.10.1409 | Size = 133656 bytes | Modified Date = 1/2/2008 5:07:02 PM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 102 | Size = 4702208 bytes | Modified Date = 10/25/2007 6:52:08 AM | Attr = ]
SunJavaUpdateReg -> %SystemRoot%\System32\jureg.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.7 | Size = 54936 bytes | Modified Date = 4/7/2007 3:56:47 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 7:02:02 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
Systweak AntiSpyware 2008 -> %ProgramFiles%\Systweak AntiSpyware\AntiSpyware.exe -> Systweak Inc. [Ver = 1.0.692.1426 | Size = 2924784 bytes | Modified Date = 2/9/2008 3:26:04 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 5:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxcui -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 200704 bytes | Modified Date = 1/2/2008 4:33:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.bleepingcomputer.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsof...search.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{96937438-5D7D-4E57-88EC-E26F22C50024} -> (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...ads/sysinfo.cab[SysData Class] ->
{88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...oads/msxml4.cab[XML DOM Document 4.0] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2/10/2008 3:21:37 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3211042816 bytes | Modified Date = 2/18/2008 12:38:11 AM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2/12/2008 8:18:58 AM | Attr = ]
Swsetup -> %SystemDrive%\Swsetup -> [Folder | Created Date = 2/13/2008 12:59:27 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 2/10/2008 4:13:54 PM | Attr = HS]
103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> %SystemRoot%\System32\drivers\103C_HP_CPC_GX624AA-ABA a6303w_YC_0Pavi_QCNH750_E81NAv3PrA3_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3062_J360_7Intel_8Pentium Dual E2140_91.6_#080127_N10EC8168_Z14F12F20_G808629C2.MRK -> [Ver = | Size = 1811 bytes | Modified Date = 2/10/2008 3:27:29 PM | Attr = RHS]
aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 45648 bytes | Modified Date = 12/4/2007 7:52:16 AM | Attr = ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 7:53:39 AM | Attr = ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 7:51:52 AM | Attr = ]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 5:10:42 AM | Attr = ]
PdiPorts.sys -> %SystemRoot%\System32\drivers\PdiPorts.sys -> Portrait Displays, Inc. [Ver = 1.00 built by: WinDDK | Size = 15920 bytes | Modified Date = 11/16/2006 5:20:48 PM | Attr = ]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Modified Date = 1/9/2004 2:13:58 AM | Attr = ]
AntiSpyNative32.exe -> %SystemRoot%\System32\AntiSpyNative32.exe -> [Ver = | Size = 21744 bytes | Modified Date = 2/9/2008 3:21:48 PM | Attr = ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 6:04:28 AM | Attr = ]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 5:54:04 AM | Attr = ]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 2/13/2008 3:03:55 AM | Attr = ]
grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 7.14.10.1409 | Size = 172032 bytes | Modified Date = 1/2/2008 4:33:24 PM | Attr = ]
sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3954 bytes | Modified Date = 2/13/2008 1:32:51 AM | Attr = ]
VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2/12/2008 8:19:42 AM | Attr = ]
ijl15.dll -> %SystemRoot%\ijl15.dll -> Intel Corporation [Ver = 1,5,4,36 | Size = 372736 bytes | Modified Date = 6/1/2001 9:26:00 AM | Attr = ]
Microsoft.VC80.ATL.manifest -> %SystemRoot%\Microsoft.VC80.ATL.manifest -> [Ver = | Size = 456 bytes | Modified Date = 9/23/2005 12:22:44 AM | Attr = ]
Microsoft.VC80.CRT.manifest -> %SystemRoot%\Microsoft.VC80.CRT.manifest -> [Ver = | Size = 522 bytes | Modified Date = 9/23/2005 12:22:40 AM | Attr = ]
Microsoft.VC80.MFC.manifest -> %SystemRoot%\Microsoft.VC80.MFC.manifest -> [Ver = | Size = 550 bytes | Modified Date = 9/23/2005 1:37:00 AM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ]
PCHEALTH -> %SystemRoot%\PCHEALTH -> [Folder | Created Date = 2/11/2008 1:02:22 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2/10/2008 4:15:57 PM | Attr = ]
Systweak AntiSpyware 2008 Update Checker.job -> %SystemRoot%\tasks\Systweak AntiSpyware 2008 Update Checker.job -> [Ver = | Size = 406 bytes | Modified Date = 2/17/2008 10:00:











Deckard's System Scanner v20071014.68
Run by god on 2008-02-18 00:52:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as god.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:31 AM, on 2/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Windows\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\god\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\god.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\RunOnce: [WinPFind35] C:\Users\god\Desktop\WinPFind35u\WinPFind35U.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Systweak AntiSpyware 2008] "C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe" /autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6097 bytes

-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-14 01:41:24 0 d-------- C:\Program Files\MSXML 4.0
2008-02-14 01:31:31 0 d-------- C:\Users\All Users\Malwarebytes
2008-02-14 01:31:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-13 13:20:09 372736 --a------ C:\Windows\ijl15.dl

Edited by saltgrass, 18 February 2008 - 01:54 AM.

  • 0

#24
Rorschach112
Posted 18 February 2008 - 08:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click WinPFind3U.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#25
saltgrass
Posted 18 February 2008 - 03:33 PM

saltgrass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much for all your help, followed last few steps and actually im replying from firefox now. Thanks again for all you do for not just me but for everyone. If your ever near Las Vegas, NV U.S.A look me up i owe you at LEAST dinner :)
  • 0

Advertisements

#26
Rorschach112
Posted 18 February 2008 - 04:01 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#27
Rorschach112
Posted 25 February 2008 - 07:28 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new DSS log
  • 0

#28
Rorschach112
Posted 02 March 2008 - 07:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP