Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rootkit.agent or rootkit.tncore/trace infection [RESOLVED]

Started by keigan , Feb 18 2008 12:17 AM

  • This topic is locked This topic is locked

#1
keigan
Posted 18 February 2008 - 12:17 AM

keigan

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:36 AM, on 2/18/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Synaptics\SynTP\SynToshiba.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\WINDOWS\system32\agrsmsvc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c....yahoo.com/sear

ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OutpostMonitor] D:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe

/tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Program Files\Agnitum\Outpost

Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32

advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: OP_CACHE.AT_ (User 'SYSTEM')
O4 - S-1-5-18 Startup: OP_CACHE.ID_ (User 'SYSTEM')
O4 - .DEFAULT Startup: OP_CACHE.AT_ (User 'Default user')
O4 - .DEFAULT Startup: OP_CACHE.ID_ (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Program

Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune -

{44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost

Security Suite Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi.../x86/client/wuw

eb_site.cab?1201245197109
O20 - AppInit_DLLs: d:\progra~1\agnitum\outpos~1\wl_hook.dll wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. -

D:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere

Systems - D:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper

Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software

GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6802 bytes



spydoc reports rootkit.agent
SAS reports rootkit.tncore/trace
  • 0

Advertisements

#2
Rorschach112
Posted 18 February 2008 - 08:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Open notepad, click Format, uncheck wordwrap

Then can you post the SUPERAntiSpyware report if you have it, if not run the scanner again and paste the log here


Then do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
keigan
Posted 18 February 2008 - 08:38 PM

keigan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/18/2008 at 09:31 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Quick Scan
Total Scan Time : 01:07:51

Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 640
Registry threats detected : 0
File items scanned : 112322
File threats detected : 1

RootKit.TnCore/Trace
D:\WINDOWS\system32\drivers\core.cache.dsk

=====================================================
  • 0

#4
keigan
Posted 18 February 2008 - 08:48 PM

keigan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Deckard's System Scanner v20071014.68
Run by 1 on 2008-02-18 21:41:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive D: has 0.16 GiB (less than 15%) free.


-- HijackThis (run as 1.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:46 PM, on 2/18/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\agrsmsvc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Synaptics\SynTP\SynToshiba.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\1\Desktop\dss.exe
D:\MGtools\1.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OutpostMonitor] D:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "D:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: OP_CACHE.AT_ (User 'SYSTEM')
O4 - S-1-5-18 Startup: OP_CACHE.ID_ (User 'SYSTEM')
O4 - .DEFAULT Startup: OP_CACHE.AT_ (User 'Default user')
O4 - .DEFAULT Startup: OP_CACHE.ID_ (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201245197109
O20 - AppInit_DLLs: d:\progra~1\agnitum\outpos~1\wl_hook.dll wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - D:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - D:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6512 bytes

-- Files created between 2008-01-18 and 2008-02-18 -----------------------------

2008-02-18 07:55:23 0 d-------- D:\327882R2FWJFW
2008-02-18 07:49:53 0 d-------- D:\WINDOWS\pss
2008-02-18 06:14:21 11254 --a------ D:\WINDOWS\system32\locate.com
2008-02-18 06:12:54 0 d-------- D:\MGtools
2008-02-18 06:11:45 1238736 --a------ D:\MGtools.exe
2008-02-17 18:47:20 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 18:47:07 0 d-------- D:\Program Files\SUPERAntiSpyware
2008-02-17 18:47:07 0 d-------- D:\Documents and Settings\1\Application Data\SUPERAntiSpyware.com
2008-02-17 15:16:04 0 d-------- D:\Program Files\Trend Micro
2008-02-16 14:35:10 0 d-------- D:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-02-16 13:49:28 0 dr------- D:\Documents and Settings\LocalService\Favorites
2008-02-16 13:49:08 0 d-------- D:\Documents and Settings\LocalService\Application Data\Mozilla
2008-02-16 13:44:00 0 d-------- D:\Program Files\RootKit Hook Analyzer
2008-02-16 08:55:58 0 d-------- D:\Documents and Settings\1\Application Data\Agnitum
2008-02-16 08:55:37 0 d-------- D:\WINDOWS\LastGood.Tmp
2008-02-16 08:55:21 1040561 --a------ D:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-02-16 08:55:09 0 d-------- D:\WINDOWS\system32\Filt
2008-02-16 08:55:09 0 d-------- D:\Program Files\Agnitum
2008-02-16 08:41:45 0 d-------- D:\Documents and Settings\All Users\Application Data\Agnitum
2008-02-16 07:40:19 0 d-------- D:\Program Files\Spyware Doctor
2008-02-16 07:40:19 0 d-------- D:\Documents and Settings\1\Application Data\PC Tools
2008-02-15 20:15:14 0 d-------- D:\Program Files\Lavasoft
2008-02-15 20:00:56 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 15:34:42 0 d-------- D:\Program Files\Common Files\Stardock
2008-02-15 00:22:15 256 --a------ D:\WINDOWS\system32\pool.bin
2008-02-15 00:22:14 0 d-------- D:\Documents and Settings\1\Application Data\Research In Motion
2008-02-14 05:54:40 0 d-------- D:\Program Files\Common Files\Research In Motion
2008-02-14 05:54:39 0 d-------- D:\Program Files\Research In Motion
2008-02-13 03:31:33 0 d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-02-13 03:27:55 0 --a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 03:08:15 0 d-------- D:\Program Files\%temp&
2008-02-13 02:45:44 86144 --a------ D:\WINDOWS\system32\drivers\scdemuu.sys
2008-02-12 21:04:48 115 --a------ D:\WINDOWS\fancy.bat
2008-02-11 17:59:36 0 d-------- D:\WINDOWS\system32\appmgmt
2008-02-10 05:02:25 0 d-------- D:\Program Files\mIRC
2008-02-08 06:56:25 2285056 --a------ D:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-08 05:47:13 0 d-------- D:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-08 05:47:11 0 d-------- D:\Program Files\Diskeeper Corporation
2008-02-07 04:50:23 94208 --a------ D:\WINDOWS\system32\wmpuice.dll <Not Verified; MediaTexX; uICE WMP Plugin>
2008-02-07 04:38:02 0 d-------- D:\Program Files\Winamp
2008-02-01 14:22:36 0 d-------- D:\Documents and Settings\1\Application Data\Winamp
2008-02-01 06:04:30 0 d-------- D:\Program Files\CD Art Display
2008-01-31 02:07:36 0 d-------- D:\Program Files\Soulseek-Test
2008-01-28 17:45:50 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2008-01-28 17:45:41 0 d-------- D:\Program Files\Common Files\Adobe
2008-01-28 03:22:51 0 d-------- D:\Documents and Settings\1\Application Data\Identities
2008-01-28 00:11:27 0 d-------- D:\WINDOWS\Sun
2008-01-25 23:35:02 0 d-------- D:\Program Files\Java
2008-01-25 23:35:00 0 d-------- D:\Program Files\Common Files\Java
2008-01-25 23:33:41 0 d-------- D:\Documents and Settings\1\Application Data\Sun
2008-01-25 22:07:36 0 d-------- D:\Program Files\Yahoo!
2008-01-25 18:13:29 0 d-------- D:\Program Files\Microsoft Works
2008-01-25 18:12:57 0 d-------- D:\Program Files\Microsoft.NET
2008-01-25 18:10:30 0 d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-25 17:46:54 0 d-------- D:\Program Files\PowerISO
2008-01-25 17:41:52 0 d-------- D:\Documents and Settings\1\Application Data\Macromedia
2008-01-25 17:41:52 0 d-------- D:\Documents and Settings\1\Application Data\Adobe
2008-01-25 17:41:48 1690 --a------ D:\WINDOWS\mozver.dat
2008-01-25 14:51:44 0 d-------- D:\Documents and Settings\1\Application Data\vlc
2008-01-25 14:24:57 0 d-------- D:\Documents and Settings\1\Application Data\TuneUp Software
2008-01-25 14:24:45 0 d-------- D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-25 14:24:39 0 d-------- D:\Program Files\TuneUp Utilities 2008
2008-01-25 14:23:45 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 03:02:30 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2008-01-25 02:55:03 0 d-------- D:\Program Files\Stardock
2008-01-25 02:33:13 0 d-------- D:\Program Files\Synaptics
2008-01-25 02:31:38 0 --a------ D:\WINDOWS\nsreg.dat
2008-01-25 02:31:30 0 d-------- D:\Documents and Settings\1\Application Data\Mozilla
2008-01-25 02:29:31 0 d-------- D:\WINDOWS\system32\URTTemp
2008-01-25 02:18:06 0 d-------- D:\Program Files\uTorrent
2008-01-25 02:17:58 0 d-------- D:\Documents and Settings\1\Application Data\uTorrent
2008-01-25 02:16:24 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-25 02:14:11 0 d-------- D:\WINDOWS\system32\SoftwareDistribution
2008-01-25 02:13:08 0 d---s---- D:\Documents and Settings\1\UserData
2008-01-25 02:08:27 0 d-------- D:\Documents and Settings\1\Contacts
2008-01-25 02:03:57 0 d-------- D:\Program Files\MSN Messenger
2008-01-25 01:59:37 49152 --a------ D:\WINDOWS\system32\ChCfg.exe
2008-01-25 01:59:16 0 d-------- D:\WINDOWS\system32\RTCOM
2008-01-25 01:58:49 0 d-------- D:\Program Files\Realtek
2008-01-25 01:58:49 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-01-25 01:58:46 520192 --a------ D:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-25 01:58:46 315392 --a------ D:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-25 01:58:42 0 d-------- D:\Program Files\Common Files\InstallShield
2008-01-24 23:23:05 0 d--hs---- D:\Diskeeper
2008-01-24 23:12:51 0 d--hs---- D:\$RECYCLE.BIN
2008-01-24 23:01:28 0 d-------- D:\Program Files\Ace Utilities
2008-01-24 22:55:02 0 d-------- D:\Documents and Settings\1\Application Data\ESET
2008-01-24 22:49:56 0 d-------- D:\Documents and Settings\1\Application Data\WinRAR
2008-01-24 22:48:49 0 d-------- D:\Program Files\VideoLAN
2008-01-24 22:44:24 0 d--h----- D:\Documents and Settings\1\Templates
2008-01-24 22:44:24 0 dr------- D:\Documents and Settings\1\Start Menu
2008-01-24 22:44:24 0 dr-h----- D:\Documents and Settings\1\SendTo
2008-01-24 22:44:24 0 dr-h----- D:\Documents and Settings\1\Recent
2008-01-24 22:44:24 0 d--h----- D:\Documents and Settings\1\PrintHood
2008-01-24 22:44:24 3670016 --ah----- D:\Documents and Settings\1\NTUSER.DAT
2008-01-24 22:44:24 0 d--h----- D:\Documents and Settings\1\NetHood
2008-01-24 22:44:24 0 dr------- D:\Documents and Settings\1\My Documents
2008-01-24 22:44:24 0 d--h----- D:\Documents and Settings\1\Local Settings
2008-01-24 22:44:24 0 dr------- D:\Documents and Settings\1\Favorites
2008-01-24 22:44:24 0 d-------- D:\Documents and Settings\1\Desktop
2008-01-24 22:44:24 0 d---s---- D:\Documents and Settings\1\Cookies
2008-01-24 22:44:24 0 dr-h----- D:\Documents and Settings\1\Application Data
2008-01-24 22:43:14 0 d-------- D:\WINDOWS\SoftwareDistribution
2008-01-24 22:43:09 0 d---s---- D:\WINDOWS\system32\Microsoft
2008-01-24 22:43:09 0 d-------- D:\WINDOWS\Prefetch
2008-01-24 22:43:08 262144 --ah----- D:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-24 22:43:08 0 d--h----- D:\Documents and Settings\LocalService\Local Settings
2008-01-24 22:43:08 0 d---s---- D:\Documents and Settings\LocalService\Cookies
2008-01-24 22:43:08 0 d-------- D:\Documents and Settings\LocalService\Application Data
2008-01-24 22:43:08 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-24 22:42:57 212992 --ah----- D:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-24 22:42:57 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
2008-01-24 22:42:57 0 d---s---- D:\Documents and Settings\NetworkService\Cookies
2008-01-24 22:42:57 0 d-------- D:\Documents and Settings\NetworkService\Application Data
2008-01-24 22:42:57 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-24 22:39:37 0 d-------- D:\WINDOWS\system32\xircom
2008-01-24 22:39:37 0 d-------- D:\WINDOWS\srchasst
2008-01-24 22:39:37 0 d-------- D:\Program Files\msn gaming zone
2008-01-24 22:39:37 0 d-------- D:\Program Files\microsoft frontpage
2008-01-24 22:38:29 0 d--hs---- D:\Documents and Settings\All Users\DRM
2008-01-24 22:38:17 0 dr------- D:\WINDOWS\Offline Web Pages
2008-01-24 22:38:16 0 d---s---- D:\WINDOWS\Downloaded Program Files
2008-01-24 22:38:05 0 d--h----- D:\Program Files\WindowsUpdate
2008-01-24 22:38:03 0 d-------- D:\Program Files\Online Services
2008-01-24 22:37:50 0 d-------- D:\WINDOWS\system32\DirectX
2008-01-24 22:37:32 0 d---s---- D:\WINDOWS\Tasks
2008-01-24 22:37:31 0 d-------- D:\Program Files\Common Files\MSSoap
2008-01-24 22:37:29 0 d-------- D:\WINDOWS\system32\Macromed
2008-01-24 22:37:21 0 d-------- D:\Program Files\Movie Maker
2008-01-24 22:37:04 0 d-------- D:\WINDOWS\system32\Restore
2008-01-24 22:36:25 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-01-24 22:36:19 0 d-------- D:\WINDOWS\Registration
2008-01-24 22:36:04 44544 --a------ D:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-24 22:35:57 0 d-------- D:\Program Files\Windows NT
2008-01-24 22:35:53 0 d-------- D:\WINDOWS\system32\MsDtc
2008-01-24 22:35:51 0 d-------- D:\WINDOWS\system32\Com
2008-01-24 17:33:43 0 d-------- D:\Program Files\Apoint2K
2008-01-24 17:33:07 0 d-------- D:\WINDOWS\system32\ReinstallBackups
2008-01-24 17:33:06 0 d-------- D:\WINDOWS\system32\x64
2008-01-24 17:33:06 0 d-------- D:\WINDOWS\system32\Lang
2008-01-24 17:32:58 0 d------c- D:\WINDOWS\system32\DRVSTORE
2008-01-24 17:32:01 0 d--hs---- D:\WINDOWS\Installer
2008-01-24 17:32:00 0 d-------- D:\Program Files\Common Files\ODBC
2008-01-24 17:31:56 0 dr------- D:\Program Files
2008-01-24 17:31:56 0 d-------- D:\Program Files\Common Files
2008-01-24 17:31:56 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-01-24 17:31:55 262144 --ah----- D:\Documents and Settings\Default User\NTUSER.DAT
2008-01-24 17:31:40 0 d--h----- D:\Documents and Settings\Default User\Templates
2008-01-24 17:31:40 0 dr------- D:\Documents and Settings\Default User\Start Menu
2008-01-24 17:31:40 0 dr-h----- D:\Documents and Settings\Default User\SendTo
2008-01-24 17:31:40 0 d--h----- D:\Documents and Settings\Default User\Recent
2008-01-24 17:31:40 0 d--h----- D:\Documents and Settings\Default User\PrintHood
2008-01-24 17:31:40 0 d--h----- D:\Documents and Settings\Default User\NetHood
2008-01-24 17:31:40 0 d-------- D:\Documents and Settings\Default User\My Documents
2008-01-24 17:31:40 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
2008-01-24 17:31:40 0 d-------- D:\Documents and Settings\Default User\Favorites
2008-01-24 17:31:40 0 d-------- D:\Documents and Settings\Default User\Desktop
2008-01-24 17:31:40 0 d---s---- D:\Documents and Settings\Default User\Cookies
2008-01-24 17:31:40 0 d--h----- D:\Documents and Settings\All Users\Templates
2008-01-24 17:31:40 0 dr------- D:\Documents and Settings\All Users\Start Menu
2008-01-24 17:31:40 0 d-------- D:\Documents and Settings\All Users\Favorites
2008-01-24 17:31:40 0 dr------- D:\Documents and Settings\All Users\Documents
2008-01-24 17:31:40 0 d-------- D:\Documents and Settings\All Users\Desktop
2008-01-24 17:31:10 0 d-------- D:\WINDOWS\system32\CatRoot2
2008-01-24 17:31:10 0 d-------- D:\WINDOWS\system32\CatRoot
2008-01-24 17:31:05 0 dr-h----- D:\Documents and Settings\Default User\Application Data
2008-01-24 17:31:05 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-24 17:31:05 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-24 17:31:04 0 dr-h----- D:\Documents and Settings\All Users\Application Data
2008-01-24 17:30:38 0 d-------- D:\Documents and Settings
2008-01-24 17:30:37 0 d--hs---- D:\System Volume Information
2008-01-24 17:25:38 0 d-------- D:\WINDOWS
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\WinSxS
2008-01-24 17:25:38 0 dr------- D:\WINDOWS\Web
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\twain_32
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\wins
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\wbem
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\usmt
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\spool
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\ShellExt
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\Setup
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\ras
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\oobe
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\npp
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\mui
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\inetsrv
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\IME
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\icsxml
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\ias
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\export
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\en
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\drivers
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\drivers\etc
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\drivers\disdn
2008-01-24 17:25:38 0 dr-hs--c- D:\WINDOWS\system32\dllcache
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\dhcp
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\config
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\3com_dmi
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\3076
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\2052
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1054
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1042
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1041
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1037
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1033
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1031
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1028
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system32\1025
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\system
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\security
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Resources
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\repair
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Provisioning
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\PeerNet
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\PCHealth
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\NLDRV
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Network Diagnostic
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\mui
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\msapps
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\msagent
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Media
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\L2Schemas
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\java
2008-01-24 17:25:38 0 d--h----- D:\WINDOWS\inf
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\ime
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Help
2008-01-24 17:25:38 0 dr--s---- D:\WINDOWS\Fonts
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Driver Cache
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Debug
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Cursors
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Connection Wizard
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\Config
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\AppPatch
2008-01-24 17:25:38 0 d-------- D:\WINDOWS\addins
2008-01-23 18:18:37 1614336 --a------ D:\WINDOWS\system32\sfcfiles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-23 17:59:24 361088 --a------ D:\WINDOWS\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-23 17:59:23 218624 --a------ D:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-01-24 17:31:40 62 --ahs---- D:\Documents and Settings\1\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [01/23/2008 06:16 PM]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [01/23/2008 06:15 PM]
"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [01/23/2008 06:16 PM]
"Apoint"="D:\Program Files\Apoint2K\Apoint.exe" [01/23/2008 06:17 PM]
"RTHDCPL"="RTHDCPL.EXE" [12/20/2007 04:47 PM D:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM D:\WINDOWS\Alcmtr.exe]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/27/2007 11:38 AM]
"OutpostMonitor"="D:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [12/08/2007 05:11 PM]
"OutpostFeedBack"="D:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" [12/04/2007 03:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [02/13/2008 10:35 PM]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [10/30/2007 11:32 PM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

D:\Documents and Settings\1\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - D:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/11/2007 5:34:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
D:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 01/26/2008 04:38 AM 210168 D:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=d:\progra~1\agnitum\outpos~1\wl_hook.dll wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts RemoteRegistry upnphost SSDPSRV
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-02-18 21:43:00 ------------
  • 0

#5
keigan
Posted 18 February 2008 - 09:00 PM

keigan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
dss.exe doesn't produce extra.txt file after scan
  • 0

#6
Rorschach112
Posted 19 February 2008 - 05:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
keigan
Posted 20 February 2008 - 04:18 AM

keigan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i thank you for all your help. i've cut it short after being sick of trying to fight this thing for a week. i've admitted defeat and formatted. thanks again.
  • 0

#8
Rorschach112
Posted 20 February 2008 - 07:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP