|
#1
August 25th, 2008, 03:58 PM
|
|||
|
|||
|
Computer completlely lock up got to post from job
my computer is completly lock-up by virus
- when i start my computer seek&destroy keep asking me too change registry and it spam all my window whit request . too stop it i got to kill the process (something)tea.exe -when i try to go on the internet im automaticly redirected no matter what ulr i put -i cannot update my anti virus AGP. it say cannot find the server and its like that for any program - my background changed to a blue and red picture and i cant change it -when i run a programm 15 minute latter it froze and i got too pull the plug Right now im at the job i might not be able to reply for another 24 hour . but i can read reply from my ps3 tonight and do small reply i can also download stuff here and put it on memory chip and run it on infected computer tonight il try to borrom a portable too help me pls i manage to do a hijackthis log last night if it can help i canot run combo fix it say it got to restart computer it do it but nothing appen when it restart Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52:12 AM, on 8/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66010 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=66010 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&c...ca&ibd=4061009 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\oembios.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?e8f9d8d8f7d44a25ae056b8ee40629a8 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?e8f9d8d8f7d44a25ae056b8ee40629a8 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Documents and Settings\weedman\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe -- End of file - 12302 bytes 
|
|
#3
August 27th, 2008, 11:36 PM
|
||||
|
||||
|
Hello tim123,
The computer does show infection, but we can address that here. Now that you recall your originally user name and passwords be sure to store those somewhere, to have down the road should problems occur again. Or to just participate in the forums here. I am assuming this computer is the same system you recently cleaned with our help here, correct? Let's start with a more detailed view now, then begin repairs after. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan. When the display opens place a check next to: Scan All Users Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt. Note - do not press any other buttons or make any other changes when running the scan. You can use separate posts here when replying and posting the log files if needed.
|
|
#4
August 28th, 2008, 02:53 AM
|
|||
|
|||
|
thx for help
OTViewIt logfile created on: 8/27/2008 9:45:11 PM - Run 2 OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\weedman\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.13 Gb Total Space | 72.90 Gb Free Space | 31.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 15.05 Gb Total Space | 8.99 Gb Free Space | 59.73% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ERIC Current User Name: weedman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users ===== Processes - Non-Microsoft Only ===== [05/30/2007 08:31 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [10/23/2007 09:38 AM | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe [04/27/2007 12:50 AM | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe [12/22/2007 10:21 AM | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgemc.exe [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe [12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE [07/06/2006 08:14 AM | 00,090,112 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [10/22/2006 01:22 PM | 00,159,810 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe [06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe [06/13/2008 03:29 PM | 00,356,920 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe [08/07/2008 12:12 PM | 01,073,544 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe [06/01/2006 05:25 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe [07/16/2008 09:16 AM | 01,166,216 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsTray.exe [11/08/2005 01:30 PM | 00,016,384 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\CTHELPER.EXE [03/02/2006 05:00 AM | 00,018,944 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTXFIHLP.EXE [09/25/2007 01:11 AM | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [07/06/2006 08:15 AM | 00,151,552 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [10/05/2005 04:12 AM | 00,094,208 | ---- | M] () - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [06/18/2003 02:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe [03/02/2006 04:53 AM | 00,717,312 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTXFISPI.EXE [06/10/2005 11:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [09/08/2005 06:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [04/18/2008 09:21 AM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgcc.exe [07/07/2007 09:48 PM | 00,282,624 | ---- | M] (Apple Inc.) - C:\Program Files\QuickTime\qttask.exe [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [06/11/2007 05:25 AM | 06,731,312 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [02/04/2008 12:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [07/16/2006 10:29 PM | 00,389,120 | ---- | M] (Gteko Ltd.) - C:\Program Files\Dell Support\DSAgnt.exe [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe [01/28/2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [05/28/2008 10:33 AM | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe [08/27/2008 09:10 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\weedman\Desktop\OTViewIt.exe ===== Win32 Services - Non-Microsoft Only ===== (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Auto | Running] [05/30/2007 08:31 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Avg7Alrt) AVG7 Alert Manager Server [Auto | Running] [10/23/2007 09:38 AM | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (Avg7UpdSvc) AVG7 Update Service [Auto | Running] [04/27/2007 12:50 AM | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (AVGEMS) AVG E-mail Scanner [Auto | Running] [12/22/2007 10:21 AM | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgemc.exe (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # [Auto | Running] [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe (Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] [12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE (dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] [08/10/2004 06:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (ELService) Intel(R) Quick Resume technology [Auto | Running] [06/01/2006 05:25 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] [08/16/2008 10:59 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] [07/06/2006 08:14 AM | 00,090,112 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] [04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (iPod Service) iPod Service [On_Demand | Running] [06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (NVSvc) NVIDIA Display Driver Service [Auto | Running] [10/22/2006 01:22 PM | 00,159,810 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (PnkBstrA) PnkBstrA [Auto | Running] [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe (ProtexisLicensing) ProtexisLicensing [Auto | Running] [06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] [08/02/2005 05:18 PM | 00,086,016 | ---- | M] (CACE Technologies) - C:\Program Files\WinPcap\rpcapd.exe (sdAuxService) PC Tools Auxiliary Service [Auto | Running] [06/13/2008 03:29 PM | 00,356,920 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe (sdCoreService) PC Tools Security Service [Auto | Running] [08/07/2008 12:12 PM | 01,073,544 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe ===== Driver Services - Non-Microsoft Only ===== (AliIde) AliIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys (amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped] [08/04/2004 12:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS (asc) asc [Disabled | Stopped] [08/17/2001 02:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys (asc3550) asc3550 [Disabled | Stopped] [08/17/2001 02:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [System | Running] [05/30/2007 08:10 AM | 00,011,000 | ---- | M] () - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (Avg7Core) AVG7 Kernel [System | Running] [10/23/2007 09:38 AM | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7core.sys (Avg7RsW) AVG7 Wrap Driver [System | Running] [04/27/2007 12:50 AM | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7rsw.sys (Avg7RsXP) AVG7 Resident Driver XP [System | Running] [04/27/2007 12:51 AM | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7rsxp.sys (AvgAsCln) AVG Anti-Spyware Clean Driver [System | Running] [05/30/2007 08:10 AM | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\AvgAsCln.sys (AvgClean) AVG7 Clean Driver [System | Running] [12/22/2007 10:21 AM | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avgclean.sys (AvgTdi) AVG Network Redirector [Auto | Running] [04/27/2007 12:50 AM | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avgtdi.sys (catchme) catchme [On_Demand | Stopped] File not found - C:\DOCUME~1\weedman\LOCALS~1\Temp\catchme.sys (CmdIde) CmdIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys (ctac32k) Creative AC3 Software Decoder [On_Demand | Running] [11/08/2005 01:14 PM | 00,502,272 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctac32k.sys (ctaud2k) Creative Audio Driver (WDM) [On_Demand | Running] [11/08/2005 01:15 PM | 00,439,680 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctaud2k.sys (ctdvda2k) Creative DVD-Audio Device Driver [On_Demand | Stopped] [07/13/2005 10:18 AM | 00,340,704 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctdvda2k.sys (ctprxy2k) Creative Proxy Driver [On_Demand | Running] [11/08/2005 01:15 PM | 00,007,168 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctprxy2k.sys (ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,143,360 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctsfm2k.sys (dac2w2k) dac2w2k [Disabled | Stopped] [08/17/2001 02:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys (DLABOIOM) DLABOIOM [Auto | Running] [09/08/2005 06:20 AM | 00,025,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS (DLACDBHM) DLACDBHM [System | Running] [08/25/2005 01:16 PM | 00,005,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS (DLADResN) DLADResN [Auto | Running] [09/08/2005 06:20 AM | 00,002,496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS (DLAIFS_M) DLAIFS_M [Auto | Running] [09/08/2005 06:20 AM | 00,086,524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (DLAOPIOM) DLAOPIOM [Auto | Running] [09/08/2005 06:20 AM | 00,014,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (DLAPoolM) DLAPoolM [Auto | Running] [09/08/2005 06:20 AM | 00,006,364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS (DLARTL_N) DLARTL_N [System | Running] [08/25/2005 01:16 PM | 00,022,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS (DLAUDFAM) DLAUDFAM [Auto | Running] [09/08/2005 06:20 AM | 00,094,332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (DLAUDF_M) DLAUDF_M [Auto | Running] [09/08/2005 06:20 AM | 00,087,036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (dmboot) dmboot [Disabled | Stopped] [08/10/2004 06:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmio) Logical Disk Manager Driver [Boot | Running] [08/10/2004 06:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmload) dmload [Boot | Running] [08/10/2004 06:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (DRVMCDB) DRVMCDB [Boot | Running] [09/12/2005 04:30 AM | 00,089,264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS (DRVNDDM) DRVNDDM [Auto | Running] [08/12/2005 06:20 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS (DSproct) DSproct [On_Demand | Stopped] [01/10/2006 01:07 PM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (E100B) Intel(R) PRO Adapter Driver [On_Demand | Stopped] [08/17/2001 01:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [On_Demand | Running] [06/05/2006 02:49 PM | 00,230,400 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e1e5132.sys (EagleNT) EagleNT [On_Demand | Stopped] File not found - C:\WINDOWS\system32\drivers\EagleNT.sys (ELacpi) ELacpi [On_Demand | Running] [05/09/2006 04:36 PM | 00,009,728 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ELacpi.sys (ELhid) EL hid Service [System | Running] [05/09/2006 04:36 PM | 00,010,112 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elhid.sys (ELkbd) EL KB Service [System | Running] [05/09/2006 04:36 PM | 00,006,912 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elkbd.sys (ELmon) EL Monitor Service [System | Running] [05/09/2006 04:36 PM | 00,007,040 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elmon.sys (ELmou) EL Mouse Service [System | Running] [05/09/2006 04:36 PM | 00,006,400 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elmou.sys (emupia) E-mu Plug-in Architecture Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,077,824 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\emupia2k.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (ha20x2k) Creative 20X HAL Driver [On_Demand | Running] [02/15/2006 07:40 AM | 01,096,192 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ha20x2k.sys (hamachi) Hamachi Network Interface [On_Demand | Stopped] [04/12/2007 09:38 PM | 00,026,056 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\hamachi.sys (HSFHWBS2) HSFHWBS2 [On_Demand | Running] [11/17/2003 10:59 PM | 00,212,224 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWBS2.sys (HSF_DP) HSF_DP [On_Demand | Running] [11/17/2003 10:56 PM | 01,042,432 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys (iastor) Intel RAID Controller [Boot | Running] [07/06/2006 07:59 AM | 00,246,784 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys (IKFileSec) File Security Driver [Boot | Running] [06/02/2008 03:19 PM | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys (IKSysFlt) System Filter Driver [System | Running] [06/02/2008 03:19 PM | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys (IKSysSec) System Security Driver [System | Running] [06/10/2008 09:22 PM | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [On_Demand | Running] [04/11/2007 03:32 PM | 00,034,832 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFilt.Sys (LHidKe) Logitech SetPoint HID Mouse Filter Driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,025,600 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidKE.Sys (LHidUsbK) Logitech SetPoint USB Receiver device driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,036,480 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidUsbK.sys (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [On_Demand | Running] [04/11/2007 03:32 PM | 00,036,112 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFilt.Sys (LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,068,352 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys (mdmxsdk) mdmxsdk [Auto | Running] [04/09/2003 07:48 PM | 00,011,043 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys (mraid35x) mraid35x [Disabled | Stopped] [08/17/2001 02:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys (MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped] [11/22/2004 06:36 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys (MrFilter) EasyWrite Driver [Boot | Running] [10/03/2002 09:57 PM | 00,012,064 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\MRFilter.sys (NAL) Nal Service [On_Demand | Stopped] [06/05/2006 04:39 AM | 00,024,064 | ---- | M] (Intel Corporation ) - C:\WINDOWS\system32\drivers\iqvw32.sys (nv) nv [On_Demand | Running] [10/22/2006 01:22 PM | 03,994,624 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (ossrv) Creative OS Services Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,114,688 | R--- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctoss2k.sys (pcouffin) VSO Software pcouffin [On_Demand | Running] [11/02/2007 11:56 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys (Ptilink) Direct Parallel Link Driver [On_Demand | Running] [08/10/2004 06:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (PxHelp20) PxHelp20 [Boot | Running] [01/31/2008 06:11 PM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys (ql1080) ql1080 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys (ql12160) ql12160 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys (ql1280) ql1280 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys (SASDIFSV) SASDIFSV [System | Running] [05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
|
|
#5
August 28th, 2008, 02:55 AM
|
|||
|
|||
|
(SASENUM) SASENUM [On_Demand | Running]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASKUTIL) SASKUTIL [System | Running] [05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (Secdrv) Secdrv [Auto | Running] [11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running] [04/04/2005 06:43 AM | 00,048,640 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfdrv01.sys (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running] [02/23/2005 11:59 AM | 00,006,656 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfhlp02.sys (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Boot | Running] [04/14/2005 08:12 AM | 00,019,968 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfsync02.sys (sisagp) SIS AGP Bus Filter [Disabled | Stopped] [08/04/2004 12:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS (Sparrow) Sparrow [Disabled | Stopped] [08/17/2001 03:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys (sptd) sptd [Boot | Running] [01/13/2008 06:35 PM | 00,715,248 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys (symc810) symc810 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys (symc8xx) symc8xx [Disabled | Stopped] [08/17/2001 03:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys (sym_hi) sym_hi [Disabled | Stopped] [08/17/2001 03:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys (sym_u3) sym_u3 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys (ultra) ultra [Disabled | Stopped] [08/17/2001 02:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys (winachsf) winachsf [On_Demand | Running] [11/17/2003 10:58 PM | 00,680,704 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (WmBEnum) Logitech Virtual Bus Enumerator Driver [On_Demand | Running] [04/12/2005 07:21 PM | 00,010,144 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmBEnum.sys (WmFilter) Logitech Gaming HID Filter Driver [On_Demand | Stopped] [04/12/2005 07:21 PM | 00,022,240 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmFilter.sys (WmVirHid) Logitech Virtual Hid Device Driver [On_Demand | Stopped] [04/12/2005 07:21 PM | 00,005,600 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmVirHid.sys (WmXlCore) Logitech WingMan Translation Layer Driver [On_Demand | Running] [04/12/2005 07:21 PM | 00,045,504 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmXlCore.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "!AVG Anti-Spyware" = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [06/11/2007 05:25 AM | 06,731,312 | ---- | M] (GRISOFT s.r.o.) "AudioDrvEmulator" = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" [11/04/2005 07:07 PM | 00,049,152 | ---- | M] (Creative Technology Ltd.) "AVG7_CC" = C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP [04/18/2008 09:21 AM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.) "CTDVDDET" = "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) "CTHelper" = CTHELPER.EXE [11/08/2005 01:30 PM | 00,016,384 | ---- | M] (Creative Technology Ltd) "CTxfiHlp" = CTXFIHLP.EXE [03/02/2006 05:00 AM | 00,018,944 | ---- | M] (Creative Technology Ltd) "DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 06:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) "DMXLauncher" = C:\Program Files\Dell\Media Experience\DMXLauncher.exe [10/05/2005 04:12 AM | 00,094,208 | ---- | M] () "IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [07/06/2006 08:15 AM | 00,151,552 | ---- | M] (Intel Corporation) "ISTray" = "C:\Program Files\Spyware Doctor\pctsTray.exe" [07/16/2008 09:16 AM | 01,166,216 | ---- | M] (PC Tools) "ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 11:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 11:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.) "Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) "Logitech Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) "MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/22/2006 01:22 PM | 07,700,480 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [10/22/2006 01:22 PM | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" = nwiz.exe /install [10/22/2006 01:22 PM | 01,622,016 | ---- | M] () "QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [07/07/2007 09:48 PM | 00,282,624 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [02/04/2008 12:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) "UpdReg" = C:\WINDOWS\UpdReg.EXE [05/11/2000 02:00 AM | 00,090,112 | ---- | M] (Creative Technology Ltd.) "VolPanel" = "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r [10/14/2005 12:01 PM | 00,122,880 | ---- | M] (Creative Technology Ltd) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Key does not exist or could not be opened. "run" = Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) "DellSupport" = "C:\Program Files\Dell Support\DSAgnt.exe" /startup [07/16/2006 10:29 PM | 00,389,120 | ---- | M] (Gteko Ltd.) "SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01/28/2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [05/28/2008 10:33 AM | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run" = C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE [10/23/2007 09:38 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run" = C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE [10/23/2007 09:38 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run" = C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE [10/23/2007 09:38 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.) [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run" = C:\PROGRA~1\Grisoft\AVG Free\avgw.exe /RUNONCE [10/23/2007 09:38 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.) [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) "DellSupport" = "C:\Program Files\Dell Support\DSAgnt.exe" /startup [07/16/2006 10:29 PM | 00,389,120 | ---- | M] (Gteko Ltd.) "SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01/28/2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [05/28/2008 10:33 AM | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [weedman Startup Folder - C:\Documents and Settings\weedman\Start Menu\Programs\Startup] ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] HKLM CLSID: () - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] HKLM CLSID: (Spybot-S&D IE Protection) - [01/28/2008 11:43 AM | 01,554,256 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] HKLM CLSID: (DriveLetterAccess) - [09/08/2005 06:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [09/25/2007 01:11 AM | 00,501,136 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll "{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{855F3B16-6D32-4FE6-8A56-BBB695989046}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll "{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{855F3B16-6D32-4FE6-8A56-BBB695989046}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer] "NoDriveAutoRun" = 67108863 "NoDriveTypeAutoRun" = 255 "NoCDBurning" = 0 "NoDrives" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found "InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found "DisableRegistryTools" = 0 "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 "NoDrives" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System] "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 "DisableRegistryTools" = 0 "NoDispBackgroundPage" = 1 "NoDispScrSavPage" = 1 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\Explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\System] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer\run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer] "NoDriveTypeAutoRun" = 145 "NoDrives" = 0 [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run] [HKEY_USERS\S-1-5-21-1869135222-3639571664-2750438611-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System] "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 "DisableRegistryTools" = 0 "NoDispBackgroundPage" = 1 "NoDispScrSavPage" = 1 ===== Desktop Components ===== ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe [08/22/2008 07:17 AM | 01,093,632 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe [08/21/2008 10:55 AM | 01,055,232 | ---- | M] (Nexon)
|
|
#6
August 28th, 2008, 02:57 AM
|
|||
|
|||
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe [09/26/2006 06:53 PM | 07,574,463 | ---- | M] () "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [05/11/2007 01:05 AM | 02,737,560 | ---- | M] (Microsoft Corp.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe [08/10/2008 11:25 AM | 00,766,212 | ---- | M] (Blizzard Entertainment) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe [08/13/2008 05:46 PM | 00,111,928 | ---- | M] () "C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe" = C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe [07/25/2005 11:25 PM | 02,019,328 | ---- | M] () "C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\uotd.exe" = C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\uotd.exe [07/25/2005 11:29 PM | 01,953,792 | ---- | M] ( ) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe [12/25/2007 02:10 PM | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe [03/10/2005 02:00 PM | 01,286,144 | ---- | M] () "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE [02/16/2006 03:14 AM | 05,033,984 | R--- | M] (Team 17 Ltd) "C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe [02/01/2008 01:34 AM | 06,606,112 | ---- | M] (SmartSoft Ltd.) "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe [02/28/2008 02:57 PM | 00,274,432 | ---- | M] (Blizzard Entertainment) "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe [04/01/2008 06:40 AM | 00,172,280 | ---- | M] (ICQ, Inc.) "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe [06/26/2008 08:01 PM | 00,471,040 | ---- | M] (Blizzard Entertainment) "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [07/11/2008 05:17 PM | 00,159,744 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe [08/22/2008 07:17 AM | 01,093,632 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe [08/21/2008 10:55 AM | 01,055,232 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe [08/05/2008 04:37 AM | 01,458,912 | ---- | M] (Nexon Corp.) "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [06/20/2008 03:43 PM | 03,330,048 | ---- | M] () "C:\Program Files\Atari\ArmA\arma.exe" = C:\Program Files\Atari\ArmA\arma.exe [08/24/2008 05:26 PM | 06,373,376 | ---- | M] (Bohemia Interactive) "C:\Program Files\Atari\ArmA\arma_server.exe" = C:\Program Files\Atari\ArmA\arma_server.exe [08/24/2008 05:26 PM | 05,484,636 | ---- | M] (Bohemia Interactive) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [08/10/2004 06:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe "C:\WINDOWS\system32\oembios.exe" - [08/10/2004 06:00 AM | 00,324,608 | R--- | M] () C:\WINDOWS\system32\oembios.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [08/10/2004 06:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [08/10/2004 06:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com) ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{6DE6A88A-1CAD-4F51-8B4B-7A903C0D0B77}] Servers: | Description: Intel(R) 82566DC Gigabit Network Connection ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== AUTOEXEC.BAT [] [08/16/2005 05:43 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command] "" = E:\setup.exe File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{debc7c7e-0338-11dc-bf63-001676db23e5}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{debc7c7e-0338-11dc-bf63-001676db23e5}\Shell\Autoplay] "MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{debc7c7e-0338-11dc-bf63-001676db23e5}\Shell\Autoplay\DropTarget] "CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931} ===== Hosts File ===== HOSTS File = (250510 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.1001-search.info 127.0.0.1 1001-search.info 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com 127.0.0.1 123topsearch.com 127.0.0.1 www.132.com 127.0.0.1 132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net [Files/Folders - Created Within 30 days] [08/15/2008 11:27 PM | ---D | C] - C:\Deckard [08/16/2008 11:30 PM | 00,006,052 | ---- | C] () - C:\upload.php [08/16/2008 11:40 PM | 00,006,531 | ---- | C] () - C:\install.php [08/18/2008 03:08 AM | ---D | C] - C:\temp [08/20/2008 10:26 AM | -HSD | C] - C:\Config.Msi [08/23/2008 05:53 PM | ---D | C] - C:\ComboFix [08/23/2008 05:54 PM | 00,000,209 | ---- | C] () - C:\Boot.bak [08/23/2008 05:54 PM | 00,260,272 | ---- | C] () - C:\cmldr [08/23/2008 05:54 PM | ---D | C] - C:\cmdcons [08/24/2008 04:55 PM | ---D | C] - C:\ArmA_GoldEdition_Install [08/24/2008 05:27 PM | -HSD | C] - C:\RECYCLER [08/27/2008 02:01 PM | 32,191,77472 | -HS- | C] () - C:\hiberfil.sys [08/27/2008 01:59 PM | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\kcom.sys [08/27/2008 01:59 PM | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\ikfilesec.sys [08/27/2008 01:59 PM | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksysflt.sys [08/27/2008 01:59 PM | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksyssec.sys [16 C:\WINDOWS\System32\*.tmp files] [08/17/2008 01:37 AM | 01,073,152 | ---- | C] () - C:\WINDOWS\System32\libmysql_c.dll [08/24/2008 07:38 PM | -HSD | C] - C:\WINDOWS\System32\sysproc64 [08/24/2008 07:39 PM | 00,625,208 | ---- | C] () - C:\WINDOWS\System32\phcp36j0er8v.bmp [1 C:\WINDOWS\*.tmp files] [08/20/2008 02:58 AM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe [08/20/2008 02:58 AM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe [08/20/2008 02:58 AM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe [08/20/2008 02:58 AM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe [08/20/2008 02:58 AM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe [08/20/2008 02:58 AM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe [08/20/2008 02:58 AM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe [08/20/2008 02:58 AM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe [08/23/2008 06:01 PM | ---D | C] - C:\WINDOWS\temp [08/27/2008 04:26 PM | ---D | C] - C:\WINDOWS\Prefetch [08/27/2008 04:38 PM | 00,000,580 | ---- | C] () - C:\WINDOWS\tasks\Free Registry Fix.job [08/20/2008 03:25 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [08/15/2008 12:55 AM | ---D | C] - C:\Documents and Settings\weedman\Application Data\FileZilla [08/20/2008 03:25 AM | ---D | C] - C:\Documents and Settings\weedman\Application Data\SUPERAntiSpyware.com [08/27/2008 01:59 PM | ---D | C] - C:\Documents and Settings\weedman\Application Data\PC Tools [08/20/2008 10:25 AM | ---D | C] - C:\Documents and Settings\weedman\Local Settings\Application Data\NOS [08/24/2008 05:27 PM | ---D | C] - C:\Documents and Settings\weedman\Local Settings\Application Data\ArmA [08/27/2008 04:38 PM | ---D | C] - C:\Documents and Settings\weedman\Local Settings\Application Data\Promosoft Corporation [08/03/2008 10:42 PM | 00,000,000 | -H-- | C] () - C:\Documents and Settings\weedman\My Documents\Default.rdp [08/15/2008 02:23 AM | 00,001,383 | ---- | C] () - C:\Documents and Settings\weedman\My Documents\New Database.odb [08/16/2008 10:56 PM | ---D | C] - C:\Documents and Settings\weedman\My Documents\Downloaded Installations [08/18/2008 03:09 AM | ---D | C] - C:\Documents and Settings\weedman\My Documents\Unnamed Site 2 [08/24/2008 05:27 PM | ---D | C] - C:\Documents and Settings\weedman\My Documents\ArmA [08/17/2008 01:37 AM | 00,000,872 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Navicat for MySQL.lnk [08/20/2008 03:25 AM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [08/27/2008 01:59 PM | 00,001,637 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [08/27/2008 04:38 PM | 00,001,005 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk [08/27/2008 04:38 PM | 00,001,708 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk [08/04/2008 07:47 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\facebook [08/06/2008 10:01 PM | 00,223,757 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\Shells.JPG [08/06/2008 10:02 PM | 00,637,687 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\000.JPG [08/06/2008 10:10 PM | 00,524,684 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\000_0139.JPG [08/06/2008 12:25 PM | 00,000,801 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\New Text Document.html [08/08/2008 12:18 AM | 00,120,639 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\tibet_2008.png [08/09/2008 11:19 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\Cache [08/11/2008 04:34 PM | 29,633,0688 | ---- | C] (Activision ) - C:\Documents and Settings\weedman\Desktop\CoD4MW-1.6-PatchSetup.exe [08/14/2008 02:53 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\oscommerce [08/15/2008 01:05 PM | 00,000,204 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\New Text Document (2).html [08/15/2008 11:27 PM | 00,686,630 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\dss.exe [08/16/2008 10:31 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\cybertechhelp [08/16/2008 10:56 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\dw [08/16/2008 11:09 PM | 00,000,877 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\Shortcut to Dreamweaver2.exe.lnk [08/16/2008 11:59 PM | 05,821,078 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\XXX_v1_0_3.zip [08/16/2008 11:59 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\phpTGPgalery [08/17/2008 01:34 AM | 09,961,043 | ---- | C] (PremiumSoft CyberTech Ltd. ) - C:\Documents and Settings\weedman\Desktop\navicat8_mysql_en.exe [08/17/2008 11:35 AM | ---D | C] - C:\Documents and Settings\weedman\Desktop\XXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXX [08/18/2008 01:01 AM | ---D | C] - C:\Documents and Settings\weedman\Desktop\TUMBBBBBBBBB [08/18/2008 01:48 AM | 10,017,168 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\gallery-2.2.5-typical.zip [08/18/2008 02:23 AM | 00,119,259 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\ftgps11.zip [08/18/2008 03:18 PM | 00,002,420 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\Anal.html [08/18/2008 12:54 AM | 02,052,100 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\04.mpg [08/19/2008 01:20 PM | 00,005,402 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\webcam.JPG [08/19/2008 11:55 AM | ---D | C] - C:\Documents and Settings\weedman\Desktop\Temp silent runer [08/20/2008 03:19 AM | 06,467,096 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\SUPERAntiSpyware.exe [08/22/2008 08:42 PM | 04,502,733 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\privatepornmovies.com-2008-aug21-01.wmv [08/23/2008 05:51 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\combo fix [08/24/2008 04:49 PM | ---D | C] - C:\Documents and Settings\weedman\Desktop\ArmA Gold Setup [08/24/2008 05:27 PM | 00,000,738 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\ArmA.lnk [08/25/2008 12:47 AM | ---D | C] - C:\Documents and Settings\weedman\Desktop\Unused Desktop Shortcuts [08/27/2008 01:49 PM | 13,559,336 | ---- | C] (PC Tools ) - C:\Documents and Settings\weedman\Desktop\sdsetup.exe [08/27/2008 01:58 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\weedman\Desktop\ATF-Cleaner.exe [08/27/2008 03:53 PM | 06,330,730 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\u7avi1362v0.bin [08/27/2008 03:56 PM | 00,876,306 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\x8all56vx.bin [08/27/2008 04:06 PM | 26,793,601 | ---- | C] () - C:\Documents and Settings\weedman\Desktop\u7iavi1637g5.bin [08/27/2008 04:37 PM | 02,528,320 | ---- | C] (Promosoft Corporation) - C:\Documents and Settings\weedman\Desktop\frfwebsite.exe [08/27/2008 09:41 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\weedman\Desktop\OTViewIt.exe [08/20/2008 10:26 AM | 00,001,757 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [08/16/2008 10:59 PM | ---D | C] - C:\Program Files\Common Files\Macrovision Shared [08/15/2008 12:55 AM | ---D | C] - C:\Program Files\FileZilla FTP Client [08/16/2008 11:06 PM | ---D | C] - C:\Program Files\Bonjour [08/17/2008 01:37 AM | ---D | C] - C:\Program Files\PremiumSoft [08/20/2008 03:25 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware [08/24/2008 05:11 PM | ---D | C] - C:\Program Files\Atari [08/24/2008 05:22 PM | ---D | C] - C:\Program Files\OpenAL [08/27/2008 01:59 PM | ---D | C] - C:\Program Files\Spyware Doctor [08/27/2008 04:38 PM | ---D | C] - C:\Program Files\Promosoft Corporation [Files/Folders - Modified Within 30 days] [08/05/2008 08:55 PM | 00,000,232 | -H-- | M] () - C:\sqmdata02.sqm [08/05/2008 08:55 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt02.sqm [08/10/2008 07:47 PM | ---D | M] - C:\eric [08/15/2008 11:27 PM | ---D | M] - C:\Deckard [08/16/2008 11:30 PM | 00,006,052 | ---- | M] () - C:\upload.php [08/16/2008 11:40 PM | 00,006,531 | ---- | M] () - C:\install.php [08/18/2008 03:08 AM | ---D | M] - C:\temp [08/20/2008 09:49 PM | -HSD | M] - C:\Config.Msi [08/23/2008 05:54 PM | 00,000,279 | RHS- | M] () - C:\boot.ini [08/23/2008 05:54 PM | ---D | M] - C:\cmdcons [08/23/2008 05:55 PM | ---D | M] - C:\qoobox [08/23/2008 06:01 PM | ---D | M] - C:\ComboFix [08/24/2008 05:07 PM | ---D | M] - C:\ArmA_GoldEdition_Install [08/24/2008 05:27 PM | -HSD | M] - C:\RECYCLER [08/24/2008 07:50 PM | -HSD | M] - C:\System Volume Information [08/27/2008 04:18 PM | RH-D | M] - C:\$VAULT$.AVG [08/27/2008 04:38 PM | ---D | M] - C:\Program Files [08/27/2008 09:36 PM | 32,191,77472 | -HS- | M] () - C:\hiberfil.sys [08/27/2008 09:38 PM | ---D | M] - C:\WINDOWS [08/20/2008 03:02 AM | 00,000,027 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts.20080827-163252.backup [08/27/2008 04:32 PM | 00,250,510 | R--- | M] () - C:\WINDOWS\System32\drivers\etc\hosts [08/13/2008 05:47 PM | 00,136,888 | ---- | M] () - C:\WINDOWS\System32\drivers\PnkBstrK.sys [08/27/2008 04:32 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc [16 C:\WINDOWS\System32\*.tmp files] [08/13/2008 05:46 PM | 00,111,928 | ---- | M] () - C:\WINDOWS\System32\PnkBstrB.exe [08/22/2008 08:42 PM | ---D | M] - C:\WINDOWS\System32\FxsTmp [08/24/2008 05:26 PM | 00,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll [08/24/2008 05:26 PM | 00,413,696 | ---- | M] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll [08/24/2008 05:26 PM | ---D | M] - C:\WINDOWS\System32\DirectX [08/24/2008 07:38 PM | -HSD | M] - C:\WINDOWS\System32\sysproc64 [08/24/2008 07:50 PM | 00,625,208 | ---- | M] () - C:\WINDOWS\System32\phcp36j0er8v.bmp [08/24/2008 07:50 PM | ---D | M] - C:\WINDOWS\System32\Restore [08/25/2008 12:40 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2 [08/25/2008 12:40 AM | ---D | M] - C:\WINDOWS\System32\dllcache [08/27/2008 02:06 PM | 00,063,016 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [08/27/2008 02:06 PM | 00,402,406 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [08/27/2008 02:06 PM | 00,473,400 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [08/27/2008 04:24 PM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settings.sfm
|
|
#7
August 28th, 2008, 02:57 AM
|
|||
|
|||
|
[08/27/2008 04:24 PM | 00,001,080 | ---- | M] () - C:\WINDOWS\System32\settingsbkup.sfm
[08/27/2008 04:24 PM | 00,055,700 | ---- | M] () - C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx [08/27/2008 04:24 PM | 00,055,700 | ---- | M] () - C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx [08/27/2008 04:24 PM | 00,064,980 | ---- | M] () - C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx [08/27/2008 09:36 PM | ---D | M] - C:\WINDOWS\System32\drivers [08/27/2008 09:37 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [08/27/2008 09:38 PM | 00,087,724 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml [1 C:\WINDOWS\*.tmp files] [08/15/2008 11:30 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files [08/16/2008 11:04 PM | ---D | M] - C:\WINDOWS\WinSxS [08/20/2008 02:59 AM | ---D | M] - C:\WINDOWS\erdnt [08/20/2008 10:27 AM | -HSD | M] - C:\WINDOWS\Installer [08/22/2008 06:38 PM | ---D | M] - C:\WINDOWS\Help [08/23/2008 05:56 PM | ---D | M] - C:\WINDOWS\AppPatch [08/23/2008 05:57 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini [08/24/2008 05:22 PM | -H-D | M] - C:\WINDOWS\inf [08/24/2008 05:22 PM | R-SD | M] - C:\WINDOWS\assembly [08/27/2008 04:38 PM | --SD | M] - C:\WINDOWS\Tasks [08/27/2008 09:36 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/27/2008 09:36 PM | ---D | M] - C:\WINDOWS\Registration [08/27/2008 09:36 PM | -HSD | M] - C:\WINDOWS\CSC [08/27/2008 09:38 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn [08/27/2008 09:38 PM | ---D | M] - C:\WINDOWS\system32 [08/27/2008 09:38 PM | ---D | M] - C:\WINDOWS\temp [08/27/2008 09:42 PM | ---D | M] - C:\WINDOWS\Prefetch [08/27/2008 04:23 PM | 00,000,258 | ---- | M] () - C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [08/27/2008 04:38 PM | 00,000,580 | ---- | M] () - C:\WINDOWS\tasks\Free Registry Fix.job [08/27/2008 09:36 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [08/20/2008 03:25 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [08/20/2008 10:26 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe [08/27/2008 09:38 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP @Alternate Data Stream - 125 bytes -> %AllUsersProfile%\Application Data\TEMP:27AAAD97 @Alternate Data Stream - 100 bytes -> %AllUsersProfile%\Application Data\TEMP:5D10517E @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP  FC5A2B2[08/06/2008 02:01 PM | ---D | M] - C:\Documents and Settings\weedman\Application Data\teamspeak2 [08/15/2008 02:28 AM | ---D | M] - C:\Documents and Settings\weedman\Application Data\OpenOffice.org2 [08/16/2008 11:10 PM | ---D | M] - C:\Documents and Settings\weedman\Application Data\Adobe [08/20/2008 03:03 AM | ---D | M] - C:\Documents and Settings\weedman\Application Data\AdobeUM [08/20/2008 03:25 AM | ---D | M] - C:\Documents and Settings\weedman\Application Data\SUPERAntiSpyware.com [08/23/2008 02:25 AM | ---D | M] - C:\Documents and Settings\weedman\Application Data\FileZilla [08/27/2008 01:59 PM | ---D | M] - C:\Documents and Settings\weedman\Application Data\PC Tools [08/27/2008 04:08 PM | ---D | M] - C:\Documents and Settings\weedman\Application Data\AVG7 [08/27/2008 05:30 PM | ---D | M] - C:\Documents and Settings\weedman\Application Data\DNA [08/09/2008 11:07 PM | ---D | M] - C:\Documents and Settings\weedman\Local Settings\Application Data\ApplicationHistory [08/20/2008 10:27 AM | ---D | M] - C:\Documents and Settings\weedman\Local Settings\Application Data\NOS [08/24/2008 03:54 AM | 02,647,596 | -H-- | M] () - C:\Documents and Settings\weedman\Local Settings\Application Data\IconCache.db [08/24/2008 04:49 PM | 00,212,992 | ---- | M] () - C:\Documents and Settings\weedman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [08/24/2008 05:27 PM | ---D | M] - C:\Documents and Settings\weedman\Local Settings\Application Data\ArmA [08/27/2008 04:38 PM | ---D | M] - C:\Documents and Settings\weedman\Local Settings\Application Data\Promosoft Corporation [08/16/2008 10:56 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\666 [08/03/2008 10:42 PM | 00,000,000 | -H-- | M] () - C:\Documents and Settings\weedman\My Documents\Default.rdp [08/15/2008 02:23 AM | 00,001,383 | ---- | M] () - C:\Documents and Settings\weedman\My Documents\New Database.odb [08/16/2008 10:56 PM | ---D | M] - C:\Documents and Settings\weedman\My Documents\Downloaded Installations [08/17/2008 10:27 AM | 00,000,046 | ---- | M] () - C:\Documents and Settings\weedman\My Documents\Untitled.wav [08/18/2008 01:14 PM | ---D | M] - C:\Documents and Settings\weedman\My Documents\Unnamed Site 2 [08/19/2008 01:20 PM | R--D | M] - C:\Documents and Settings\weedman\My Documents\My Pictures [08/23/2008 09:28 PM | 00,000,558 | ---- | M] () - C:\Documents and Settings\weedman\My Documents\My Sharing Folders.lnk [08/24/2008 05:32 PM | ---D | M] - C:\Documents and Settings\weedman\My Documents\ArmA [08/10/2008 11:37 AM | 00,000,793 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk [08/15/2008 12:52 AM | 00,002,225 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk [08/17/2008 01:37 AM | 00,000,872 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Navicat for MySQL.lnk [08/20/2008 03:25 AM | 00,000,780 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [08/27/2008 01:59 PM | 00,001,637 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [08/27/2008 04:38 PM | 00,001,005 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk [08/27/2008 04:38 PM | 00,001,708 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk [08/04/2008 08:57 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\facebook [08/06/2008 10:01 PM | 00,223,757 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\Shells.JPG [08/06/2008 12:25 PM | 00,000,801 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\New Text Document.html [08/08/2008 12:18 AM | 00,120,639 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\tibet_2008.png [08/09/2008 11:19 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\Cache [08/10/2008 07:46 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\xxx [08/11/2008 05:07 PM | 29,633,0688 | ---- | M] (Activision ) - C:\Documents and Settings\weedman\Desktop\CoD4MW-1.6-PatchSetup.exe [08/15/2008 01:12 PM | 00,000,204 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\New Text Document (2).html [08/15/2008 11:00 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\oscommerce [08/15/2008 11:27 PM | 00,686,630 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\dss.exe [08/16/2008 10:31 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\cybertechhelp [08/16/2008 10:32 PM | 00,001,740 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\HijackThis.lnk [08/16/2008 10:56 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\dw [08/16/2008 11:09 PM | 00,000,877 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\Shortcut to Dreamweaver2.exe.lnk [08/17/2008 01:07 AM | ---D | M] - C:\Documents and Settings\weedman\Desktop\phpTGPgalery [08/17/2008 01:37 AM | 09,961,043 | ---- | M] (PremiumSoft CyberTech Ltd. ) - C:\Documents and Settings\weedman\Desktop\navicat8_mysql_en.exe [08/17/2008 11:35 AM | ---D | M] - C:\Documents and Settings\weedman\Desktop\XXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXX [08/17/2008 12:01 AM | 05,821,078 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\XXX_v1_0_3.zip [08/18/2008 01:53 AM | 10,017,168 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\gallery-2.2.5-typical.zip [08/18/2008 02:23 AM | 00,119,259 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\ftgps11.zip [08/18/2008 03:18 PM | 00,002,420 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\Anal.html [08/18/2008 12:55 AM | 02,052,100 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\04.mpg [08/19/2008 01:20 PM | 00,005,402 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\webcam.JPG [08/19/2008 12:16 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\Temp silent runer [08/20/2008 03:21 AM | 06,467,096 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\SUPERAntiSpyware.exe [08/22/2008 08:44 PM | 04,502,733 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\privatepornmovies.com-2008-aug21-01.wmv [08/22/2008 10:35 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\TUMBBBBBBBBB [08/23/2008 05:52 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\combo fix [08/24/2008 05:22 PM | 00,000,738 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\ArmA.lnk [08/24/2008 05:24 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\ArmA Gold Setup [08/25/2008 12:47 AM | ---D | M] - C:\Documents and Settings\weedman\Desktop\Unused Desktop Shortcuts [08/27/2008 01:46 PM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\weedman\Desktop\ATF-Cleaner.exe [08/27/2008 01:46 PM | 13,559,336 | ---- | M] (PC Tools ) - C:\Documents and Settings\weedman\Desktop\sdsetup.exe [08/27/2008 02:10 PM | ---D | M] - C:\Documents and Settings\weedman\Desktop\Prefetch [08/27/2008 03:56 PM | 06,330,730 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\u7avi1362v0.bin [08/27/2008 03:57 PM | 00,876,306 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\x8all56vx.bin [08/27/2008 04:05 PM | 26,793,601 | ---- | M] () - C:\Documents and Settings\weedman\Desktop\u7iavi1637g5.bin [08/27/2008 04:37 PM | 02,528,320 | ---- | M] (Promosoft Corporation) - C:\Documents and Settings\weedman\Desktop\frfwebsite.exe [08/27/2008 09:10 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\weedman\Desktop\OTViewIt.exe [08/20/2008 10:26 AM | 00,001,757 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [08/16/2008 10:59 PM | ---D | M] - C:\Program Files\Common Files\Macrovision Shared [08/20/2008 03:24 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard [08/20/2008 10:26 AM | ---D | M] - C:\Program Files\Common Files\Adobe < End of report >
|
|
#8
August 28th, 2008, 03:24 AM
|
||||
|
||||
|
Other than a some possible rootkit activity there, and some obvious rogue software files, something looks to have dumped some garbage porn named files on your desktop. Are these visible on the desktop to just manually delete? Either way we will scan/repair out a good bit of that now.
First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot. If you have any difficulties accomplishing those then please go ahead and uninstall SpyBot - TeaTimer has been causing too many problems in repairs to make it worth any extra effort while we do them. You can always reinstall it after if you choose to. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Then you will want to print or have other access to a copy of the next steps, as some will be done without net access or in Safe Mode. Download SDFix.exe and save it to your desktop. Then disconnect from net access. If cable/dsl physically disconnect the modem cable, if dial-up disconnect the phone line. This will keep infection from reinstalling right now. ================================================== = Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder (C:\SDFix). Navigate to that folder and double click RunThis.bat to start the script. Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Then open the C:\SDFix folder and copy and paste the contents of the results file Report.txt back here. ============================= After the reboot reconnect to net access and Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ============================ Then run a new OTViewIt scan, and post that log along with the Malwarebytes log and the SDFix report.txt log please.
|
|
#9
August 28th, 2008, 03:56 PM
|
|||
|
|||
|
how embarasing the porn named folder on my desktop are there because i'm webmaster for a local adult shop and i save the file i'm working on there.
anyway afther both scan thing are runing alot more smoothly i can now change backgroud and i have accect too internet now thing seem the be fix but it still slow at startup here are the report SDFix: Version 1.219 Run by weedman on Thu 08/28/2008 at 12:00 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\phcp36j0er8v.bmp - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssadw.dll - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Folder C:\Documents and Settings\weedman\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w .redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 00:18:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:f0,a6,dc,97,0b,83,a2,36,47,55,0d,22,ab ,68,6f,4b,45,87,1b,3b,e7,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001] "a0"=hex:20,01,00,00,3b,42,ff,e1,b0,81,48,af,77,cb ,d9,1b,5d,4b,90,a3,6d,.. "khjeh"=hex:3c,4b,ea,73,60,5c,a3,ee,75,f5,0b,5e,5d ,8c,a3,76,9d,85,1b,4c,c5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40] "khjeh"=hex:75,46,9d,74,5e,d9,f1,5e,1c,b0,e3,46,72 ,fe,63,06,a0,d8,3f,7d,29,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tdssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\t dssserv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:f0,a6,dc,97,0b,83,a2,36,47,55,0d,22,ab ,68,6f,4b,45,87,1b,3b,e7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,3b,42,ff,e1,b0,81,48,af,77,cb ,d9,1b,5d,4b,90,a3,6d,.. "khjeh"=hex:3c,4b,ea,73,60,5c,a3,ee,75,f5,0b,5e,5d ,8c,a3,76,9d,85,1b,4c,c5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40] "khjeh"=hex:75,46,9d,74,5e,d9,f1,5e,1c,b0,e3,46,72 ,fe,63,06,a0,d8,3f,7d,29,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\t dssserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\t dssserv.sys" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:BF2" "C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"="C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe:*:Enabled:Microsoft Flight Simulatorr" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r" "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizz ard Downloader" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\client.exe"="C:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\client.exe:*:Enabled:client" "C:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\uotd.exe"="C:\\Program Files\\EA GAMES\\Ultima Online Mondain's Legacy\\uotd.exe:*:Enabled:uotdd" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" "C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe:*:Enabled:PlayOnline Viewer" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled NA""C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III" "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager" "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe" "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe" "C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "C:\\Program Files\\Atari\\ArmA\\arma.exe"="C:\\Program Files\\Atari\\ArmA\\arma.exe:*:Enabled:ArmA" "C:\\Program Files\\Atari\\ArmA\\arma_server.exe"="C:\\Program Files\\Atari\\ArmA\\arma_server.exe:*:Enabled:ArmA _Server" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe" "C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Thu 11 Oct 2007 88 ..SHR --- "C:\WINDOWS\system32\EE5976B63F.sys" Wed 13 Feb 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 19 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 10 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp" Mon 9 Oct 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Mon 9 Oct 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Mon 9 Oct 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp" Mon 9 Oct 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp" Mon 9 Oct 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp" Tue 26 Feb 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp" Finished!
|
|
#10
August 28th, 2008, 03:58 PM
|
|||
|
|||
|
Malwarebytes' Anti-Malware 1.25
Database version: 1090 Windows 5.1.2600 Service Pack 2 5:16:38 AM 8/28/2008 mbam-log-08-28-2008 (05-16-38).txt Scan type: Full Scan (C:\|) Objects scanned: 359128 Time elapsed: 2 hour(s), 20 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Deckard\System Scanner\backup\DOCUME~1\weedman\LOCALS~1\Temp\1rb9 g82h.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Deckard\System Scanner\backup\DOCUME~1\weedman\LOCALS~1\Temp\8jo0 1wf7.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Deckard\System Scanner\backup\DOCUME~1\weedman\LOCALS~1\Temp\uylh zmcz.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0\A0000007.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0\A0000010.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0\A0000011.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssserf.dll (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\temp\tdssbae5.tmp (Trojan.Virantix) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
#11
August 28th, 2008, 08:21 PM
|
||||
|
||||
|
Very difficult rootkit package there, but these scans are updated for it. One item to check before going into the next repairs, though much improved there.
Code:
sc qc tdssserv > c:\locate.txt & start notepad c:\locate.txt Where it says "Files of Type", select All Files and click on Save and save it to your desktop. Exit Notepad, Then Click on servfind.bat and allow it to run. A text box will open - please copy/paste the contents back here.
|
|
#13
August 29th, 2008, 06:50 PM
|
||||
|
||||
|
Good - verifies for now that the service is removed. An additional change step, but I will need a new OTViewIt log to work from for our next repair steps now.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download SWReg from here (bottom of page) to your C drive folder, so it will then be C:\swreg.exe. Code:
SWReg ACL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows /GE:F > result.txt SWReg DELETE HKLM\SYSTEM\CurrentControlSet\Services\tdssserv >> result.txt SWReg DELETE HKLM\SYSTEM\ControlSet003\Services\tdssserv >> result.txt notepad result.txt Copy/paste the above text into the open text box, then save this to your desktop as "newcacls.bat" Be sure to include the "" quotes in the name. Then click on newcacls.bat. When the scan completes a textbox will open - copy/paste those contents back here please. Post that along with a new OTViewIt log please.
|
|
#14
August 30th, 2008, 04:21 AM
|
|||
|
|||
|
thx
Registrykey: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows " Granting Registry rights (F access for This Key) for "Everyone" Error: Key: system\currentcontrolset\services\tdssserv does not exist! Error: Key: system\controlset003\services\tdssserv does not exist! ///// OTViewIt logfile created on: 8/29/2008 11:20:18 PM - Run 5 OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\weedman\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.13 Gb Total Space | 71.70 Gb Free Space | 31.43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 15.05 Gb Total Space | 8.99 Gb Free Space | 59.73% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ERIC Current User Name: weedman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user ===== Processes - Non-Microsoft Only ===== [05/30/2007 08:31 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [10/23/2007 09:38 AM | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe [04/27/2007 12:50 AM | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe [12/22/2007 10:21 AM | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgemc.exe [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe [12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE [07/06/2006 08:14 AM | 00,090,112 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [10/22/2006 01:22 PM | 00,159,810 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe [06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe [06/01/2006 05:25 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe [11/08/2005 01:30 PM | 00,016,384 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\CTHELPER.EXE [03/02/2006 05:00 AM | 00,018,944 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTXFIHLP.EXE [09/25/2007 01:11 AM | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [07/06/2006 08:15 AM | 00,151,552 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [10/05/2005 04:12 AM | 00,094,208 | ---- | M] () - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [03/02/2006 04:53 AM | 00,717,312 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTXFISPI.EXE [06/18/2003 02:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe [10/14/2005 12:01 PM | 00,122,880 | ---- | M] (Creative Technology Ltd) - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [11/04/2005 07:07 PM | 00,049,152 | ---- | M] (Creative Technology Ltd.) - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [06/10/2005 11:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [09/08/2005 06:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [07/07/2007 09:48 PM | 00,282,624 | ---- | M] (Apple Inc.) - C:\Program Files\QuickTime\qttask.exe [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [02/04/2008 12:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [07/16/2006 10:29 PM | 00,389,120 | ---- | M] (Gteko Ltd.) - C:\Program Files\Dell Support\DSAgnt.exe [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe [04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe [06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [07/17/2008 10:48 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe [08/27/2008 09:10 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\weedman\Desktop\OTViewIt.exe ===== Win32 Services - Non-Microsoft Only ===== (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Auto | Running] [05/30/2007 08:31 AM | 00,312,880 | ---- | M] (GRISOFT s.r.o.) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Avg7Alrt) AVG7 Alert Manager Server [Auto | Running] [10/23/2007 09:38 AM | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (Avg7UpdSvc) AVG7 Update Service [Auto | Running] [04/27/2007 12:50 AM | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (AVGEMS) AVG E-mail Scanner [Auto | Running] [12/22/2007 10:21 AM | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) - C:\Program Files\Grisoft\AVG Free\avgemc.exe (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # [Auto | Running] [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe (Creative Service for CDROM Access) Creative Service for CDROM Access [Auto | Running] [12/13/1999 02:01 AM | 00,044,032 | ---- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\CTSVCCDA.EXE (dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] [08/10/2004 06:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (ELService) Intel(R) Quick Resume technology [Auto | Running] [06/01/2006 05:25 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] [08/16/2008 10:59 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] [07/06/2006 08:14 AM | 00,090,112 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] [04/04/2005 12:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (iPod Service) iPod Service [On_Demand | Running] [06/28/2007 09:14 AM | 00,501,048 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (NVSvc) NVIDIA Display Driver Service [Auto | Running] [10/22/2006 01:22 PM | 00,159,810 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (PnkBstrA) PnkBstrA [Auto | Running] [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe (ProtexisLicensing) ProtexisLicensing [Auto | Running] [06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] [08/02/2005 05:18 PM | 00,086,016 | ---- | M] (CACE Technologies) - C:\Program Files\WinPcap\rpcapd.exe (sdAuxService) PC Tools Auxiliary Service [On_Demand | Stopped] [06/13/2008 03:29 PM | 00,356,920 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe (sdCoreService) PC Tools Security Service [On_Demand | Stopped] [08/07/2008 12:12 PM | 01,073,544 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe ===== Driver Services - Non-Microsoft Only ===== (AliIde) AliIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys (amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped] [08/04/2004 12:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS (asc) asc [Disabled | Stopped] [08/17/2001 02:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys (asc3550) asc3550 [Disabled | Stopped] [08/17/2001 02:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [System | Running] [05/30/2007 08:10 AM | 00,011,000 | ---- | M] () - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (Avg7Core) AVG7 Kernel [System | Running] [10/23/2007 09:38 AM | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7core.sys (Avg7RsW) AVG7 Wrap Driver [System | Running] [04/27/2007 12:50 AM | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7rsw.sys (Avg7RsXP) AVG7 Resident Driver XP [System | Running] [04/27/2007 12:51 AM | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avg7rsxp.sys (AvgAsCln) AVG Anti-Spyware Clean Driver [System | Running] [05/30/2007 08:10 AM | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\AvgAsCln.sys (AvgClean) AVG7 Clean Driver [System | Running] [12/22/2007 10:21 AM | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avgclean.sys (AvgTdi) AVG Network Redirector [Auto | Running] [04/27/2007 12:50 AM | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) - C:\WINDOWS\system32\drivers\avgtdi.sys (catchme) catchme [On_Demand | Stopped] File not found - C:\DOCUME~1\weedman\LOCALS~1\Temp\catchme.sys (CmdIde) CmdIde [Disabled | Stopped] [08/17/2001 02:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys (ctac32k) Creative AC3 Software Decoder [On_Demand | Running] [11/08/2005 01:14 PM | 00,502,272 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctac32k.sys (ctaud2k) Creative Audio Driver (WDM) [On_Demand | Running] [11/08/2005 01:15 PM | 00,439,680 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctaud2k.sys (ctdvda2k) Creative DVD-Audio Device Driver [On_Demand | Stopped] [07/13/2005 10:18 AM | 00,340,704 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctdvda2k.sys (ctprxy2k) Creative Proxy Driver [On_Demand | Running] [11/08/2005 01:15 PM | 00,007,168 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctprxy2k.sys (ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,143,360 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ctsfm2k.sys (dac2w2k) dac2w2k [Disabled | Stopped] [08/17/2001 02:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys (DLABOIOM) DLABOIOM [Auto | Running] [09/08/2005 06:20 AM | 00,025,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS (DLACDBHM) DLACDBHM [System | Running] [08/25/2005 01:16 PM | 00,005,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS (DLADResN) DLADResN [Auto | Running] [09/08/2005 06:20 AM | 00,002,496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS (DLAIFS_M) DLAIFS_M [Auto | Running] [09/08/2005 06:20 AM | 00,086,524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (DLAOPIOM) DLAOPIOM [Auto | Running] [09/08/2005 06:20 AM | 00,014,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (DLAPoolM) DLAPoolM [Auto | Running] [09/08/2005 06:20 AM | 00,006,364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS (DLARTL_N) DLARTL_N [System | Running] [08/25/2005 01:16 PM | 00,022,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS (DLAUDFAM) DLAUDFAM [Auto | Running] [09/08/2005 06:20 AM | 00,094,332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (DLAUDF_M) DLAUDF_M [Auto | Running] [09/08/2005 06:20 AM | 00,087,036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (dmboot) dmboot [Disabled | Stopped] [08/10/2004 06:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmio) Logical Disk Manager Driver [Boot | Running] [08/10/2004 06:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmload) dmload [Boot | Running] [08/10/2004 06:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (DRVMCDB) DRVMCDB [Boot | Running] [09/12/2005 04:30 AM | 00,089,264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS (DRVNDDM) DRVNDDM [Auto | Running] [08/12/2005 06:20 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS (DSproct) DSproct [On_Demand | Stopped] [01/10/2006 01:07 PM | 00,004,864 | ---- | M] (GTek Technologies Ltd.) - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (E100B) Intel(R) PRO Adapter Driver [On_Demand | Stopped] [08/17/2001 01:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [On_Demand | Running] [06/05/2006 02:49 PM | 00,230,400 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e1e5132.sys (EagleNT) EagleNT [On_Demand | Stopped] File not found - C:\WINDOWS\system32\drivers\EagleNT.sys (ELacpi) ELacpi [On_Demand | Running] [05/09/2006 04:36 PM | 00,009,728 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ELacpi.sys (ELhid) EL hid Service [System | Running] [05/09/2006 04:36 PM | 00,010,112 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elhid.sys (ELkbd) EL KB Service [System | Running] [05/09/2006 04:36 PM | 00,006,912 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elkbd.sys (ELmon) EL Monitor Service [System | Running] [05/09/2006 04:36 PM | 00,007,040 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elmon.sys (ELmou) EL Mouse Service [System | Running] [05/09/2006 04:36 PM | 00,006,400 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Elmou.sys (emupia) E-mu Plug-in Architecture Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,077,824 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\emupia2k.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [09/19/2006 02:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (ha20x2k) Creative 20X HAL Driver [On_Demand | Running] [02/15/2006 07:40 AM | 01,096,192 | R--- | M] (Creative Technology Ltd) - C:\WINDOWS\system32\drivers\ha20x2k.sys (hamachi) Hamachi Network Interface [On_Demand | Stopped] [04/12/2007 09:38 PM | 00,026,056 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\hamachi.sys (HSFHWBS2) HSFHWBS2 [On_Demand | Running] [11/17/2003 10:59 PM | 00,212,224 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWBS2.sys (HSF_DP) HSF_DP [On_Demand | Running] [11/17/2003 10:56 PM | 01,042,432 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys (iastor) Intel RAID Controller [Boot | Running] [07/06/2006 07:59 AM | 00,246,784 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iaStor.sys (IKFileSec) File Security Driver [On_Demand | Running] [06/02/2008 03:19 PM | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys (IKSysFlt) System Filter Driver [On_Demand | Running] [06/02/2008 03:19 PM | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys (IKSysSec) System Security Driver [On_Demand | Running] [06/10/2008 09:22 PM | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [On_Demand | Running] [04/11/2007 03:32 PM | 00,034,832 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFilt.Sys (LHidKe) Logitech SetPoint HID Mouse Filter Driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,025,600 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidKE.Sys (LHidUsbK) Logitech SetPoint USB Receiver device driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,036,480 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidUsbK.sys (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [On_Demand | Running] [04/11/2007 03:32 PM | 00,036,112 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFilt.Sys (LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Stopped] [05/20/2005 03:01 PM | 00,068,352 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys (mdmxsdk) mdmxsdk [Auto | Running] [04/09/2003 07:48 PM | 00,011,043 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys (mraid35x) mraid35x [Disabled | Stopped] [08/17/2001 02:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys
|
|
#15
August 30th, 2008, 04:21 AM
|
|||
|
|||
|
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped]
[11/22/2004 06:36 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys (MrFilter) EasyWrite Driver [Boot | Running] [10/03/2002 09:57 PM | 00,012,064 | ---- | M] (Roxio) - C:\WINDOWS\System32\drivers\MRFilter.sys (NAL) Nal Service [On_Demand | Stopped] [06/05/2006 04:39 AM | 00,024,064 | ---- | M] (Intel Corporation ) - C:\WINDOWS\system32\drivers\iqvw32.sys (nv) nv [On_Demand | Running] [10/22/2006 01:22 PM | 03,994,624 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (ossrv) Creative OS Services Driver [On_Demand | Running] [11/08/2005 01:14 PM | 00,114,688 | R--- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctoss2k.sys (pcouffin) VSO Software pcouffin [On_Demand | Running] [11/02/2007 11:56 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\pcouffin.sys (Ptilink) Direct Parallel Link Driver [On_Demand | Running] [08/10/2004 06:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (PxHelp20) PxHelp20 [Boot | Running] [01/31/2008 06:11 PM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys (ql1080) ql1080 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys (ql12160) ql12160 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys (ql1280) ql1280 [Disabled | Stopped] [08/17/2001 02:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys (SASDIFSV) SASDIFSV [System | Running] [05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SASENUM) SASENUM [On_Demand | Running] [05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASKUTIL) SASKUTIL [System | Running] [05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (Secdrv) Secdrv [Auto | Running] [11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running] [04/04/2005 06:43 AM | 00,048,640 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfdrv01.sys (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running] [02/23/2005 11:59 AM | 00,006,656 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfhlp02.sys (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Boot | Running] [04/14/2005 08:12 AM | 00,019,968 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfsync02.sys (sisagp) SIS AGP Bus Filter [Disabled | Stopped] [08/04/2004 12:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS (Sparrow) Sparrow [Disabled | Stopped] [08/17/2001 03:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys (sptd) sptd [Boot | Running] [01/13/2008 06:35 PM | 00,715,248 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys (symc810) symc810 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys (symc8xx) symc8xx [Disabled | Stopped] [08/17/2001 03:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys (sym_hi) sym_hi [Disabled | Stopped] [08/17/2001 03:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys (sym_u3) sym_u3 [Disabled | Stopped] [08/17/2001 03:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys (ultra) ultra [Disabled | Stopped] [08/17/2001 02:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys (winachsf) winachsf [On_Demand | Running] [11/17/2003 10:58 PM | 00,680,704 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (WmBEnum) Logitech Virtual Bus Enumerator Driver [On_Demand | Running] [04/12/2005 07:21 PM | 00,010,144 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmBEnum.sys (WmFilter) Logitech Gaming HID Filter Driver [On_Demand | Stopped] [04/12/2005 07:21 PM | 00,022,240 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmFilter.sys (WmVirHid) Logitech Virtual Hid Device Driver [On_Demand | Stopped] [04/12/2005 07:21 PM | 00,005,600 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmVirHid.sys (WmXlCore) Logitech WingMan Translation Layer Driver [On_Demand | Running] [04/12/2005 07:21 PM | 00,045,504 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmXlCore.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "!AVG Anti-Spyware" = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [06/11/2007 05:25 AM | 06,731,312 | ---- | M] (GRISOFT s.r.o.) "AudioDrvEmulator" = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" [11/04/2005 07:07 PM | 00,049,152 | ---- | M] (Creative Technology Ltd.) "AVG7_CC" = C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP [04/18/2008 09:21 AM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.) "CTDVDDET" = "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM | 00,045,056 | ---- | M] (Creative Technology Ltd) "CTHelper" = CTHELPER.EXE [11/08/2005 01:30 PM | 00,016,384 | ---- | M] (Creative Technology Ltd) "CTxfiHlp" = CTXFIHLP.EXE [03/02/2006 05:00 AM | 00,018,944 | ---- | M] (Creative Technology Ltd) "DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 06:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) "DMXLauncher" = C:\Program Files\Dell\Media Experience\DMXLauncher.exe [10/05/2005 04:12 AM | 00,094,208 | ---- | M] () "IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [07/06/2006 08:15 AM | 00,151,552 | ---- | M] (Intel Corporation) "ISUSPM Startup" = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [06/10/2005 11:44 AM | 00,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/10/2005 11:44 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM | 00,270,648 | ---- | M] (Apple Inc.) "Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) "Logitech Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) "MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/22/2006 01:22 PM | 07,700,480 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [10/22/2006 01:22 PM | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" = nwiz.exe /install [10/22/2006 01:22 PM | 01,622,016 | ---- | M] () "QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [07/07/2007 09:48 PM | 00,282,624 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) "TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [02/04/2008 12:41 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) "UpdReg" = C:\WINDOWS\UpdReg.EXE [05/11/2000 02:00 AM | 00,090,112 | ---- | M] (Creative Technology Ltd.) "VolPanel" = "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r [10/14/2005 12:01 PM | 00,122,880 | ---- | M] (Creative Technology Ltd) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Key does not exist or could not be opened. "run" = Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) "DellSupport" = "C:\Program Files\Dell Support\DSAgnt.exe" /startup [07/16/2006 10:29 PM | 00,389,120 | ---- | M] (Gteko Ltd.) "SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01/28/2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [05/28/2008 10:33 AM | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe [weedman Startup Folder - C:\Documents and Settings\weedman\Start Menu\Programs\Startup] ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] HKLM CLSID: () - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] HKLM CLSID: (DriveLetterAccess) - [09/08/2005 06:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [09/25/2007 01:11 AM | 00,501,136 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" HKLM CLSID: (&Crawler Toolbar) - [11/16/2007 08:59 AM | 01,134,592 | ---- | M] (Crawler.com) C:\Program Files\Crawler\ctbr.dll "{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{855F3B16-6D32-4FE6-8A56-BBB695989046}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer] "NoDriveAutoRun" = 67108863 "NoDriveTypeAutoRun" = 255 "NoCDBurning" = 0 "NoDrives" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 "InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found "InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 "NoDrives" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System] "HideLegacyLogonScripts" = 0 "HideLogoffScripts" = 0 "RunLogonScriptSync" = 1 "RunStartupScriptSync" = 0 "HideStartupScripts" = 0 "DisableRegistryTools" = 0 ===== Desktop Components ===== ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe [08/22/2008 07:17 AM | 01,093,632 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe [08/21/2008 10:55 AM | 01,055,232 | ---- | M] (Nexon) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe [09/26/2006 06:53 PM | 07,574,463 | ---- | M] () "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe" = C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [05/11/2007 01:05 AM | 02,737,560 | ---- | M] (Microsoft Corp.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [02/28/2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe [08/10/2008 11:25 AM | 00,766,212 | ---- | M] (Blizzard Entertainment) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe [11/12/2007 06:32 PM | 00,066,872 | ---- | M] () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe [08/13/2008 05:46 PM | 00,111,928 | ---- | M] () "C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe" = C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe [07/25/2005 11:25 PM | 02,019,328 | ---- | M] () "C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\uotd.exe" = C:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\uotd.exe [07/25/2005 11:29 PM | 01,953,792 | ---- | M] ( ) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.e xe [12/25/2007 02:10 PM | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe [03/10/2005 02:00 PM | 01,286,144 | ---- | M] () "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [06/21/2008 10:58 AM | 00,289,088 | ---- | M] (BitTorrent, Inc.) "C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE" = C:\Program Files\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE [02/16/2006 03:14 AM | 05,033,984 | R--- | M] (Team 17 Ltd) "C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe [02/01/2008 01:34 AM | 06,606,112 | ---- | M] (SmartSoft Ltd.) "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe [02/28/2008 02:57 PM | 00,274,432 | ---- | M] (Blizzard Entertainment) "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe [04/01/2008 06:40 AM | 00,172,280 | ---- | M] (ICQ, Inc.) "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe [06/26/2008 08:01 PM | 00,471,040 | ---- | M] (Blizzard Entertainment) "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [07/11/2008 05:17 PM | 00,159,744 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe [08/22/2008 07:17 AM | 01,093,632 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe [08/21/2008 10:55 AM | 01,055,232 | ---- | M] (Nexon) "C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe [08/05/2008 04:37 AM | 01,458,912 | ---- | M] (Nexon Corp.) "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [06/20/2008 03:43 PM | 03,330,048 | ---- | M] () "C:\Program Files\Atari\ArmA\arma.exe" = C:\Program Files\Atari\ArmA\arma.exe [08/24/2008 05:26 PM | 06,373,376 | ---- | M] (Bohemia Interactive) "C:\Program Files\Atari\ArmA\arma_server.exe" = C:\Program Files\Atari\ArmA\arma_server.exe [08/24/2008 05:26 PM | 05,484,636 | ---- | M] (Bohemia Interactive) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [08/10/2004 06:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [08/10/2004 06:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [08/10/2004 06:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings =====
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 04:38 AM.
