View Full Version : HJT Help
chris1215
04-09-2007, 04:55 PM
So I've been having a problem.. obviously. From time to time, my computer will become really choppy, and any music or video playing will stop and start in between spikes, and when I bring up the task manager, there's no specific task that's taking up all of my CPU. It alternates, between aim6.exe, the task manager application, and any others that are open. I'm not sure what the hell is going on, so if anyone can help.. I'd appreciate it.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:50:13 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\RACLE~1\ntvdm.exe
C:\WINDOWS\?icrosoft.NET\??plorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TweakMASTER\TMTray.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: (no name) - {48EDFE32-3B84-6D02-A74C-6AE33FE8F2E1} - C:\WINDOWS\system32\mbnmh.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\TWEAKM~1\TMTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Aiuh] "C:\PROGRA~1\RACLE~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Dcvtc] C:\WINDOWS\?icrosoft.NET\??plorer.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - -e,te-110-12-0000213, (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
--
End of file - 4558 bytes
Budfred
04-09-2007, 06:59 PM
Welcome to http://www.pcguide.com/ubb/pcgubb.gif
It appears that you have a couple of infections... Please do this...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...
chris1215
04-09-2007, 07:27 PM
There's a lot, so should I put it in separate posts?
(Says around 30,000 characters and the limit per post is 10,000)
Budfred
04-09-2007, 08:26 PM
Yes, it is usually necessary to use several posts...
chris1215
04-09-2007, 09:09 PM
"Chris" - 07-04-09 19:21:34 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Chris\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{A4394~1\Update.exe
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\Common Files\{34394~1
C:\Program Files\Common Files\{A4394~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\RACLE~1\ntvdm.exe
C:\qoobox\purity\Program Files\RACLE~1\?racle
C:\qoobox\purity\WINDOWS\ICROSO~1.NET
C:\qoobox\purity\WINDOWS\ICROSO~1.NET\??plorer.exe
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Client IP-IPX
-------\mchInjDrv
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_MCHINJDRV
((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))
2007-04-09 10:04 <DIR> d-------- C:\Program Files\TweakMASTER
2007-04-09 10:04 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Hagel Technologies
2007-04-09 10:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hagel Technologies
2007-04-07 23:39 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-04-07 22:52 <DIR> d--hs---- C:\WINDOWS\Q2hyaXM
2007-04-07 22:16 60,928 --a------ C:\WINDOWS\system32\mbnmh.dll
2007-04-07 22:16 2 --a------ C:\WINDOWS\system32\wnsinti.exe
2007-04-04 06:38 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-04-03 18:20 <DIR> d-------- C:\Program Files\Foxit Software
2007-03-30 15:59 <DIR> d-------- C:\WINDOWS\Sun
2007-03-30 15:59 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Sun
2007-03-29 19:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-29 19:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-03-29 19:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-25 22:11 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Ventrilo
2007-03-25 22:10 <DIR> d-------- C:\Program Files\Ventrilo
2007-03-25 22:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-25 18:43 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Viewpoint
2007-03-25 01:04 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\acccore
2007-03-25 01:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-25 01:03 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-03-25 01:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-25 01:02 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-25 01:02 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-03-25 01:02 <DIR> d-------- C:\Program Files\AIM6
2007-03-25 01:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-03-24 01:01 <DIR> d---s---- C:\DOCUME~1\Chris\UserData
2007-03-23 17:57 <DIR> d-------- C:\DOCUME~1\Chris\Incomplete
2007-03-23 17:56 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\LimeWire
2007-03-23 17:53 <DIR> d-------- C:\Program Files\Java
2007-03-23 17:52 <DIR> d-------- C:\Program Files\LimeWire
2007-03-23 17:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-23 17:51 <DIR> d-------- C:\Program Files\Steam
2007-03-23 17:47 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\uTorrent
2007-03-23 17:44 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-03-23 17:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-03-23 17:44 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-03-23 17:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-23 17:44 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\PC Tools
2007-03-23 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-23 16:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-23 16:13 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\atitray
2007-03-23 15:45 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-23 15:45 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-23 15:45 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-23 15:45 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-23 15:45 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-23 15:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
chris1215
04-09-2007, 09:10 PM
2007-03-23 15:45 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-23 15:45 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-23 15:45 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-23 15:45 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-23 15:45 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-23 15:45 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-03-23 15:44 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-03-23 15:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-23 15:44 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-23 15:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 15:44 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-23 15:44 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Creative
2007-03-23 15:43 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-03-23 15:43 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-03-23 15:43 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-03-23 15:43 <DIR> d-------- C:\WINDOWS\system32\Data
2007-03-23 15:43 <DIR> d-------- C:\Program Files\Creative
2007-03-23 15:25 <DIR> d-------- C:\Program Files\iPod
2007-03-23 15:25 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Apple Computer
2007-03-23 15:24 <DIR> d-------- C:\Program Files\iTunes
2007-03-23 15:23 <DIR> d-------- C:\Program Files\QuickTime
2007-03-23 15:22 <DIR> d-------- C:\Program Files\Apple Software Update
2007-03-23 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-23 14:28 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-23 14:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-23 14:26 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-23 14:26 <DIR> d-------- C:\Program Files\MultiRes
2007-03-23 14:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-23 14:25 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.330 Uninstall.exe
2007-03-23 14:25 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2007-03-23 14:20 <DIR> d--hs---- C:\RECYCLER
2007-03-23 14:09 1,310,720 --ah----- C:\DOCUME~1\Chris\NTUSER.DAT
2007-03-23 14:07 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-23 14:05 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-23 14:05 225,280 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-23 14:05 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-23 14:00 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-23 14:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-23 14:00 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-23 13:59 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-23 13:59 0 -rahs---- C:\MSDOS.SYS
2007-03-23 13:59 0 -rahs---- C:\IO.SYS
2007-03-23 13:59 0 --a------ C:\CONFIG.SYS
2007-03-23 13:59 0 --a------ C:\AUTOEXEC.BAT
2007-03-23 13:57 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-23 13:57 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-23 13:57 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-23 13:56 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-23 13:56 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-23 13:55 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-23 13:55 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-23 13:55 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-23 13:55 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-23 13:55 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-23 13:55 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-23 13:55 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-23 13:55 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-23 13:55 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-23 13:55 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-23 13:55 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-23 13:55 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-23 13:55 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-23 13:55 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-23 13:55 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-23 13:55 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-23 13:55 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-23 13:55 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-23 13:55 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-03-23 13:55 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-23 13:55 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-23 13:55 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-23 13:55 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-23 13:55 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-23 13:55 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-23 13:55 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-23 13:55 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-23 13:55 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-23 13:55 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-23 13:55 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-23 13:55 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-23 13:55 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-23 13:55 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-23 13:55 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-23 13:55 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-23 13:55 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-23 13:55 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-23 13:55 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-23 13:55 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-23 13:55 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-23 13:55 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-23 13:55 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-23 13:55 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-23 13:55 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-23 13:55 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
chris1215
04-09-2007, 09:11 PM
2007-03-23 13:55 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-23 13:55 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-23 13:55 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-23 13:55 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-23 13:55 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-23 13:55 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-23 13:54 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-23 13:54 <DIR> d-------- C:\WINDOWS\Registration
2007-03-23 13:53 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-23 13:53 <DIR> d-------- C:\Program Files\Online Services
2007-03-23 13:53 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-23 13:53 <DIR> d-------- C:\Program Files\Messenger
2007-03-23 13:43 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-23 13:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-23 13:43 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-23 13:43 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-23 13:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-23 13:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-23 13:43 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-23 13:43 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-23 13:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-23 13:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-23 13:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-23 13:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-23 13:43 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-23 13:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-23 13:43 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-23 13:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-23 13:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-23 13:43 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-23 13:43 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-23 13:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-23 13:43 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-23 13:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-23 13:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-23 13:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-23 13:43 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-23 13:43 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-23 13:43 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-23 13:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-23 13:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-23 13:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-23 13:43 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-23 13:43 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-23 13:43 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-23 13:43 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-23 13:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-23 13:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-23 13:43 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-23 13:43 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-23 13:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-23 13:43 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-23 13:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-23 13:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-23 13:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-23 13:43 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-23 13:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-23 13:43 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-23 13:43 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-23 13:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-23 13:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-23 13:43 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-23 13:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-23 13:43 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-23 13:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-23 13:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-23 13:43 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-23 13:43 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-23 13:43 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-23 13:43 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-23 13:43 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-23 13:43 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-23 13:43 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-23 13:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-23 13:43 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-23 13:43 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-23 13:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-23 13:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-23 13:43 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-23 13:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-23 13:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-23 13:43 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-23 13:43 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-23 13:43 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-23 13:43 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-23 13:43 <DIR> d-------- C:\Program Files\Windows NT
2007-03-23 13:42 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-23 13:42 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-23 13:42 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-23 13:42 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-23 13:42 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-23 13:42 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-23 13:42 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-23 13:42 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-23 13:42 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-23 13:42 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-23 13:42 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-23 13:42 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-23 13:13 <DIR> d-------- C:\DOCUME~1\Chris\APPLIC~1\Aim
2007-03-23 13:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-23 13:12 <DIR> d-------- C:\Program Files\Viewpoint
2007-03-23 13:12 <DIR> d-------- C:\Program Files\AOD
2007-03-23 13:12 <DIR> d-------- C:\Program Files\AIM
2007-03-23 13:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-23 08:46 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-16 08:38 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-16 08:38 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-16 08:37 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-03-16 08:37 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-03-16 08:37 315,392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-16 08:37 263,168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-16 08:37 2,676,672 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-16 08:37 1,918,464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-16 08:37 1,289,472 --a------ C:\WINDOWS\system32\ativvaxx.dll
chris1215
04-09-2007, 09:11 PM
2007-03-16 08:36 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-16 08:36 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-03-16 08:36 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-03-16 08:34 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-16 08:34 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-16 08:34 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-16 08:34 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-16 08:34 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-16 08:34 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-16 08:34 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-16 08:34 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-16 08:34 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-16 08:34 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-16 08:34 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-16 08:34 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-16 08:34 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-16 08:34 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-16 08:34 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-16 08:34 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-16 08:34 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-16 08:34 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-16 08:34 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-16 08:34 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-16 08:34 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-16 08:34 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-16 08:34 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-16 08:34 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-16 08:34 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-16 08:34 <DIR> dr------- C:\Program Files
2007-03-16 08:34 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-16 08:34 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-16 08:34 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-16 08:33 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-16 08:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-16 08:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-16 08:32 <DIR> d--hs---- C:\System Volume Information
2007-03-16 08:32 <DIR> d-------- C:\Documents and Settings
2007-03-16 08:25 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-16 08:25 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-16 08:25 <DIR> dr------- C:\WINDOWS\Web
2007-03-16 08:25 <DIR> d--h----- C:\WINDOWS\inf
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system32
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\system
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\security
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Resources
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\repair
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\mui
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\msapps
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\msagent
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Media
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\java
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\ime
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Help
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Debug
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\Config
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS\addins
2007-03-16 08:25 <DIR> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-03-23 08:46 62 --ahs---- C:\DOCUME~1\Chris\APPLIC~1\desktop.ini
chris1215
04-09-2007, 09:12 PM
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Aiuh"="\"C:\\PROGRA~1\\RACLE~1\\ntvdm.exe\" -vt yazb"
"Dcvtc"="C:\\WINDOWS\\?icrosoft.NET\\??plorer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"AtiPTA"="atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TweakMASTER"="C:\\PROGRA~1\\TWEAKM~1\\TMTray.exe"
"DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe"
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
************************************************** ******************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
************************************************** ******************
Completion time: 07-04-09 19:23:34
C:\ComboFix-quarantined-files.txt ... 07-04-09 19:23
Budfred
04-09-2007, 11:31 PM
You got hit pretty good... Rather than sorting through all of that, please run a few more scans to see what they can clean out...
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
and....
* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
and then....
AVG Anti-Spyware (Ewido)...
Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.