Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this logfile

Unread postby PIGGYWIGPIG » August 1st, 2007, 11:56 am

Hi Guys, here is my Hijack this logfile please help.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:34:29, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\SDLoader.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\user\Policies\catsrv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinTV\Ir.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Motherboard Monitor 5\DLL\display.dll
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08A94828-A550-479D-BF57-65588ABAF2C1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\awtrsro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A1CDB780-BCDB-4A6B-A74D-02B1A7114ECA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B9705164-AFDC-4211-9C61-10D7F4DF469F} - (no file)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\lqbtrmph.dll
O2 - BHO: (no name) - {D5405788-720F-4AC5-BDEC-B4BA386D6377} - C:\WINDOWS\system32\vtsqr.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NVRaidService] "C:\WINDOWS\system32\nvraidservice.exe"
O4 - HKLM\..\Run: [SMSERIAL] "sm56hlpr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\Updreg.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [F5D9050] "C:\Program Files\Belkin\F5D9050\Belkinwcui.exe"
O4 - HKLM\..\Run: [DT Task] "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe " -startup_folder
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\user\Policies\catsrv.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} (ProductView Control) - http://www.catalogds.com/dtd/pvcadview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 5481188500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5481162156
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: awtrsro - C:\WINDOWS\SYSTEM32\awtrsro.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe (file missing)
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 13770 bytes
PIGGYWIGPIG
Active Member
 
Posts: 2
Joined: August 1st, 2007, 11:49 am
Advertisement
Register to Remove

Unread postby Shaba » August 2nd, 2007, 6:10 am

Hi PIGGYWIGPIG

Create own folder for HijackThis to desktop and move it to that folder.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Combofix log file

Unread postby PIGGYWIGPIG » August 2nd, 2007, 8:05 am

Thanks, here is the combofix logfile as requested.

ComboFix 07-07-30.2 - "user" 2007-08-02 12:32:58.1 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\lqbtrmph.dll
C:\WINDOWS\system32\rtgeqpmn.dll
C:\WINDOWS\system32\ufqqifir.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\awtrsro.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\user\Desktop.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-08-02 12:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 11:54 125,504 --a------ C:\WINDOWS\system32\flbhknoq.dll
2007-08-01 11:46 125,504 --a------ C:\WINDOWS\system32\bpwqyaav.dll
2007-08-01 10:55 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-08-01 10:39 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-08-01 10:39 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-08-01 10:39 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-08-01 10:39 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-08-01 10:39 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-08-01 10:39 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-08-01 10:39 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-08-01 10:39 <DIR> d-------- C:\Program Files\Sygate
2007-08-01 10:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-31 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-31 21:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-30 23:14 <DIR> d-------- C:\Program Files\SonicWallES
2007-07-30 20:33 <DIR> d-------- C:\New Folder
2007-07-30 12:53 512 --a------ C:\ScanSectorLog.dat
2007-07-30 12:50 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\MailFrontier
2007-07-30 12:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-30 12:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-30 10:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-30 10:35 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\PC Tools
2007-07-30 10:16 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-30 08:57 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-30 02:49 <DIR> d-------- C:\Program Files\Lavasoft(2)
2007-07-30 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-30 02:40 10,747,904 --a------ C:\DOCUME~1\user\ntuser.dat
2007-07-30 02:40 1,310,720 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-07-29 19:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarStone
2007-07-29 19:34 6,466 --ahs---- C:\WINDOWS\system32\srutv.bak1
2007-07-29 18:04 6,467 --ahs---- C:\WINDOWS\system32\sttss.bak1
2007-07-28 11:47 3,325,469 --a------ C:\WINDOWS\system32\SBSP.dat
2007-07-28 11:46 243,409 --a------ C:\WINDOWS\system32\SBFC.dat
2007-07-27 20:17 66,048 --a------ C:\jcdln.exe
2007-07-26 22:33 <DIR> d-------- C:\Program Files\Advanced StartUp Manager
2007-07-26 21:47 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-07-26 21:17 37,027 --a------ C:\WINDOWS\atmoUn.exe
2007-07-26 18:51 <DIR> d-------- C:\Program Files\Microsoft Works
2007-07-25 17:52 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\FarStone
2007-07-25 17:44 <DIR> d-------- C:\Program Files\FarStone
2007-07-25 17:43 36,864 --a------ C:\WINDOWS\system32\unVHDDrvExe.exe
2007-07-25 17:43 36,864 --a------ C:\WINDOWS\system32\inVHDDrvExe.exe
2007-07-24 03:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-07-23 23:28 36,679 --a------ C:\WINDOWS\system32\drivers\NETMD052.sys
2007-07-23 23:27 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2007-07-23 23:27 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2007-07-23 23:27 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2007-07-23 23:27 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-07-23 23:27 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2007-07-23 21:32 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\DisplayTune
2007-07-23 21:28 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2007-07-23 21:28 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys
2007-07-23 21:28 <DIR> d-------- C:\Program Files\Portrait Displays
2007-07-23 21:21 <DIR> d-------- C:\Program Files\Skype
2007-07-23 21:21 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-07-23 21:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-23 20:43 <DIR> d-------- C:\VundoFix Backups
2007-07-15 18:44 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\iolo
2007-07-15 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-07-15 18:42 <DIR> d--hs---- C:\DOCUME~1\user\temp
2007-07-15 14:38 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Sunbelt Software
2007-07-15 12:42 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-15 12:42 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-15 12:42 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-15 12:42 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-15 12:42 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-14 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-14 12:44 <DIR> d-------- C:\Program Files\Nero
2007-07-14 12:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-14 12:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-14 12:40 <DIR> d--hs---- C:\DOCUME~1\user\Policies
2007-07-10 21:35 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Poser 7
2007-07-08 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-08 18:02 <DIR> d-------- C:\Program Files\Bonjour
2007-07-08 17:42 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-08 16:53 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-08 16:32 <DIR> d-------- C:\Program Files\MagicISO
2007-07-07 07:34 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\PTC
2007-07-07 07:10 <DIR> d-------- C:\Program Files\proeWildfire 3.0
2007-07-07 07:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-07-07 07:05 <DIR> d-------- C:\Program Files\flexnet
2007-07-06 10:22 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SolidWorksNewsReader
2007-07-06 10:10 670,208 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2007-07-06 10:05 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-07-06 09:53 <DIR> d-------- C:\Program Files\Windows Desktop Search


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 12:43 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000008-00001102-00000004-00531102}.dat
2007-08-02 12:43 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000008-00001102-00000004-00531102}.dat
2007-08-02 12:29 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Skype
2007-07-31 22:12 --------- d-------- C:\Program Files\Creative
2007-07-30 20:31 --------- d-------- C:\Program Files\Weather Watcher
2007-07-30 12:39 --------- d-------- C:\Program Files\Autodesk
2007-07-30 12:34 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-30 12:08 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-07-30 02:44 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Lavasoft
2007-07-29 20:19 --------- d-------- C:\Program Files\ACAD2000
2007-07-29 20:00 --------- d-------- C:\Program Files\Google
2007-07-29 14:26 --------- d-------- C:\Program Files\AutoCAD 2007
2007-07-28 07:51 --------- d-------- C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-07-28 07:50 --------- d-------- C:\Program Files\BitTorrent
2007-07-26 21:59 --------- d-------- C:\Program Files\Microsoft SQL Server
2007-07-26 21:24 --------- d-------- C:\Program Files\WinTV
2007-07-26 21:17 --------- d-------- C:\Program Files\Viewpoint
2007-07-26 21:17 --------- d-------- C:\DOCUME~1\user\APPLIC~1\AdobeUM
2007-07-26 18:53 --------- d-------- C:\Program Files\Common Files\L&H
2007-07-26 18:50 --------- d-------- C:\Program Files\Microsoft.NET
2007-07-25 19:36 --------- d-------- C:\DOCUME~1\user\APPLIC~1\SolidWorks
2007-07-23 23:25 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-23 23:24 --------- d-------- C:\Program Files\Sony
2007-07-17 22:38 5632 --ahs---- C:\Program Files\Thumbs.db
2007-07-16 14:42 --------- d-------- C:\Program Files\Picasa2
2007-07-15 18:42 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 18:42 --------- d-------- C:\Program Files\Ahead
2007-07-15 18:41 --------- d-------- C:\Program Files\MDSolids
2007-07-15 11:08 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Ahead
2007-07-09 20:31 --------- d-------- C:\Program Files\SolidWorks
2007-07-09 20:30 --------- d-------- C:\Program Files\Common Files\Bluebeam Software
2007-07-09 20:24 --------- d-------- C:\Program Files\Doom 3
2007-07-09 20:23 --------- d-------- C:\Program Files\Rhinoceros 3.0
2007-07-09 20:21 --------- d-------- C:\Program Files\backburner 2
2007-07-08 13:34 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-06 10:16 --------- d-------- C:\Program Files\Common Files\SolidWorks Shared
2007-07-06 10:07 --------- d-------- C:\Program Files\Common Files\eDrawings2007
2007-07-05 10:08 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Autodesk
2007-06-30 16:32 --------- d-------- C:\Program Files\AOEMView 2008
2007-06-30 16:31 --------- d-------- C:\Program Files\Microsoft WSE
2007-06-30 16:28 --------- d-------- C:\Program Files\DWG TrueView 2007
2007-06-30 12:37 --------- d-------- C:\Program Files\Alcohol Soft
2007-06-28 22:19 --------- d-------- C:\Program Files\InterActual
2007-06-28 22:17 --------- d-------- C:\Program Files\AutoCAD 2006
2007-06-22 11:56 --------- d-------- C:\Program Files\Flamingo 1.1
2007-06-22 11:47 --------- d-------- C:\Program Files\Flamingo 1.1 Evaluation
2007-06-22 11:21 --------- d-------- C:\Program Files\Penguin SR3
2007-06-22 11:21 --------- d-------- C:\DOCUME~1\user\APPLIC~1\McNeel
2007-06-22 11:05 --------- d-------- C:\Program Files\Rhinoceros 4.0
2007-06-22 10:59 --------- d-------- C:\Program Files\Quark
2007-06-21 19:37 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-06-21 19:37 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-06-19 07:19 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Quark
2007-06-18 14:42 --------- d-------- C:\Program Files\DivX
2007-06-18 13:43 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-18 09:39 --------- d-------- C:\Program Files\Common Files\xing shared
2007-06-18 09:39 --------- d-------- C:\Program Files\Common Files\Real
2007-06-18 09:39 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Real
2007-06-16 15:33 --------- d-------- C:\Program Files\Real
2007-05-31 07:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 07:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 07:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 07:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 07:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-08 13:19 392 --a--c--- C:\WINDOWS\system32\winsusrm.dll
2007-05-06 07:56 301056 --a------ C:\WINDOWS\system32\libtif-1.0.0.dll
2007-05-06 07:56 205824 --a------ C:\WINDOWS\system32\libjp2-1.0.0.dll
2007-05-06 07:56 1679360 --a------ C:\WINDOWS\system32\libmpg-1.0.5.dll
2007-05-06 07:56 16384 --a------ C:\WINDOWS\system32\libgif-1.0.0.dll
2007-05-06 07:56 149504 --a------ C:\WINDOWS\system32\libpng-1.0.1.dll
2007-05-06 07:56 1159680 --a------ C:\WINDOWS\system32\libmcl-4.5.0.dll
2007-05-06 07:56 1155072 --a------ C:\WINDOWS\system32\libmcl-4.5.1.dll
2007-05-06 07:56 111104 --a------ C:\WINDOWS\system32\libjpg-1.0.1.dll
2006-03-16 16:19 62080 --a--c--- C:\DOCUME~1\user\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A94828-A550-479D-BF57-65588ABAF2C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9603FEC3-8957-4C89-B6C8-863762A2E39C}]
C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1CDB780-BCDB-4A6B-A74D-02B1A7114ECA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9705164-AFDC-4211-9C61-10D7F4DF469F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SMSERIAL"="sm56hlpr.exe" [2004-06-29 11:42 C:\WINDOWS\sm56hlpr.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-09-15 02:10]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 01:00]
"nwiz"="nwiz.exe" [2005-10-10 21:49 C:\WINDOWS\system32\nwiz.exe]
"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 16:52]
"DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 13:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-31 08:08]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-20 04:28]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"catsrv"="C:\Documents and Settings\user\Policies\catsrv.exe" [2007-07-03 16:13]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-12 07:36:54]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-04-13 18:03:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-12 07:36:54]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2006-11-08 14:07:50]
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-02-06 20:06:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=WIKI.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINDOWS\system32\mbmiodrvr.sys
R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT
R2 SQLBrowser;SQL Server Browser;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys
R2 wg4n;SyGate for NT, wg4n;C:\WINDOWS\system32\Drivers\wg4n.sys
R2 wg5n;SyGate for NT, wg5n;C:\WINDOWS\system32\Drivers\wg5n.sys
R2 wg6n;SyGate for NT, wg6n;C:\WINDOWS\system32\Drivers\wg6n.sys
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINDOWS\system32\drivers\e10kx2k.sys
R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;C:\WINDOWS\system32\Drivers\hcwu2dtd.sys
R3 PdiPorts;Portrait Displays low level device driver;C:\WINDOWS\system32\Drivers\PdiPorts.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys
R3 uac4pdt;PDT USB Composite Class Filter Driver;C:\WINDOWS\system32\DRIVERS\uac4pdt.sys
S0 fcdabus;fcdabus;C:\WINDOWS\system32\DRIVERS\fcdabus.sys
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
S3 BRIDGE;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
S3 fsRamDsk;RamDisk Drive Service;C:\WINDOWS\system32\DRIVERS\fsRamDsk.sys
S3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;C:\WINDOWS\system32\DRIVERS\hcwusdtl.sys
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 PalmUSBD;PalmUSBD;C:\WINDOWS\system32\drivers\PalmUSBD.sys
S3 pdiddcci;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
S3 RT73;Belkin Wireless G Plus MIMO USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt73.sys


Contents of the 'Scheduled Tasks' folder
2007-08-01 01:11:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 12:47:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-02 12:51:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 12:49

--- E O F ---
PIGGYWIGPIG
Active Member
 
Posts: 2
Joined: August 1st, 2007, 11:49 am

Unread postby Shaba » August 2nd, 2007, 8:55 am

Hi

How about a fresh HijackThis log and VundoFix report? :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » August 9th, 2007, 7:44 am

Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware