Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Medichi And Medichi2 [major Problems]


  • Please log in to reply
1 reply to this topic

#1 Allanth

Allanth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 23 December 2007 - 01:52 PM

First off I would liek to say thank you to anyone who actually helps me out with this. I am really in a tight situation and need all the help I can get. Thanks again!

Problems:

Computer randomly starts copying files. A window appears at the upper left hand corner and shows the progress bar of files being copied. It happens once every 5 minutes or so. After it completes the copy the window closes and nothing else happens.

Randomly, a Windows Security Alert pops up in the middle of the screen and says this exactly "Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any UNATHORISED [the prompt is misspelled] access to your files! Click here to download Spyware Remover ..." Clicking 'No' simply exits the window, and clicking 'yes' brings you to a page that wont load completely.

Randomly, my volume gets muted.

Randomly, the computer will load IE and go to the address http://81.13.38.39/alert.htm , of course the site never loads. It simply says "Canot find server".

Lastly, I am unable to execute the following programs, i double click on them but they do not RUN.. no hourglass appears or anything, it just does nothing. The programs that do not work are SPYWARE DOCTOR, COMBOFIX, SPYBOT: Search and Destroy, and AVG Anti-Spyware. I tried running all these programs in SAFEMODE but they do not execute either way. I have used AVAST! Antivirus, but the program does not find any viruses or spyware or anything.

HIJACKTHIS:
When I use hijackthis in safemode i always seem to get the same two registry files that I can not get rid of. They are MEDICHI.EXE and MEDICHI2.EXE I think these are the problem but I dont know how to get rid of them or if they really are the problem. Here is my ------------------------------HIJACKTHIS LOG---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:49 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Start\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Etc. Programs\AAAB\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O20 - AppInit_DLLs: murka.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Start/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6674 bytes

------------HERE IS MY SDFix LOG--------------------


SDFix: Version 1.119

Run by Administrator on Sat 12/22/2007 at 05:36 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Infected beep.sys Found!

beep.sys File Locations:

"C:\WINDOWS\system32\dllcache\beep.sys" 37888 12/22/2007 12:43 AM
"C:\WINDOWS\system32\drivers\beep.sys" 37888 12/22/2007 12:43 AM

Infected File Listed Below:

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys

Trojan File copied to Backups Folder
Attempting to replace beep.sys with original version...

Original beep.sys Restored


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:43:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\D-Tools\"
"h0"=dword:00000000
"khjeh"=hex:16,d2,5e,16,37,16,c3,34,f9,b0,15,49,54,9f,3c,22,6b,af,88,d2,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,45,97,a1,65,22,bb,4b,03,5d,d6,81,ed,43,ab,80,11,3b,..
"khjeh"=hex:7f,59,d5,41,97,0a,aa,96,15,ed,f2,a8,c5,53,61,70,24,0c,84,36,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,88,b2,3b,6c,6a,28,27,25,51,7c,9a,49,0f,cb,79,39,11,f2,da,1e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1b,e2,d6,20,7e,99,50,86,c1,46,b5,32,c0,b2,48,c7,e1,fb,a0,b8,b0,..
"p0"="C:\Program Files\D-Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,72,b6,07,4f,e3,f5,1a,f9,c5,d5,4e,7e,77,d4,80,..
"khjeh"=hex:7f,59,d5,41,97,0a,aa,96,15,ed,f2,a8,c5,53,61,70,24,0c,84,36,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:28,99,da,a7,4b,f3,50,79,16,ef,16,86,4d,02,28,c5,5e,4b,c6,ac,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c2e15301
"s2"=dword:d8a6799c
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1b,e2,d6,20,7e,99,50,86,c1,46,b5,32,c0,b2,48,c7,e1,fb,a0,b8,b0,..
"p0"="C:\Program Files\D-Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6e,cd,72,b6,07,4f,e3,f5,1a,f9,c5,d5,4e,7e,77,d4,80,..
"khjeh"=hex:7f,59,d5,41,97,0a,aa,96,15,ed,f2,a8,c5,53,61,70,24,0c,84,36,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:28,99,da,a7,4b,f3,50,79,16,ef,16,86,4d,02,28,c5,5e,4b,c6,ac,e0,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\0 \xc4]
"Order"=hex:08,00,00,00,02,00,00,00,a4,01,00,00,01,00,00,00,03,00,00,00,84,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\SIERRA\\Steam\\Steam.exe"="C:\\Program Files\\SIERRA\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\counter-strike\\hl.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\WoW Stress\\World of Warcraft\\BlizzardDownloader.exe"="C:\\Program Files\\WoW Stress\\World of Warcraft\\BlizzardDownloader.exe:*:Enabled:WindowsClient"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Documents and Settings\\Start\\Local Settings\\Temp\\WoWBetaDownloader\\WoWBetaDownloader.exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temp\\WoWBetaDownloader\\WoWBetaDownloader.exe:*:Enabled:WoWBetaDownloader"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\day of defeat\\hl.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Maya\\bin\\maya.exe"="C:\\Program Files\\Maya\\bin\\maya.exe:*:Enabled:Maya"
"C:\\Program Files\\Maya\\bin\\mayabatch.exe"="C:\\Program Files\\Maya\\bin\\mayabatch.exe:*:Enabled:MayaBatch"
"C:\\Program Files\\Movies\\WoWMovieDownloader-EnUS.exe"="C:\\Program Files\\Movies\\WoWMovieDownloader-EnUS.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\01IFSX2V\\WoWMovieDownloader-EnUS[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\01IFSX2V\\WoWMovieDownloader-EnUS[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW 1.1.0 enUS patch Downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW 1.1.0 enUS patch Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\counter-strike source\\hl2.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\World of Warcraft\\WoW-1.1.1-patch-enUS-Downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life 2\\hl2.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Enemy Territory\\ET.exe"="C:\\Program Files\\Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\WoW Stress\\WoW-1.3.1-to-0.4.0-Test-enUS.exe"="C:\\Program Files\\WoW Stress\\WoW-1.3.1-to-0.4.0-Test-enUS.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.4323-to-0.4.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.4323-to-0.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Microsoft Chat\\CChat.exe"="C:\\Program Files\\Microsoft Chat\\CChat.exe:*:Enabled:Microsoft Chat"
"C:\\Program Files\\Ultima Online\\uotd.exe"="C:\\Program Files\\Ultima Online\\uotd.exe:*:Enabled:uotdd"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.4341-to-0.5.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.4341-to-0.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\01IFSX2V\\WOWE3Trailer2005-downloader[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\01IFSX2V\\WOWE3Trailer2005-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Movies\\WOWE3Trailer2005-downloader.exe"="C:\\Program Files\\Movies\\WOWE3Trailer2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Movies\\Ghost_Multi-player2005-downloader.exe"="C:\\Program Files\\Movies\\Ghost_Multi-player2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\YZ85EX07\\E32004Ghost-downloader[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\YZ85EX07\\E32004Ghost-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\YZ85EX07\\Ghost_Gameplay2005-downloader[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\YZ85EX07\\Ghost_Gameplay2005-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\KOTOR\\swupdate.exe"="C:\\Program Files\\KOTOR\\swupdate.exe:*:Enabled:Star Wars: Knights of the old Republic Update Program"
"C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\WoW Stress\\WoWTest\\WoW-0.4.0.4323-to-0.4.0-enUS-downloader.exe"="C:\\Program Files\\WoW Stress\\WoWTest\\WoW-0.4.0.4323-to-0.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Movies\\G4_Short-downloader.exe"="C:\\Program Files\\Movies\\G4_Short-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\ICQ2002.exe"="C:\\WINDOWS\\system32\\ICQ2002.exe:*:Enabled:ICQ2002"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Etc. Programs\\WOW_Coke-downloader.exe"="C:\\Program Files\\Etc. Programs\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Tetrinet\\btpr2.exe"="C:\\Program Files\\Tetrinet\\btpr2.exe:*:Enabled:btpr2"
"C:\\Documents and Settings\\Start\\Local Settings\\Temp\\usmt\\migwiz.exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temp\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\lostcoast\\hl2.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\lostcoast\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\JA\\GameData\\jamp.exe"="C:\\Program Files\\JA\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\FG\\FantasyGrounds.exe"="C:\\Program Files\\FG\\FantasyGrounds.exe:*:Enabled:FantasyGrounds"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\J59WVTJ7\\Arathi_Basin_new_EG-downloader[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\J59WVTJ7\\Arathi_Basin_new_EG-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SIERRA\\FEAR\\fpupdate.exe"="C:\\Program Files\\SIERRA\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\J59WVTJ7\\Nefarian_EG-downloader[1].exe"="C:\\Documents and Settings\\Start\\Local Settings\\Temporary Internet Files\\Content.IE5\\J59WVTJ7\\Nefarian_EG-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\WoWtest\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe"="C:\\Program Files\\WoWtest\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Documents and Settings\\Start\\Desktop\\WEB-WOWEx-E3-downloader.exe"="C:\\Documents and Settings\\Start\\Desktop\\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Gaim\\gaim.exe"="C:\\Program Files\\Gaim\\gaim.exe:*:Enabled:gaim"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-2.0.0.5991-enUS-Installer-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-2.0.0.5991-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.0.5991-enUS-Installer-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.0.5991-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.5991-to-2.0.0.6022-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.5991-to-2.0.0.6022-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6022-to-2.0.0.6046-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6022-to-2.0.0.6046-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6046-to-2.0.0.6052-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6046-to-2.0.0.6052-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6052-to-2.0.1.6082-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.0.6052-to-2.0.1.6082-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.1.6082-to-2.0.2.6108-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.1.6082-to-2.0.2.6108-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\BackgroundDownloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.2.6108-to-2.0.2.6144-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.2.6108-to-2.0.2.6144-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Poser\\Poser.exe"="C:\\Program Files\\Poser\\Poser.exe:*:Enabled:Poser executable file"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Silkroad\\SilkErrSender.exe"="C:\\Program Files\\Silkroad\\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????"
"C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\BC\\Burning Crusade Closed Beta\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\WinPcap\\rpcapd.exe"="C:\\Program Files\\WinPcap\\rpcapd.exe:*:Enabled:rpcapd"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM\\Yahoo\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\AIM\\Yahoo\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AIM\\Yahoo\\Messenger\\YServer.exe"="C:\\Program Files\\AIM\\Yahoo\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe"="C:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood"
"C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life\\hl.exe"="C:\\Program Files\\SIERRA\\Steam\\SteamApps\\angrymob00\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\FG\\Skype\\Skype.exe"="C:\\Program Files\\FG\\Skype\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 14 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Nov 2007 197,120 A..H. --- "C:\Documents and Settings\Start\Local Settings\Temp\~13.tmp"
Wed 31 Oct 2007 197,120 A..H. --- "C:\Documents and Settings\Start\Local Settings\Temp\~1D.tmp"
Fri 24 Aug 2007 214,528 A..H. --- "C:\Documents and Settings\Start\Local Settings\Temp\~4.tmp"
Fri 29 Dec 2006 106,496 A..H. --- "C:\Documents and Settings\Start\Local Settings\Temp\~58.tmp"
Mon 4 Oct 2004 26,624 ...H. --- "C:\Documents and Settings\Start\My Documents\Callan\~WRL1229.tmp"
Mon 20 Sep 2004 24,064 ...H. --- "C:\Documents and Settings\Start\My Documents\Callan\~WRL1708.tmp"
Mon 4 Oct 2004 26,112 ...H. --- "C:\Documents and Settings\Start\My Documents\Callan\~WRL2713.tmp"
Sat 17 Jul 2004 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sat 17 Jul 2004 12,176 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Fri 9 Nov 2007 2,834 ...HR --- "C:\Documents and Settings\Start\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 14 Mar 2005 4,348 ...H. --- "C:\Documents and Settings\Start\My Documents\My Music\License Backup\drmv1key.bak"
Tue 6 Sep 2005 20 A..H. --- "C:\Documents and Settings\Start\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 3 Sep 2005 488 A.SH. --- "C:\Documents and Settings\Start\My Documents\My Music\License Backup\drmv2key.bak"
Mon 5 Sep 2005 5,048 A.SH. --- "C:\Documents and Settings\Start\Application Data\Roxio\Dragon\DiscInfoCache\SAMSUNG__DVD-ROM_SD-616T__F310_300_DICV018_DRGV20100BC.TMP"
Mon 5 Sep 2005 2,160 A.SH. --- "C:\Documents and Settings\Start\Application Data\Roxio\Dragon\DiscInfoCache\SAMSUNG__CD-R_RW_SW-248F__R602_310_DICV018_DRGV20100BC.TMP"

Finished!

Thanks for the HELP, I am tryign to fix this by Christmas for my brother.

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:15 AM

Posted 09 January 2008 - 04:08 AM

Hi and welcome,

Sorry for big delay. We are burried in logs.

If you still need help please post a fresh hijackthis log here and let me know if things are still basically the same.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users