Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Www.livesecuritycenter.com Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 elliottbrooks

elliottbrooks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 April 2008 - 01:19 PM

Ahh yes. The Classic scenario. :thumbsup:

"Your computer is infected with a made up Virus. Please click here to install some anti-spyware software that you don't really need and wouldn't pick up a virus if it was dressed up as a fluorescent light and danced in front of it to the can-can. Trust me. Its URGENT!"

Good god! I am Sick and Fed up of this sad and pathetic form of advertising. Anyhoo

Things I cant do:

TASK MANAGER (BUMMER...)
SYSTEM RESTORE (ERROR EVERY-TIME)
LAST FIVE MINUTES WITHOUT A POPUP
CHANGE DESKTOP BACKGROUND (HTML LINK)
GIVE BIRTH (BEING MALE AND ALL THAT...)

Things I cant stop doing:

IE OPENING UP TO //www.LIVESECURITYCENTER.COM
GETTING POPUPS
BIZARRE NEW TOOLBARS IN IE
SSLLLOOWWWDDDOOOWWWNNNSSS...
LOTS MORE THAT I PROBABLY HAVNT DISCOVERED

To be honest its a fairly mild virus but it really is as annoying as hell.

So to the stuff i don't understand...

after running the scan i got...

MAIN.TXT:
Deckard's System Scanner v20071014.68
Run by test on 2008-04-07 12:18:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 4.76 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-07 12:18:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ahdgyef.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Pub Quiz\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] ahdgyef.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] ahdgyef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193407303328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193407259921
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll
O23 - Service: McAfee Application Installer Cleanup (0114631207518403) (0114631207518403mcinstcleanup) - Unknown owner - C:\DOCUME~1\PUBQUI~1\LOCALS~1\Temp\011463~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe


--
End of file - 11943 bytes

-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 11:13:04 0 d-------- C:\Program Files\seekmo
2008-04-07 11:13:03 0 d-------- C:\Program Files\zango
2008-04-07 10:49:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-07 10:24:32 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\SUPERAntiSpyware.com
2008-04-06 22:24:27 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\LimeWire
2008-04-06 20:12:23 0 d-------- C:\Program Files\Alwil Software
2008-04-06 18:25:03 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-04-06 18:25:03 0 d-------- C:\Documents and Settings\Guest\Application Data\CyberLink
2008-04-06 18:25:03 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-04-06 18:25:02 0 d-------- C:\Documents and Settings\Guest\WINDOWS
2008-04-06 18:25:02 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-04-06 18:25:02 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-04-06 18:25:02 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-04-06 18:25:02 0 d--hs---- C:\Documents and Settings\Guest\Recent
2008-04-06 18:25:02 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-04-06 18:25:02 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-04-06 18:25:02 0 d---s---- C:\Documents and Settings\Guest\My Documents
2008-04-06 18:25:02 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-04-06 18:25:02 0 d---s---- C:\Documents and Settings\Guest\Favorites
2008-04-06 18:25:02 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-04-06 18:25:02 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-04-06 18:25:02 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-04-06 18:25:02 0 d-------- C:\Documents and Settings\Guest\Application Data\SampleView
2008-04-06 18:25:02 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-04-06 18:25:01 1572864 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-04-06 18:15:06 0 d-------- C:\Documents and Settings\Elliott Brooks\Desktop
2008-04-06 18:14:08 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Talkback
2008-04-06 18:12:21 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Thunderbird
2008-04-06 18:12:21 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Mozilla
2008-04-06 17:50:53 3564 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-06 17:40:19 0 d---s---- C:\Documents and Settings\test.ELLIOTTLAPTOP\UserData
2008-04-06 17:40:08 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Macromedia
2008-04-06 13:55:51 0 d-------- C:\Program Files\XoftSpySE
2008-04-06 13:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:33:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 13:33:39 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\SUPERAntiSpyware.com
2008-04-06 13:33:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 13:08:43 0 d-------- C:\Program Files\180search assistant
2008-04-06 13:08:42 0 d-------- C:\Program Files\180solutions
2008-04-06 13:08:42 0 d-------- C:\Program Files\180searchassistant
2008-04-06 12:59:02 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Media Player Classic
2008-04-06 12:27:53 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\WinRAR
2008-04-06 12:05:30 0 d-------- C:\Program Files\Enigma Software Group
2008-04-05 15:55:58 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Apple Computer
2008-04-05 12:31:44 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Identities
2008-04-05 12:31:44 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\CyberLink
2008-04-05 12:31:44 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\Adobe
2008-04-05 12:31:43 0 d--h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\Local Settings
2008-04-05 12:31:43 0 d---s---- C:\Documents and Settings\test.ELLIOTTLAPTOP\Favorites
2008-04-05 12:31:43 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Desktop
2008-04-05 12:31:43 0 d---s---- C:\Documents and Settings\test.ELLIOTTLAPTOP\Cookies
2008-04-05 12:31:43 0 dr-h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data
2008-04-05 12:31:43 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Application Data\SampleView
2008-04-05 12:31:42 0 d-------- C:\Documents and Settings\test.ELLIOTTLAPTOP\WINDOWS
2008-04-05 12:31:42 0 d--h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\Templates
2008-04-05 12:31:42 0 dr------- C:\Documents and Settings\test.ELLIOTTLAPTOP\Start Menu
2008-04-05 12:31:42 0 dr-h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\SendTo
2008-04-05 12:31:42 0 d--hs---- C:\Documents and Settings\test.ELLIOTTLAPTOP\Recent
2008-04-05 12:31:42 0 d--h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\PrintHood
2008-04-05 12:31:42 2097152 --ah----- C:\Documents and Settings\test.ELLIOTTLAPTOP\NTUSER.DAT
2008-04-05 12:31:42 0 d--h----- C:\Documents and Settings\test.ELLIOTTLAPTOP\NetHood
2008-04-05 12:31:42 0 d---s---- C:\Documents and Settings\test.ELLIOTTLAPTOP\My Documents
2008-04-05 11:56:02 0 dr-h----- C:\Documents and Settings\test\SendTo
2008-04-05 11:56:02 0 dr-h----- C:\Documents and Settings\test\Recent
2008-04-05 11:56:02 0 d--h----- C:\Documents and Settings\test\PrintHood
2008-04-05 11:56:02 0 d--h----- C:\Documents and Settings\test\NetHood
2008-04-05 11:56:02 0 dr------- C:\Documents and Settings\test\My Documents
2008-04-05 11:56:02 0 d--h----- C:\Documents and Settings\test\Local Settings
2008-04-05 11:56:02 0 dr------- C:\Documents and Settings\test\Favorites
2008-04-05 11:56:02 0 d-------- C:\Documents and Settings\test\Desktop
2008-04-05 11:56:02 0 d---s---- C:\Documents and Settings\test\Cookies
2008-04-05 11:56:02 0 dr-h----- C:\Documents and Settings\test\Application Data
2008-04-05 11:56:02 0 d-------- C:\Documents and Settings\test\Application Data\SampleView
2008-04-05 11:56:02 0 d---s---- C:\Documents and Settings\test\Application Data\Microsoft
2008-04-05 11:56:02 0 d-------- C:\Documents and Settings\test\Application Data\Identities
2008-04-05 11:56:02 0 d-------- C:\Documents and Settings\test\Application Data\CyberLink
2008-04-05 11:56:02 0 d-------- C:\Documents and Settings\test\Application Data\Adobe
2008-04-05 11:56:01 0 d-------- C:\Documents and Settings\test\WINDOWS
2008-04-05 11:56:01 0 d--h----- C:\Documents and Settings\test\Templates
2008-04-05 11:56:01 0 dr------- C:\Documents and Settings\test\Start Menu
2008-04-05 11:56:00 1572864 --ah----- C:\Documents and Settings\test\NTUSER.DAT
2008-04-05 11:47:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-05 11:47:11 0 d-------- C:\WINDOWS\FLEOK
2008-04-05 11:47:11 0 d-------- C:\Program Files\stc
2008-04-05 11:47:10 0 d-------- C:\Program Files\Sysmnt
2008-04-05 11:13:24 24576 --a------ C:\WINDOWS\voiceip.dll
2008-04-05 11:13:24 10752 --a------ C:\WINDOWS\stcloader.exe
2008-04-05 11:13:23 13312 --a------ C:\WINDOWS\swin32.dll
2008-04-05 11:13:23 28160 --a------ C:\WINDOWS\mssvr.exe
2008-04-05 11:13:23 16128 --a------ C:\WINDOWS\cdsm32.dll
2008-04-05 11:13:23 15616 --a------ C:\WINDOWS\bokja.exe
2008-04-05 11:13:22 14848 --a------ C:\WINDOWS\mspphe.dll
2008-04-05 11:13:22 17152 --a------ C:\WINDOWS\bjam.dll
2008-04-05 11:13:22 19456 --a------ C:\WINDOWS\2020search2.dll
2008-04-05 11:13:22 17664 --a------ C:\WINDOWS\2020search.dll
2008-04-05 11:13:20 24832 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-05 11:13:20 22272 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-05 11:13:19 13056 --a------ C:\WINDOWS\salm.exe
2008-04-05 11:13:19 15616 --a------ C:\WINDOWS\180ax.exe
2008-04-05 11:13:18 30976 --a------ C:\WINDOWS\updatetc.exe
2008-04-05 11:13:17 28928 --a------ C:\WINDOWS\saiemod.dll
2008-04-05 11:13:16 16640 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-05 11:13:16 30464 --a------ C:\WINDOWS\msapasrc.dll
2008-04-05 11:13:15 18176 --a------ C:\WINDOWS\msa64chk.dll
2008-04-05 11:13:14 24064 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-05 11:13:13 22272 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-05 11:13:13 30720 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-05 11:13:12 8448 --a------ C:\WINDOWS\shdocpl.dll
2008-04-05 11:13:12 14336 --a------ C:\WINDOWS\shdocpe.dll
2008-04-05 11:13:12 27392 --a------ C:\WINDOWS\ntnut.exe
2008-04-05 11:13:10 8704 --a------ C:\WINDOWS\winsb.dll
2008-04-05 11:13:10 31744 --a------ C:\WINDOWS\browserad.dll
2008-04-05 11:13:10 30208 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-05 11:13:09 12288 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-05 11:13:09 32256 --a------ C:\WINDOWS\avifile32.dll
2008-04-05 11:13:08 13056 --a------ C:\WINDOWS\autodisc32.dll
2008-04-05 11:13:08 23808 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-05 11:13:08 29696 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-05 11:13:07 9728 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-05 11:13:07 11776 --a------ C:\WINDOWS\athprxy32.dll
2008-04-05 11:13:07 19200 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-05 11:13:07 28416 --a------ C:\WINDOWS\asferror32.dll
2008-04-05 11:13:06 25856 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-05 11:13:06 17920 --a------ C:\WINDOWS\apphelp32.dll
2008-04-05 11:00:20 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-05 11:00:18 0 d-------- C:\Program Files\VirtualDJ
2008-04-04 23:16:10 0 d-------- C:\AudioCart
2008-04-04 22:06:58 0 d-------- C:\Samples
2008-04-04 22:06:57 0 d-------- C:\Jingles
2008-04-04 22:06:00 0 d-------- C:\Downloads
2008-04-04 21:35:36 0 d-------- C:\Documents and Settings\Elliott Brooks\.freemind
2008-04-04 21:35:11 0 d-------- C:\Program Files\FreeMind
2008-04-04 18:58:53 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\LimeWire
2008-04-04 18:58:08 0 d-------- C:\Program Files\LimeWire
2008-03-30 16:53:53 0 d-------- C:\Documents and Settings\Pub Quiz\Desktop
2008-03-30 11:00:23 7852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-03-30 09:25:03 0 d-------- C:\Program Files\Kontiki
2008-03-30 09:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-30 09:24:57 0 d-------- C:\logs3
2008-03-29 19:04:29 0 d-------- C:\Program Files\McAfee.com
2008-03-29 19:04:19 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-29 18:31:07 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\McAfee
2008-03-29 15:07:13 0 d-------- C:\Program Files\Safari
2008-03-28 23:43:29 0 d-------- C:\Documents and Settings\Elliott Brooks\.rainlendar2
2008-03-28 23:43:21 0 d-------- C:\Program Files\Rainlendar2
2008-03-28 20:51:32 0 d--h----- C:\WINDOWS\FlyakiteOSX
2008-03-26 21:01:12 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-03-25 19:25:06 0 d--h----- C:\catalog.wci
2008-03-24 20:43:48 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\vlc
2008-03-23 14:59:57 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\Media Player Classic
2008-03-23 10:21:48 0 d-------- C:\Program Files\Infogrames
2008-03-23 09:11:33 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\Apple Computer
2008-03-23 09:09:14 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\VirtuaWin
2008-03-22 12:06:02 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\Opera
2008-03-22 10:00:25 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\VirtuaWin
2008-03-22 10:00:15 0 d-------- C:\Program Files\VirtuaWin
2008-03-21 22:59:51 0 d-------- C:\WINDOWS\Toolbar
2008-03-21 22:41:42 0 d-------- C:\BACKUPINI
2008-03-21 11:38:49 0 d-------- C:\Program Files\bitRipper
2008-03-21 11:07:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-03-21 11:07:01 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\AVSMedia
2008-03-21 10:19:13 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-21 10:19:12 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-03-21 10:19:11 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-03-21 10:19:11 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-21 10:19:09 0 d-------- C:\Program Files\AVSMedia
2008-03-21 10:15:37 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-03-21 10:15:37 66048 --a------ C:\WINDOWS\system32\cygz.dll
2008-03-21 10:15:37 1872821 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-03-21 07:44:49 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\dvdcss
2008-03-16 19:02:52 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-03-16 18:58:04 0 d-------- C:\Program Files\HP
2008-03-16 18:58:02 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-15 12:08:09 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\Steinberg
2008-03-15 12:00:53 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2008-03-15 12:00:53 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-03-15 12:00:53 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-03-15 12:00:52 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2008-03-15 12:00:51 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio™ (32-bit) RealVideo Encoder SDK 5.0>
2008-03-15 12:00:51 352768 --a------ C:\WINDOWS\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2008-03-15 12:00:51 131072 --a------ C:\WINDOWS\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2008-03-15 12:00:50 130560 --a------ C:\WINDOWS\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio™ Encoder (32-bit)>
2008-03-15 12:00:50 85504 --a------ C:\WINDOWS\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-03-15 12:00:50 61952 --a------ C:\WINDOWS\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-03-15 11:59:03 0 d-------- C:\Program Files\Steinberg
2008-03-15 11:57:16 33792 --a------ C:\WINDOWS\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
2008-03-15 11:56:58 16896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; Syncrosoft GmbH; USB protection device>
2008-03-15 11:56:54 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; Syncrosoft Hard- und Software GmbH; Syncrosoft Synsopos>
2008-03-15 11:56:52 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; Syncrosoft Hard- und Software GmbH; >
2008-03-15 11:56:51 704512 --a------ C:\WINDOWS\system32\SYNSOACC.dll <Not Verified; Syncrosoft Hard- und Software GmbH; SYNCROSOFT SYNSOACC>
2008-03-15 11:56:51 0 d-------- C:\Program Files\Syncrosoft
2008-03-15 11:52:05 84884 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-15 11:37:55 0 d-------- C:\Program Files\Apple Software Update
2008-03-15 11:36:45 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\Skype
2008-03-15 11:33:26 0 d-------- C:\Program Files\Skype
2008-03-15 11:33:26 0 d-------- C:\Program Files\Common Files\Skype
2008-03-12 21:22:39 0 d-------- C:\Program Files\FMS
2008-03-12 20:10:18 2942 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-03-10 19:45:41 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\flightgear.org
2008-03-10 19:42:50 0 d-------- C:\Program Files\FlightGear
2008-03-09 11:21:41 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\Talkback
2008-03-09 11:21:35 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\Thunderbird
2008-03-09 10:50:44 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\Mozilla
2008-03-08 19:42:25 0 d-------- C:\Documents and Settings\Pub Quiz\Application Data\OpenOffice.org2
2008-03-08 14:36:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-08 14:17:20 0 d-------- C:\Documents and Settings\Elliott Brooks\Application Data\OpenOffice.org2
2008-03-08 14:15:14 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-07 22:37:50 0 d-------- C:\Program Files\TopByteLabs
2008-03-07 22:13:11 0 d-------- C:\Program Files\SourceTec
2008-03-07 21:29:23 0 d-------- C:\Program Files\EzPaste-Trial
2008-03-07 20:01:38 0 d-------- C:\Program Files\PresentationPoint


-- Find3M Report ---------------------------------------------------------------

2008-04-06 22:37:24 0 d-------- C:\Program Files\McAfee
2008-04-06 18:14:08 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-06 17:37:16 0 d-------- C:\Program Files\LIVEUPDATE
2008-04-06 16:46:21 0 d-------- C:\Program Files\Windows NT
2008-04-06 16:46:21 0 d-------- C:\Program Files\Movie Maker
2008-04-06 16:46:21 0 d-------- C:\Program Files\Messenger
2008-04-06 13:33:15 0 d-------- C:\Program Files\Common Files
2008-03-30 10:38:00 0 d-------- C:\Program Files\Common Files\Stardock
2008-03-30 09:25:21 0 d-------- C:\Program Files\KService
2008-03-29 18:10:54 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-24 10:43:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-23 20:29:48 221184 ---h----- C:\WINDOWS\system32\wodfamod.dll <Not Verified; Abrosoft; FantaMorph>
2008-03-23 15:03:37 0 d-------- C:\Program Files\XviD
2008-03-21 13:02:00 0 d-------- C:\Program Files\Bonjour
2008-03-15 22:40:42 0 d-------- C:\Program Files\uTorrent
2008-03-09 19:13:36 0 d-------- C:\Program Files\DJ Studio Pro
2008-03-08 13:52:23 0 d-------- C:\Program Files\Java
2008-03-01 17:02:42 0 d-------- C:\Program Files\YouTube Downloader
2008-03-01 17:00:17 0 d-------- C:\Program Files\Sky Broadband
2008-03-01 17:00:16 0 d-------- C:\Program Files\Wallpaper Changer
2008-03-01 17:00:15 0 d-------- C:\Program Files\XstreamRadio 3.02
2008-03-01 17:00:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-01 17:00:11 0 d-------- C:\Program Files\MagicISO
2008-03-01 17:00:10 0 d-------- C:\Program Files\Free Vista Screensaver
2008-02-24 17:57:26 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-24 17:54:15 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-02-24 17:41:35 0 d-------- C:\Program Files\ApexStudio
2008-02-23 09:38:23 0 d-------- C:\Program Files\Virtual Earth 3D
2008-02-22 23:24:23 0 d-------- C:\Program Files\Netscape
2008-02-22 19:01:06 0 d-------- C:\Program Files\MSXML 6.0
2008-02-20 13:13:56 0 d-------- C:\Program Files\Colibri
2008-02-18 19:57:19 0 d-------- C:\Program Files\Google
2008-02-16 15:15:19 3213824 --a------ C:\WINDOWS\LOCK.SCR
2008-02-15 20:11:55 0 d-------- C:\Program Files\Serif
2008-02-10 17:50:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-09 16:12:29 0 d-------- C:\Program Files\Common Files\SourceTec
2008-02-09 12:14:22 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-09 11:36:09 0 d-------- C:\Program Files\PowerISO
2008-02-09 09:03:32 0 d-------- C:\Program Files\CubeDesktop
2008-02-03 18:42:08 82110976 --a------ C:\WINDOWS\INSTFILE.SCR
2008-02-01 19:46:03 2322304 --a------ C:\WINDOWS\system32\LOGOOS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-01 09:40:32 110592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL <Not Verified; ENJsoft Corporation; SelfMusicVideo>
2008-02-01 09:40:32 40960 --a------ C:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>
2008-01-31 23:27:01 4599296 --a------ C:\WINDOWS\SCRNSVR.SCR
2008-01-26 11:07:40 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 23:42]
"SkyTel"="SkyTel.EXE" [17/05/2006 03:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [13/09/2006 01:58 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 03:43 C:\WINDOWS\Alcmtr.exe]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [23/03/2006 05:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [23/03/2006 05:17]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/01/2005 04:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [13/12/2003 18:17]
"Microsoft Update Machine"="ahdgyef.exe" [13/06/2007 11:23 C:\WINDOWS\system32\ahdgyef.exe]
"iconcache"="" []
"cleanup"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [23/03/2006 05:17]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 09:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [14/01/2006 01:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [14/01/2006 01:38]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [26/02/2006 00:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [08/07/2005 17:01]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update Machine"=ahdgyef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 17:51 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31/01/2005 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-04-07 12:19:06 ------------

So there you have it RSVP ASAP!!!

Attached Files


Edited by elliottbrooks, 07 April 2008 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 elliottbrooks

elliottbrooks
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 07 April 2008 - 06:21 AM

Pretty please, anyone?

I ran antivirus and it picked up nothing

Edited by elliottbrooks, 07 April 2008 - 10:27 AM.


#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:44 AM

Posted 12 April 2008 - 05:53 AM

Hello and welcome to BleepingComputer. :thumbsup:

I apologize for the delay. We just had a bit of a crisis with the HJT forum's backlog but now it's under control. Many people have been waiting for several days.

If you still need some help with this, please post a fresh HijackThis log and we'll get started.
Hi there, stranger!

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:44 AM

Posted 29 April 2008 - 02:19 PM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this topic reopened, please PM a Staff member.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users