Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Been Infected For A While Now...help!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Malfion

Malfion

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 24 May 2008 - 11:37 AM

Its full of Browser Hijackers, and Trojans,etc.

My computers been running slow and I keep getting infected.
I've tried,
Spyware Doctor, Ad Aware,Spybot, A bunch of Online scanners,etc..

Heres My HijackThis log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:43 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-789336058-861567501-839522115-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-861567501-839522115-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-789336058-861567501-839522115-1003 Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (User '?')
O4 - S-1-5-21-789336058-861567501-839522115-1003 Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe (User '?')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/rendere...eb.2007.4.4.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://gamengame.wiz-net.co.kr/KALogoutComponent.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 13195 bytes


AND MY SDFIX! Log(Sorry about the caps, I justed wanted to seperate the logs.


SDFix: Version 1.185
Run by User on Sat 05/24/2008 at 11:02 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 11:42:03
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:e1,32,e6,0e,4b,8f,49,ab,20,48,0f,5b,7f,46,59,cf,12,4c,0a,df,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f4,f9,e5,72,25,86,6c,02,8e,b1,1e,a0,a7,cd,50,5c,57,a8,25,32,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,9b,aa,6d,b3,02,50,6c,be,25,e9,84,9a,d9,ec,51,4c,..
"khjeh"=hex:3c,c0,10,40,9c,d7,6c,02,79,f6,b6,73,7b,19,e6,67,df,91,50,96,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:df,cc,b0,58,4f,aa,af,32,90,34,4f,52,9c,75,fc,31,72,60,89,d4,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c3,d7,90,2c,f2,47,18,c2,77,b0,4e,44,48,7a,12,4f,0f,e7,c9,67,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,46,b6,c2,ba,a0,f0,32,1f,62,72,dc,7d,e2,f4,3e,fb,55,47,32,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:e1,32,e6,0e,4b,8f,49,ab,20,48,0f,5b,7f,46,59,cf,12,4c,0a,df,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f4,f9,e5,72,25,86,6c,02,8e,b1,1e,a0,a7,cd,50,5c,57,a8,25,32,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,9b,aa,6d,b3,02,50,6c,be,25,e9,84,9a,d9,ec,51,4c,..
"khjeh"=hex:3c,c0,10,40,9c,d7,6c,02,79,f6,b6,73,7b,19,e6,67,df,91,50,96,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:df,cc,b0,58,4f,aa,af,32,90,34,4f,52,9c,75,fc,31,72,60,89,d4,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c3,d7,90,2c,f2,47,18,c2,77,b0,4e,44,48,7a,12,4f,0f,e7,c9,67,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,46,b6,c2,ba,a0,f0,32,1f,62,72,dc,7d,e2,f4,3e,fb,55,47,32,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:e1,32,e6,0e,4b,8f,49,ab,20,48,0f,5b,7f,46,59,cf,12,4c,0a,df,88,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f4,f9,e5,72,25,86,6c,02,8e,b1,1e,a0,a7,cd,50,5c,57,a8,25,32,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6a,9b,aa,6d,b3,02,50,6c,be,25,e9,84,9a,d9,ec,51,4c,..
"khjeh"=hex:3c,c0,10,40,9c,d7,6c,02,79,f6,b6,73,7b,19,e6,67,df,91,50,96,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:df,cc,b0,58,4f,aa,af,32,90,34,4f,52,9c,75,fc,31,72,60,89,d4,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c3,d7,90,2c,f2,47,18,c2,77,b0,4e,44,48,7a,12,4f,0f,e7,c9,67,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:1f,46,b6,c2,ba,a0,f0,32,1f,62,72,dc,7d,e2,f4,3e,fb,55,47,32,fe,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"\xbb\xb4\x2026p ?(?T?r?u?e?T?y?p?e?)?"="Mmj.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\YVD\\n00b-IRC.exe"="C:\\Program Files\\YVD\\n00b-IRC.exe:*:Enabled:n00b-IRC"
"C:\\Program Files\\softnyx\\GunBoundWC\\NyxLauncher.exe"="C:\\Program Files\\softnyx\\GunBoundWC\\NyxLauncher.exe:*:Enabled:GunboundWC"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"="C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe:*:Disabled:Anti-Leech plugin helper program"
"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PowerDVD.exe:*:Disabled:CyberLink PowerDVD"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\e-Games\\Survival Project\\SurvivalLauncher.exe"="C:\\Program Files\\e-Games\\Survival Project\\SurvivalLauncher.exe:*:Enabled:Survival Project"
"C:\\Program Files\\e-Games\\Survival Project\\survivalproject.exe"="C:\\Program Files\\e-Games\\Survival Project\\survivalproject.exe:*:Enabled:survivalproject"
"C:\\Program Files\\e-Games\\Survival Project\\sp.exe"="C:\\Program Files\\e-Games\\Survival Project\\sp.exe:*:Enabled:sp"
"C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\NetPumper\\NetPumper.exe"="C:\\Program Files\\NetPumper\\NetPumper.exe:*:Enabled:NetPumper download manager"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe"="C:\\Program Files\\Pariah Multiplayer Demo\\System\\Pariah.exe:*:Enabled:Pariah"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Granado Espada\\ge.exe"="C:\\Program Files\\Granado Espada\\ge.exe:*:Enabled:Granado Espada"
"C:\\Program Files\\Granado Espada\\release\\geConfig.exe"="C:\\Program Files\\Granado Espada\\release\\geConfig.exe:*:Enabled:Granado Espada Config"
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\\Program Files\\Granado Espada\\release\\patch\\patch_ge.exe"="C:\\Program Files\\Granado Espada\\release\\patch\\patch_ge.exe:*:Enabled:patch_ge"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Disabled:VLC media player"
"C:\\Documents and Settings\\User\\My Documents\\DriftCity\\DriftCity.exe"="C:\\Documents and Settings\\User\\My Documents\\DriftCity\\DriftCity.exe:*:Enabled:DriftCity"
"C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:Enabled:DriftCity"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Codemasters\\RF Online\\RF.exe"="C:\\Program Files\\Codemasters\\RF Online\\RF.exe:*:Enabled:RFLauncher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\UT2004Demo\\System\\UT2004.exe"="C:\\UT2004Demo\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Documents and Settings\\User\\Application Data\\Microsoft\\Installer\\{99217575-1F9D-438A-A2E9-D8FC1D96A04F}\\MapleStory.exe1_8401DE7AA69740EB89F4EFCC954C7795.exe"="C:\\Documents and Settings\\User\\Application Data\\Microsoft\\Installer\\{99217575-1F9D-438A-A2E9-D8FC1D96A04F}\\MapleStory.exe1_8401DE7AA69740EB89F4EFCC954C7795.exe:*:Enabled:MapleStory.exe1_8401DE7AA69740EB89F4EFCC954C7795"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Gameforge4D\\Flysis\\Launcher.atm"="C:\\Program Files\\Gameforge4D\\Flysis\\Launcher.atm:Enabled:GameExe2"
"C:\\Program Files\\Gameforge4D\\Flysis\\Res-Voip\\SCVoIP.exe"="C:\\Program Files\\Gameforge4D\\Flysis\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm"="C:\\Program Files\\Gameforge4D\\AirRivals\\Launcher.atm:Enabled:GameExe2"
"C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe"="C:\\Program Files\\Gameforge4D\\AirRivals\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 9 Feb 2008 80 ..SHR --- "C:\WINDOWS\system32\577ED68EF0.dll"
Sun 15 Jul 2007 56 ..SHR --- "C:\WINDOWS\system32\577ED68EF0.sys"
Tue 13 May 2008 88 ..SHR --- "C:\WINDOWS\system32\F08ED67E57.sys"
Tue 13 May 2008 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 27 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 6 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 28 Sep 2007 0 ...H. --- "C:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 28 Sep 2007 0 ...H. --- "C:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL0034.tmp"
Fri 28 Sep 2007 0 ...H. --- "C:\Documents and Settings\Mom\Application Data\Microsoft\Word\~WRL0440.tmp"
Sun 6 Apr 2008 25,600 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0001.tmp"
Tue 8 Apr 2008 26,112 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0003.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0005.tmp"
Tue 8 Apr 2008 32,256 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0035.tmp"
Tue 8 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0438.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0527.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0718.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0834.tmp"
Tue 8 Apr 2008 27,648 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL0896.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1062.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1129.tmp"
Tue 8 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1155.tmp"
Tue 8 Apr 2008 29,184 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1273.tmp"
Tue 8 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1316.tmp"
Tue 8 Apr 2008 27,648 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1562.tmp"
Tue 8 Apr 2008 31,744 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1568.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1625.tmp"
Tue 8 Apr 2008 27,136 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1658.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL1862.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL2218.tmp"
Tue 8 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL2298.tmp"
Tue 8 Apr 2008 28,672 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL2633.tmp"
Tue 8 Apr 2008 31,232 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL2643.tmp"
Tue 8 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL2978.tmp"
Tue 8 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3225.tmp"
Tue 8 Apr 2008 27,136 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3275.tmp"
Tue 8 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3308.tmp"
Tue 8 Apr 2008 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3327.tmp"
Tue 8 Apr 2008 28,672 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3353.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3456.tmp"
Tue 8 Apr 2008 27,136 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3545.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3603.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3779.tmp"
Tue 8 Apr 2008 29,184 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3948.tmp"
Tue 8 Apr 2008 31,232 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL3970.tmp"
Tue 8 Apr 2008 26,624 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL4002.tmp"
Tue 8 Apr 2008 29,696 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL4006.tmp"
Tue 8 Apr 2008 28,672 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL4033.tmp"
Tue 8 Apr 2008 30,208 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL4035.tmp"
Tue 8 Apr 2008 31,744 ...H. --- "C:\Documents and Settings\User\My Documents\grade12english\ISU\Essay1\~WRL4092.tmp"

Finished!


So, can anyone please help me out?

Edited by Malfion, 24 May 2008 - 11:39 AM.


BC AdBot (Login to Remove)

 


m

#2 Malfion

Malfion
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 26 May 2008 - 03:12 PM

I'm going to bump this so someone finds it. Its quite a ways back.
Anyway, the problem has increased to popups like superantispyware, and winanonymous.

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 PM

Posted 28 May 2008 - 10:26 AM

Hello Malfion and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:52 PM

Posted 26 June 2008 - 08:07 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users