|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
03-27-2007, 09:42 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 159
OS: 200/XP
|
spylocked
Ok I did something stupid. My fiancee wanted to see porn and I allowed an activex download. I now have spylocked and cannot get rid of it. The zlod trojan is also on my computer now.
I did a google search for spylocked and found a website I thought was legetimate. It provided a download that said it would remove spylocked. But when I ran it spyhunter installed. This program wants me to buy it in order to fix the problem. I will include the spyhunter log at the end of the post. I followed all steps 1 - 5 before posting and I appologize for doing something I knew I shouldn't do. But please help. Deckard's System Scanner v20070318.32 Run by Administrator on 2007-03-27 at 23:45:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2007-03-28 04:45:16 UTC - RP45 - Deckard's System Scanner Restore Point 3: 2007-03-28 04:11:52 UTC - RP44 - Software Distribution Service 2.0 2: 2007-03-28 03:50:38 UTC - RP43 - Software Distribution Service 2.0 1: 2007-03-28 03:49:44 UTC - RP42 - Software Distribution Service 2.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:47:42 PM, on 3/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\Mixer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe G:\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HIJACK~1\Administrator.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys R3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys R3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys R3 HSF_DP - c:\windows\system32\drivers\hsfdpsp2.sys R3 HSFHWBS2 - c:\windows\system32\drivers\hsfbs2s2.sys R3 winachsf - c:\windows\system32\drivers\hsfcxts2.sys S3 o1394bul - c:\docume~1\admini~1.gam\locals~1\temp\o1394bul.sys (file missing) S3 P1171VID (Creative WebCam Notebook #2) - c:\windows\system32\drivers\p1171vid.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Scheduled Tasks ------------------------------------------------------------- 2007-03-27 23:47:07 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB> 2007-03-26 22:42:09 344 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job<SPYBOT~1.JOB> -- Files created between 2007-02-27 and 2007-03-27 ----------------------------- 2007-03-27 23:16:17 221184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-03-27 23:16:02 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-03-27 23:14:29 0 d-------- C:\WINDOWS\system32\LogFiles 2007-03-27 23:14:29 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-03-27 23:12:26 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2> 2007-03-27 22:52:39 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1> 2007-03-27 22:46:09 21312 --a------ C:\WINDOWS\choice.exe 2007-03-27 22:45:40 0 d-------- C:\ie-spyad 2007-03-27 22:43:26 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2> 2007-03-27 22:38:51 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-03-27 22:38:50 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-03-27 21:16:16 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-27 20:24:43 0 d-------- C:\Program Files\Enigma Software Group<ENIGMA~1> 2007-03-26 22:31:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1> 2007-03-26 16:46:48 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2007-03-22 19:44:04 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-03-15 18:30:46 4622 --a------ C:\WINDOWS\unins000.dat 2007-03-15 11:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll 2007-03-15 11:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll 2007-03-08 22:30:37 0 d-------- C:\WINDOWS\Sun 2007-03-08 22:30:37 0 d-------- C:\Documents and Settings\Administrator.GAMERS\Application Data\Sun 2007-03-04 01:03:19 262144 --a------ C:\Documents and Settings\All Users.WINDOWS\ntuser.dat 2007-03-02 22:39:42 0 d--hs---- C:\Documents and Settings\Administrator.GAMERS\UserData 2007-03-02 01:07:22 0 d--hs---- C:\WINDOWS\CSC 2007-03-01 23:47:31 0 d-------- C:\Program Files\Windows Defender<WINDOW~4> 2007-03-01 23:38:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage<WINDOW~1> 2007-03-01 23:33:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! 2007-03-01 23  25 0 d-------- C:\Documents and Settings\Administrator.GAMERS\Application Data\Lavasoft2007-03-01 23:05:56 0 d-------- C:\Program Files\Lavasoft 2007-03-01 23:05:27 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-03-01 23:05:21 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-03-01 23:05:18 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-03-01 23:05:15 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-03-01 23:05:12 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-03-01 23:05:09 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-03-01 23:05:06 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-03-01 23:04:52 53760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-03-01 23:03:15 0 d-------- C:\WINDOWS\CtDrvInstall<CTDRVI~1> 2007-03-01 22:54:39 0 d-------- C:\logs 2007-03-01 22:54:38 0 d-------- C:\Documents and Settings\Administrator.GAMERS\ChikkaDefault<CHIKKA~1> 2007-03-01 22:54:28 0 d-------- C:\Program Files\Chikka Messenger<CHIKKA~1> 2007-03-01 22:36:33 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-03-01 22:36:30 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-03-01 22:36:28 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-03-01 22:36:26 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-03-01 22:36:24 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-03-01 22:36:22 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-03-01 22:36:21 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-03-01 22:36:19 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-03-01 22:36:16 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-03-01 22:36:15 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-03-01 22:36:12 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-03-01 22:36:06 4096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-03-01 22:36:06 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-03-01 22:36:06 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-03-01 21:50:21 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL> 2007-03-01 21:50:20 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL> 2007-03-01 21:50:19 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-03-01 21:50:18 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL> 2007-03-01 21:50:18 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL> 2007-03-01 21:50:18 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL> 2007-03-01 21:50:17 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-03-01 21:50:16 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL> 2007-03-01 21:50:16 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL> 2007-03-01 21:50:09 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-03-01 21:20:02 5242880 --ah----- C:\Documents and Settings\Administrator.GAMERS\NTUSER.DAT 2007-03-01 21:17:33 0 d--h----- C:\WINDOWS\system32\GroupPolicy<GROUPP~1> 2007-03-01 21:11:20 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1> 2007-03-01 21:11:18 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-03-01 21:11:16 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-03-01 19:39:10 348160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-03-01 19:39:10 499712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-03-01 19:34:32 786432 --ah----- C:\Documents and Settings\Kevin\NTUSER.DAT 2007-03-01 19:34:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1> 2007-03-01 19:28:07 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1> 2007-03-01 19:27:53 0 d-------- C:\WINDOWS\Prefetch 2007-03-01 19:27:51 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-03-01 19:27:38 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-03-01 19:24:04 0 d-------- C:\WINDOWS\system32\xircom 2007-03-01 19:23:43 262144 --ah----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT 2007-03-01 19:23:11 112128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-03-01 19:21:54 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM 2007-03-01 19:21:37 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1> 2007-03-01 19:21:37 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1> 2007-03-01 19:20:50 0 d-------- C:\WINDOWS\system32\DirectX 2007-03-01 19:20:31 11264 --a------ C:\WINDOWS\system32\atrace.dll 2007-03-01 19:20:24 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-03-01 19:20:23 64512 --a------ C:\WINDOWS\system32\acctres.dll 2007-03-01 19:20:22 0 d---s---- C:\WINDOWS\Tasks 2007-03-01 19:20:22 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-03-01 19:20:21 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-01 19:20:19 0 d-------- C:\WINDOWS\srchasst 2007-03-01 19:20:18 0 d-------- C:\WINDOWS\system32\Macromed 2007-03-01 19:20:13 173536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-03-01 19:20:12 41240 --a------ C:\WINDOWS\system32\wups.dll 2007-03-01 19:20:12 127256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-03-01 19:20:12 6656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-03-01 19:20:12 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-03-01 19:20:12 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-03-01 19:20:12 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-03-01 19:20:11 124184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-03-01 19:20:11 465176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-03-01 19:20:11 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-03-01 19:20:11 382464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-03-01 19:20:11 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-03-01 19:20:11 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-03-01 19:20:08 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-01 19:20:04 45568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-03-01 19:20:04 29696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-03-01 19:20:04 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-03-01 19:20:04 43520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-03-01 19:20:01 239104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-03-01 19:20:01 0 d-------- C:\WINDOWS\system32\Restore 2007-03-01 19:20:01 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-03-01 19:20:01 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-03-01 19:20:01 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-03-01 19:20:00 170496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-03-01 19:20:00 67584 --a------ C:\WINDOWS\system32\srclient.dll 2007-03-01 19:20:00 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-03-01 19:20:00 34560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-03-01 19:20:00 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-03-01 19:20:00 81920 --a------ C:\WINDOWS\system32\ils.dll 2007-03-01 19:20:00 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-03-01 19:19:59 69632 --a------ C:\WINDOWS\system32\msconf.dll 2007-03-01 19:19:59 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-03-01 19:19:57 105984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-03-01 19:19:57 252928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-03-01 19:19:56 48128 --a------ C:\WINDOWS\system32\inetres.dll 2007-03-01 19:19:56 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-03-01 19:19:55 190976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-03-01 19:19:55 12288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-03-01 19:19:55 274944 --a------ C:\WINDOWS\system32\mstask.dll 2007-03-01 19:19:54 81920 --a------ C:\WINDOWS\system32\isign32.dll 2007-03-01 19:19:54 274432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-03-01 19:19:54 65536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-03-01 19:19:54 73728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-03-01 19:18:57 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> 2007-03-01 19:18:36 0 d-------- C:\WINDOWS\Registration<REGIST~1> 2007-03-01 19:18:26 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-03-01 19:18:14 5632 --a------ C:\WINDOWS\system32\write.exe 2007-03-01 19:18:14 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-03-01 19:18:08 138752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-03-01 19:18:08 44544 --a------ C:\WINDOWS\system32\hticons.dll 2007-03-01 19:18:08 73216 --a------ C:\WINDOWS\system32\avwav.dll 2007-03-01 19:18:08 227840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-03-01 19:18:08 16384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-03-01 19:18:07 35328 --a------ C:\WINDOWS\system32\winchat.exe 2007-03-01 19:18:02 605696 --a------ C:\WINDOWS\system32\getuname.dll 2007-03-01 19:18:01 119808 --a------ C:\WINDOWS\system32\winmine.exe 2007-03-01 19:18:01 56832 --a------ C:\WINDOWS\system32\sol.exe 2007-03-01 19:18:01 126976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-03-01 19:18:01 80384 --a------ C:\WINDOWS\system32\charmap.exe 2007-03-01 19:18:01 114688 --a------ C:\WINDOWS\system32\calc.exe 2007-03-01 19:18:00 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-03-01 19:18:00 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-03-01 19:18:00 16384 --a------ C:\WINDOWS\system32\tskill.exe 2007-03-01 19:18:00 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-03-01 19:18:00 14848 --a------ C:\WINDOWS\system32\tscon.exe 2007-03-01 19:18:00 14848 --a------ C:\WINDOWS\system32\shadow.exe 2007-03-01 19:18:00 15872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-03-01 19:18:00 9728 --a------ C:\WINDOWS\system32\reset.exe 2007-03-01 19:18:00 33792 --a------ C:\WINDOWS\system32\regini.exe 2007-03-01 19:18:00 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-03-01 19:18:00 22016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-03-01 19:18:00 16896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-03-01 19:18:00 55296 --a------ C:\WINDOWS\system32\freecell.exe 2007-03-01 19:17:59 20992 --a------ C:\WINDOWS\system32\msg.exe 2007-03-01 19:17:59 15360 --a------ C:\WINDOWS\system32\logoff.exe 2007-03-01 19:17:59 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-03-01 19:17:59 15872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-03-01 19:17:58 54272 --a------ C:\WINDOWS\system32\stclient.dll 2007-03-01 19:17:58 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-03-01 19:17:58 4096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-03-01 19:17:58 20480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-03-01 19:17:58 147456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-03-01 19:17:58 97792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-03-01 19:17:58 25600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-03-01 19:17:39 131584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-03-01 19:17:39 123392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-03-01 19:17:39 347136 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-03-01 19:17:39 183808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-03-01 19:17:38 538624 --a------ C:\WINDOWS\system32\spider.exe 2007-03-01 19:17:38 343040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-03-01 19:17:38 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-03-01 19:17:38 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-03-01 19:17:38 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-03-01 19:17:38 102912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-03-01 19:17:37 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-03-01 19:17:37 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-03-01 19:17:37 295424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-03-01 19:17:37 140800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-03-01 19:17:37 60416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-03-01 19:17:37 67072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-03-01 19:17:37 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-03-01 19:17:37 147968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-03-01 19:17:37 655360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-03-01 19:17:37 407552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-03-01 19:17:36 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-03-01 19:17:36 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-03-01 19:17:36 62464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-03-01 19:17:36 20480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-03-01 19:17:36 91136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-03-01 19:17:36 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-03-01 19:17:36 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-03-01 19:17:36 0 d-------- C:\WINDOWS\system32\MsDtc 2007-03-01 19:17:36 11264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-03-01 19:17:36 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-03-01 19:17:35 11776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-03-01 19:17:35 956416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-03-01 19:17:35 58880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-03-01 19:17:35 6144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-03-01 19:17:35 0 d-------- C:\WINDOWS\system32\Com 2007-03-01 19:17:35 60416 --a------ C:\WINDOWS\system32\colbact.dll 2007-03-01 19:17:34 540160 --a------ C:\WINDOWS\system32\comuid.dll 2007-03-01 19:17:34 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-03-01 19:17:34 498688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-03-01 19:17:34 110080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-03-01 19:17:34 625152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-03-01 19:17:34 85504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-03-01 19:17:34 225792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-03-01 19:17:19 56320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-03-01 19:17:19 17408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-03-01 19:17:19 58880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-03-01 19:17:18 185344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-03-01 19:17:13 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-03-01 19:17:12 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-03-01 13:04:08 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-03-01 13:03:37 21504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-03-01 13:02:36 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-03-01 13:02:17 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2007-03-01 13:02:17 32285 --a------ C:\WINDOWS\system32\HSFCISP2.dll 2007-03-01 13:02:17 11868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-03-01 13:02:17 685056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys 2007-03-01 13:02:17 220032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys 2007-03-01 13:02:16 1041536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys 2007-03-01 13:02:12 66591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys 2007-03-01 13:01:57 74240 --a------ C:\WINDOWS\system32\usbui.dll 2007-03-01 13:01:45 701440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-03-01 13:01:45 516768 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-03-01 13:01:45 1888992 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-03-01 13:01:45 870784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-03-01 13:01:44 201728 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-03-01 13:01:44 229376 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-03-01 13:01:35 43008 --a------ C:\WINDOWS\system32\drivers\AMDAGP.SYS 2007-03-01 12:58:31 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1> 2007-03-01 12:58:26 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-03-01 12:58:23 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-03-01 12:58:23 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-03-01 12:58:23 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-03-01 12:58:21 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-03-01 12:58:21 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-03-01 12:58:20 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-03-01 12:58:20 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-03-01 12:58:20 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-03-01 12:58:19 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-03-01 12:58:19 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-03-01 12:58:19 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-03-01 12:58:19 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-03-01 12:58:18 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-03-01 12:58:18 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-03-01 12:58:18 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-03-01 12:58:18 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-03-01 12:58:18 6144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-03-01 12:58:17 5632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-03-01 12:58:17 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-03-01 12:58:17 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-03-01 12:58:17 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-03-01 12:58:17 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-03-01 12:58:15 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-03-01 12:58:10 24661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-03-01 12:58:10 13312 --a------ C:\WINDOWS\system32\irclass.dll 2007-03-01 12:58:10 85020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-03-01 12:58:10 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-03-01 12:58:09 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-03-01 12:58:09 9008 --a------ C:\WINDOWS\system\VER.DLL 2007-03-01 12:58:09 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-03-01 12:58:09 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-03-01 12:58:09 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-03-01 12:58:09 82944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-03-01 12:58:09 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-03-01 12:58:08 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-03-01 12:58:08 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-03-01 12:58:08 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-03-01 12:58:08 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-03-01 12:58:08 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-03-01 12:58:08 69584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-03-01 12:58:07 8704 --a------ C:\WINDOWS\system32\batt.dll 2007-03-01 12:58:07 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-03-01 12:58:07 69120 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-03-01 12:58:06 74752 --a------ C:\WINDOWS\system32\storprop.dll 2007-03-01 12:57:55 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents<DOCUME~1> 2007-03-01 12:57:37 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-03-01 12:57:37 0 d-------- C:\WINDOWS\system32\CatRoot 2007-03-01 12:50:59 0 d-------- C:\WINDOWS 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\WinSxS 2007-03-01 12:50:59 0 dr------- C:\WINDOWS\Web 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\twain_32 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\wins 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\wbem 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\usmt 2007-03-01 12:50:59 7168 --a-s---- C:\WINDOWS\system32\tahxqcj.dll 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\spool 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\ShellExt 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\Setup 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\ras 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\oobe 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\npp 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\mui 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\inetsrv 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\IME 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\icsxml 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\ias 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\export 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\drivers 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-03-01 12:50:59 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\dhcp 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\config 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\3076 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\2052 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1054 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1042 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1041 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1037 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1033 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1031 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1028 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system32\1025 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\system 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\security 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Resources<RESOUR~1> 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\repair 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1> 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\PeerNet 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\pchealth 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\mui 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\msapps 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\msagent 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Media 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\java 2007-03-01 12:50:59 0 d--h----- C:\WINDOWS\inf 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\ime 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Help 2007-03-01 12:50:59 0 dr--s---- C:\WINDOWS\Fonts 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\ehome 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1> 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Debug 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Cursors 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1> 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\Config 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\AppPatch 2007-03-01 12:50:59 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-03-27 22:59:44 0 d-------- C:\Documents and Settings\Administrator.GAMERS\Application Data\AVG7 2007-03-08 22:30:29 0 d-------- C:\Program Files\Java 2007-03-08 20:09:50 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-01 23:34:12 0 d-------- C:\Documents and Settings\Administrator.GAMERS\Application Data\Macromedia<MACROM~1> 2007-03-01 22:54:39 0 d---s---- C:\Documents and Settings\Administrator.GAMERS\Application Data\Microsoft<MICROS~1> 2007-03-01 21:57:07 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-01 21:20:13 0 d-------- C:\Documents and Settings\Administrator.GAMERS\Application Data\Identities<IDENTI~1> 2007-03-01 19:18:08 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-01 12:57:55 62 --ahs---- C:\Documents and Settings\Administrator.GAMERS\Application Data\desktop.ini 2007-02-15 17:21:52 0 d-------- C:\Program Files\Microsoft AntiSpyware<MICROS~3> 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "C-Media Mixer"="Mixer.exe /startup" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=dword:00000001 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-03-27 at 23:48:13 --------- Here is the Panda scan Incident Status Location Adware:Adware/Spylocked Not disinfected C:\WINDOWS\system32\tahxqcj.dll Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp Spyhunter: Log Contents provided by Enigma Software Group, Inc. ###########################Runnning Processes DATA########################### processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178 processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4 processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = MSMPENG.EXE File Size = 13592 File Path = C:\Program Files\Windows Defender\MsMpEng.exe ModuleMD5 = f45dd1e1365d857dd08bc23563370d0e processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f processName = AVGAMSVR.EXE File Size = 353792 File Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe ModuleMD5 = 708d06e4285b5db85876329ed672423b processName = AVGUPSVC.EXE File Size = 49664 File Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe ModuleMD5 = 30a14f65db477dc00a64a5a24e96919c processName = AVGEMC.EXE File Size = 324096 File Path = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe ModuleMD5 = b39e82a224434eb5f6995c99809efdd5 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64 processName = AVGCC.EXE File Size = 411648 File Path = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe ModuleMD5 = 2a62570d13f14f49218ce7b03caa9cb2 processName = MIXER.EXE File Size = 1818624 File Path = C:\WINDOWS\Mixer.exe ModuleMD5 = f83709d0bacba84d297183825f089d98 processName = MSASCUI.EXE File Size = 866584 File Path = C:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 77c03bf23ae56b0a31ae4d5bb4b3d0ac processName = JUSCHED.EXE File Size = 75520 File Path = C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe ModuleMD5 = edf5d27c6d244740418903626df5741a processName = TEATIMER.EXE File Size = 1038336 File Path = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ModuleMD5 = 58f7e6434d285f4c98ad3621e0bd8c8d processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 146e80454798088ce29eff0254637ceb ###########################REGISTRY MD5 DATA########################### <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=AVG7_CC Data=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP FileSize = 411648 MD5=2a62570d13f14f49218ce7b03caa9cb2 Name=C-Media Mixer Data=Mixer.exe /startup FileSize = 1818624 MD5=f83709d0bacba84d297183825f089d98 Name=Windows Defender Data="C:\Program Files\Windows Defender\MSASCui.exe" -hide FileSize = 866584 MD5=77c03bf23ae56b0a31ae4d5bb4b3d0ac Name=SunJavaUpdateSched Data="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" FileSize = 75520 MD5=edf5d27c6d244740418903626df5741a Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe FileSize = 2482176 MD5=146e80454798088ce29eff0254637ceb <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=SpybotSD TeaTimer Data=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe FileSize = 1038336 MD5=58f7e6434d285f4c98ad3621e0bd8c8d <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=AVG7_Run Data=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE FileSize = 145920 MD5=953b382a4140a8c37232d447ef942cca <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL> Explorer.exe FileSize = 1032192 MD5=a0732187050030ae399b241436565e64 <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT> C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff #############################FILE MD5 DATA############################# <C:\Documents and Settings\Administrator.GAMERS\Start Menu\Programs\Startup> File Path = C:\Documents and Settings\Administrator.GAMERS\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35 #############################SERVICES DATA############################# Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7 Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Avg7Alrt Service Display Name = AVG7 Alert Manager Server Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe Binary Size = 353792 Binary MD5 = 708d06e4285b5db85876329ed672423b Service Name = Avg7UpdSvc Service Display Name = AVG7 Update Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe Binary Size = 49664 Binary MD5 = 30a14f65db477dc00a64a5a24e96919c Service Name = AVGEMS Service Display Name = AVG E-mail Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe Binary Size = 324096 Binary MD5 = b39e82a224434eb5f6995c99809efdd5 Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 = Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = dmserver Service Display Name = Logical Disk Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 = Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = HidServ Service Display Name = HID Input Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = RemoteRegistry Service Display Name = Remote Registry Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 = Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 = Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 = Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = WinDefend Service Display Name = Windows Defender Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Windows Defender\MsMpEng.exe" Binary Size = 0 Binary MD5 = Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = #############################WINLOGON DATA############################# <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY> Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 236928 File MD5 = d7dcfb4d0c58ffb569de93e1681fd37a Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e ##########################BROWSER ADD-ON DATA########################## <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494528 File MD5 = c189ccf3f96c7caf7e5460b9b723dbc5 <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494528 File MD5 = c189ccf3f96c7caf7e5460b9b723dbc5 <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects> CLSID = {53707962-6F74-2D53-2644-206D7942484F} FilePath = C:\PROGRA~1\SPYBOT~1\SDHelper.dll File Size = 744960 File MD5 = abf5ba518c6a5ed104496ff42d19ad88 CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll File Size = 440056 File MD5 = 38c5be22267a9236e79b1401b5d71d04 <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions> CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = File Size = 0 File MD5 = CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions> CLSID = CmdMapping FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks> CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1494528 File MD5 = c189ccf3f96c7caf7e5460b9b723dbc5 Description = <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler> CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1023488 File MD5 = ea902275367aae68ecfdf0cbdb73d6e6 Description = Browseui preloader CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1023488 File MD5 = ea902275367aae68ecfdf0cbdb73d6e6 Description = Component Categories cache daemon CLSID = {9d6fac42-a7be-4702-87ef-75d8dc14249e} FilePath = C:\WINDOWS\system32\tahxqcj.dll File Size = 7168 File MD5 = c7837c26d06c5a11eeba5a433e81075e Description = hemine ##########################LSP CHAIN DATA########################## <HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS> Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 ##########################UNINSTALL DATA########################## <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL> Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall DisplayName = AVG 7.5 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Chikka Messenger V4 DisplayName = Chikka Messenger V4 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative PD1171 DisplayName = Creative WebCam Notebook Driver (1.04.01.0322) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Security Update for Windows XP (KB893756) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Security Update for Windows XP (KB896423) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Security Update for Windows XP (KB899587) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Security Update for Windows XP (KB899591) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Security Update for Windows XP (KB900725) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Security Update for Windows XP (KB901017) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Security Update for Windows XP (KB902400) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Security Update for Windows XP (KB905414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Security Update for Windows XP (KB905749) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Security Update for Windows XP (KB908519) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Update for Windows XP (KB908531) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Update for Windows XP (KB910437) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Update for Windows XP (KB911280) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Security Update for Windows Media Player (KB911564) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Security Update for Windows XP (KB911927) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Security Update for Windows XP (KB912919) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9 DisplayName = Security Update for Windows Media Player 9 (KB917734) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918118 DisplayName = Security Update for Windows XP (KB918118) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Security Update for Windows XP (KB920213) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 DisplayName = Security Update for Windows XP (KB923689) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923694 DisplayName = Security Update for Windows XP (KB923694) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923789 DisplayName = Security Update for Windows XP (KB923789) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Security Update for Windows XP (KB923980) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Security Update for Windows XP (KB924270) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924667 DisplayName = Security Update for Windows XP (KB924667) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Security Update for Windows Media Player 6.4 (KB925398) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Security Update for Windows XP (KB926255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926436 DisplayName = Security Update for Windows XP (KB926436) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927779 DisplayName = Security Update for Windows XP (KB927779) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927802 DisplayName = Security Update for Windows XP (KB927802) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928090 DisplayName = Security Update for Windows XP (KB928090) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928255 DisplayName = Security Update for Windows XP (KB928255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928843 DisplayName = Security Update for Windows XP (KB928843) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929338 DisplayName = Update for Windows XP (KB929338) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Security Update for Windows XP (KB929969) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931836 DisplayName = Update for Windows XP (KB931836) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Audio Driver DisplayName = PCI Audio Driver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName = Public Messenger ver 2.03 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Adobe Flash Player 9 ActiveX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1 DisplayName = Spybot - Search & Destroy 1.3 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify DisplayName = Windows Genuine Advantage Notifications (KB905474) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert DisplayName = Windows Safety Alert Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\X²-Plugins_is1 DisplayName = X²-Plugins, v1.03.03 InstallLocation = I:\Program Files\Enlight\X2 - The Threat\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger DisplayName = Yahoo! Messenger Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110} DisplayName = J2SE Runtime Environment 5.0 Update 11 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401} DisplayName = Windows Defender InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731} DisplayName = X2 - The Threat Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter Last edited by pccenterllc : 03-27-2007 at 09:44 PM. |
|
     
|
|
03-28-2007, 03:02 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 159
OS: 200/XP
|
Re: spylocked
I think I got it. Can you review my current HJT log and let me know for sure?
Thank you C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\Mixer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe |
|
|
|
|
04-04-2007, 10:37 AM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 19,020
OS: WinXP and Vista
|
Re: spylocked
Hello pccenterllc,
The fact that you had a variant of Smitfraud and when you clicked, SpyHunter downloaded does not bode well for SpyHunter. It was recently delisted from the rogueware list--perhaps they should review them once again. I would recommend uninstalling it due to it's past history and in view of this recent event with you. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool.
|
|
|
|
|
04-05-2007, 07:16 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 159
OS: 200/XP
|
Re: spylocked
Sorry I may have said that wrong. Spyhunter did not download with the Trojan. When I was searching for fixes on my own, the first one I found that said it could remove spylocked, turned out to be a spyhunter download. It detected the vlod trojan and other malware but when I went to have them removed it wanted me to buy the program first.
I have since learned that spyhunter is a legit program just not very good from what I have read. From now on I plan on only using TSF and bleeping computer get my computer fixed. The post you requested will be in a day or two as I just moved and my home computer is not currently set-up. I have been waiting for my internet to be installed. |
