PLEASE HELP ME I AM DESPERATE AND L.O.S.T.

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 22.1.2025 / 11:58

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help me i am desperate and l.o.s.t.

Browse by topic

Forums

Start a new thread

PLEASE HELP ME I AM DESPERATE AND L.O.S.T.

Jump to:

Posted

Message

NAT1976

Suspended due to non-functional email address

13. August 2006 @ 04:56

Link to this message

My PC has gone insane over the last few days and no matter what nothing is helping

I have run several scans, Spybot, A.V.G. AND ADAWARE and not one of them detect anything with my pc... and this has also been done in safe mode just in case...same result

Anyway, my CPU is running between 80% and 100% now and I am convinced all is not well

Also when I last checked I think my pc has copied itself and all of its files several times over in the last 4 hours so where does it all end

The only temporary relief is for about ONE HOUR and that is when I run SYSTEM RESTORE, but hey 10 restores in one day is a bit over the top considering that the restores take about 45 minutes each

PLEASE PLEASE HELP ME GUYS< I AM AT A LOST

I HAVE ENCLOSED EVERY BIT OF LOG FILE TYPE FROM HIJACK THIS there is for your advice

I am desperate and I am in MELBOURNE AUSTRALIA so if you would like to assist me you can do so...I have MSN and we can work on remote if need be ( ask for my id)

It is 11pm Sunday NIGHT and obviously I am not gonna get much sleep tonight so if anyone has any ideas, I REALLY WOULD APPRECIATE YOUR KIND HELP

MANY THANKS IN ADVANCE

NATALEE EPSTEEN

( missnataleejaneepsteen@hotmail.com )

( MSN 4 ME )

--------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:37:23 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Morpheus\Morpheus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\notepad.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: (no name) - {753C279B-F2A8-9946-D23A-C75C1BEAD5B1} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DTV-DVB MCE CI] "C:\Documents and Settings\Michael\MCECIConsole.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AAD29F-BAED-48CD-A2C2-68FD6E772482}: NameServer = 10.0.0.138
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

....................................................................

C:\WINDOWS\win.ini : s1 (4 bytes)
C:\WINDOWS\win.tmp : s1 (4 bytes)

..................................................................

StartupLis

t report,

8/13/200

6,

10:40:05

PM
StartupLis

t version:

1.52.2
Started

from :

C:\DOCU

ME~1\Mic

hael\LOC

ALS~1\Te

mp\Temp

orary

Directory

2 for

HijackThis.

zip\Hijack

This.EXE
Detected:

Windows

XP SP2

(WinNT

5.01.2600

)
Detected:

Internet

Explorer

v6.00 SP2

(6.00.290

0.2180)
* Using

default

options
*

Including

empty

and

uninterest

ing

sections
* Showing

rarely

important

sections
=======

=======

=======

=======

=======

=======

=======

=

Running

processes:

C:\WIND

OWS\Syst

em32\sms

s.exe
C:\WIND

OWS\syst

em32\win

logon.exe
C:\WIND

OWS\syst

em32\ser

vices.exe
C:\WIND

OWS\syst

em32\lsas

s.exe
C:\WIND

OWS\syst

em32\svc

host.exe
C:\Progra

m

Files\Win

dows

Defender\

MsMpEng

.exe
C:\WIND

OWS\Syst

em32\svc

host.exe
C:\WIND

OWS\syst

em32\spo

olsv.exe
C:\WIND

OWS\syst

em32\Ati

2evxx.exe
C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

amsvr.exe
C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

upsvc.exe
C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

emc.exe
C:\Progra

m

Files\Com

mon

Files\Micr

osoft

Shared\VS

7DEBUG\

MDM.EXE
C:\Progra

m

Files\Che

etah

Burner\C

heetah

DVD

Burner\N

MSAccess.

exe
C:\WIND

OWS\syst

em32\svc

host.exe
C:\WIND

OWS\Expl

orer.EXE
C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ju

sched.exe
C:\Progra

m

Files\Telst

ra\BigPon

d

Assist\ass

ist.exe
C:\Progra

m

Files\Win

amp\wina

mpa.exe
C:\Progra

m

Files\AOL

\Active

Security

Monitor\

ASMonito

r.exe
C:\Progra

m

Files\DAP

\DAP.EXE
C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

cc.exe
C:\WIND

OWS\syst

em32\ctf

mon.exe
C:\Progra

m

Files\Telst

ra\Toolba

r\bpumTr

ay.exe
C:\WIND

OWS\SOU

NDMAN.E

XE
C:\Progra

m

Files\Mess

enger\ms

msgs.exe
C:\Progra

m

Files\MSN

Messenge

r\msnmsg

r.exe
C:\Progra

m

Files\Ado

be\Acrob

at

6.0\Distill

r\acrotray

.exe
C:\Progra

m

Files\PC-T

V\WinMa

nager\Wi

nManager

.exe
C:\Progra

m

Files\Mor

pheus\Mo

rpheus.ex

e
C:\WIND

OWS\Syst

em32\svc

host.exe
C:\WIND

OWS\syst

em32\wsc

ntfy.exe
C:\Progra

m

Files\Outl

ook

Express\

msimn.ex

e
C:\PROGR

A~1\Lava

soft\AD-A

WA~1\Ad

-Aware.ex

e
C:\WIND

OWS\syst

em32\tas

kmgr.exe
C:\WIND

OWS\syst

em32\msi

exec.exe
C:\WIND

OWS\not

epad.exe
C:\DOCU

ME~1\Mic

hael\LOC

ALS~1\Te

mp\Temp

orary

Directory

2 for

HijackThis.

zip\Hijack

This.exe
C:\WIND

OWS\syst

em32\NO

TEPAD.EX

E
C:\WIND

OWS\not

epad.exe

------------------

------------------

--------------

Listing of

startup

folders:

Shell

folders

Startup:
[C:\Docu

ments

and

Settings\

Michael\S

tart

Menu\Pro

grams\Sta

rtup]
Morpheus

.lnk =

C:\Progra

m

Files\Mor

pheus\Mo

rpheus.ex

e

Shell

folders

AltStartup

:
*Folder

not

found*

User shell

folders

Startup:
*Folder

not

found*

User shell

folders

AltStartup

:
*Folder

not

found*

Shell

folders

Common

Startup:
[C:\Docu

ments

and

Settings\

All

Users\Star

t

Menu\Pro

grams\Sta

rtup]
Acrobat

Assistant.

lnk =

C:\Progra

m

Files\Ado

be\Acrob

at

6.0\Distill

r\acrotray

.exe
Adobe

Reader

Speed

Launch.ln

k =

C:\Progra

m

Files\Ado

be\Acrob

at

7.0\Reade

r\reader_s

l.exe
WinMana

ger.lnk =

C:\Progra

m

Files\PC-T

V\WinMa

nager\Wi

nManager

.exe

Shell

folders

Common

AltStartup

:
*Folder

not

found*

User shell

folders

Common

Startup:
*Folder

not

found*

User shell

folders

Alternate

Common

Startup:
*Folder

not

found*

------------------

------------------

--------------

Checking

Windows

NT

UserInit:

[HKLM\So

ftware\Mi

crosoft\W

indows

NT\Curre

ntVersion

\Winlogo

n]
UserInit =

C:\WIND

OWS\syst

em32\use

rinit.exe,

[HKLM\So

ftware\Mi

crosoft\W

indows\C

urrentVer

sion\Winl

ogon]
*Registry

key not

found*

[HKCU\So

ftware\Mi

crosoft\W

indows

NT\Curre

ntVersion

\Winlogo

n]
*Registry

value not

found*

[HKCU\So

ftware\Mi

crosoft\W

indows\C

urrentVer

sion\Winl

ogon]
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\Run

SunJavaU

pdateSch

ed =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ju

sched.exe
ecc =

C:\Progra

m

Files\Telst

ra\BigPon

d

Assist\ass

ist.exe
WinampA

gent =

C:\Progra

m

Files\Win

amp\wina

mpa.exe
ASM =

"C:\Progra

m

Files\AOL

\Active

Security

Monitor\

ASMonito

r.exe"
Downloa

dAccelera

tor =

"C:\Progra

m

Files\DAP

\DAP.EXE

"

/STARTUP
AVG7_CC

=

C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

cc.exe

/STARTUP
ATIPTA =

C:\Progra

m

Files\ATI

Technolo

gies\ATI

Control

Panel\atip

taxx.exe
Cmaudio

=

RunDll32

cmicnfg.c

pl,CMICtrl

Wnd
DTV-DVB

MCE CI =

"C:\Docu

ments

and

Settings\

Michael\

MCECICo

nsole.exe"
BigPond

Toolbar =

"C:\Progra

m

Files\Telst

ra\Toolba

r\bpumTr

ay.exe"
PCSuiteTr

ayApplica

tion =

C:\PROGR

A~1\Noki

a\NOKIAP

~1\LAUN

CH~1.EXE

-startup
SoundMa

n =

SOUNDM

AN.EXE

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nce

*No

values

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nceEx

*No

values

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvices

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvicesOnc

e

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\Run

MSMSGS =

"C:\Progra

m

Files\Mess

enger\ms

msgs.exe"

/backgro

und
ctfmon.ex

e =

C:\WIND

OWS\syst

em32\ctf

mon.exe
msnmsgr

=

"C:\Progra

m

Files\MSN

Messenge

r\msnmsg

r.exe"

/backgro

und
HijackThis

startup

scan =

C:\DOCU

ME~1\Mic

hael\LOC

ALS~1\Te

mp\Temp

orary

Directory

2 for

HijackThis.

zip\Hijack

This.exe

/startupsc

an
PcSync =

C:\Progra

m

Files\Noki

a\Nokia

PC Suite

6\PcSync

2.exe

/NoDialo

g

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nce

*No

values

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nceEx

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvices

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvicesOnc

e

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows

NT\Curre

ntVersion

\Run

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows

NT\Curre

ntVersion

\Run

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\Run

[Optional

Compone

nts]
*No

values

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nce
*No

subkeys

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nceEx
*No

subkeys

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvices
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvicesOnc

e
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\Run
*No

subkeys

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nce
*No

subkeys

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunO

nceEx
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvices
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\RunSe

rvicesOnc

e
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows

NT\Curre

ntVersion

\Run
*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries in

Registry

subkeys

of:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows

NT\Curre

ntVersion

\Run
*Registry

key not

found*

------------------

------------------

--------------

File

associatio

n entry

for .EXE:
HKEY_CL

ASSES_RO

OT\exefile

\shell\ope

n\comma

nd

(Default)

= "%1" %*

------------------

------------------

--------------

File

associatio

n entry

for .COM:
HKEY_CL

ASSES_RO

OT\comfil

e\shell\op

en\comm

and

(Default)

= "%1" %*

------------------

------------------

--------------

File

associatio

n entry

for .BAT:
HKEY_CL

ASSES_RO

OT\batfile

\shell\ope

n\comma

nd

(Default)

= "%1" %*

------------------

------------------

--------------

File

associatio

n entry

for .PIF:
HKEY_CL

ASSES_RO

OT\piffile

\shell\ope

n\comma

nd

(Default)

= "%1" %*

------------------

------------------

--------------

File

associatio

n entry

for .SCR:
HKEY_CL

ASSES_RO

OT\scrfile

\shell\ope

n\comma

nd

(Default)

= "%1" /S

------------------

------------------

--------------

File

associatio

n entry

for .HTA:
HKEY_CL

ASSES_RO

OT\htafile

\shell\ope

n\comma

nd

(Default)

=

C:\WIND

OWS\syst

em32\ms

hta.exe

"%1" %*

------------------

------------------

--------------

File

associatio

n entry

for .TXT:
HKEY_CL

ASSES_RO

OT\txtfile

\shell\ope

n\comma

nd

(Default)

=

%SystemR

oot%\syst

em32\NO

TEPAD.EX

E %1

------------------

------------------

--------------

Enumerati

ng Active

Setup

stub

paths:
HKLM\Sof

tware\Mic

rosoft\Act

ive

Setup\Inst

alled

Compone

nts
(* =

disabled

by HKCU

twin)

[>{22d6f3

12-b0f6-1

1d0-94ab-

0080c74c

7e95}]
StubPath

=

C:\WIND

OWS\inf\

unregmp2

.exe

/ShowWM

P

[>{26923

b43-4d38-

484f-9b9e

-de46074

6276c}] *
StubPath

=

%systemr

oot%\syst

em32\sh

mgrate.ex

e

OCInstall

UserConfi

gIE

[>{60B49

E34-C7CC

-11D0-89

53-00A0C

90347FF}

MICROS] *
StubPath

=

RunDLL3

2

IEDKCS32

.DLL,Bran

dIE4

SIGNUP

[>{881dd

1c5-3dcf-

431b-b06

1-f3f88e8

be88a}] *
StubPath

=

%systemr

oot%\syst

em32\sh

mgrate.ex

e

OCInstall

UserConfi

gOE

[{2C7339

CF-2B09-

4501-B3F

3-F3508C

9228ED}]

*
StubPath

=

%SystemR

oot%\syst

em32\reg

svr32.exe

/s /n

/i:/UserIn

stall

%SystemR

oot%\syst

em32\the

meui.dll

[{44BBA8

40-CC51-

11CF-AAF

A-00AA0

0B6015C}

] *
StubPath

=

"%Progra

mFiles%\

Outlook

Express\s

etup50.ex

e"

/APP:OE

/CALLER:

WINNT

/user

/install

[{44BBA8

42-CC51-

11CF-AAF

A-00AA0

0B6015B}

] *
StubPath

=

rundll32.e

xe

advpack.d

ll,LaunchI

NFSection

C:\WIND

OWS\INF\

msnetmtg

.inf,NetMt

g.Install.P

erUser.NT

[{4b218e

3e-bc98-4

770-93d3-

2731b93

29278}] *
StubPath

=

%SystemR

oot%\Syst

em32\run

dll32.exe

setupapi,I

nstallHinf

Section

Marketpla

ceLinkInst

all 896

%systemr

oot%\inf\i

e.inf

[{5945c0

46-1e7d-1

1d1-bc44-

00c04fd9

12be}] *
StubPath

=

rundll32.e

xe

advpack.d

ll,LaunchI

NFSection

C:\WIND

OWS\INF\

msmsgs.in

f,BLC.Qui

etInstall.P

erUser

[{6BF52A

52-394A-

11d3-B15

3-00C04F

79FAA6}]

*
StubPath

=

rundll32.e

xe

advpack.d

ll,LaunchI

NFSection

C:\WIND

OWS\INF\

wmp11.in

f,PerUserS

tub

[{779076

9C-0471-

11d2-AF1

1-00C04F

A35D02}]

*
StubPath

=

"%Progra

mFiles%\

Outlook

Express\s

etup50.ex

e"

/APP:WA

B

/CALLER:

WINNT

/user

/install

[{898202

00-ECBD-

11cf-8B85

-00AA005

B4340}] *
StubPath

=

regsvr32.

exe /s /n

/i:U

shell32.dll

[{898202

00-ECBD-

11cf-8B85

-00AA005

B4383}] *
StubPath

=

%SystemR

oot%\syst

em32\ie4

uinit.exe

[{89B4C1

CD-B018-

4511-B0A

1-5476DB

F70820}]

*
StubPath

=

C:\WIND

OWS\syst

em32\Ru

ndll32.ex

e

C:\WIND

OWS\syst

em32\msc

ories.dll,I

nstall

------------------

------------------

--------------

Enumerati

ng ICQ

Agent

Autostart

apps:
HKCU\Sof

tware\Mir

abilis\ICQ

\Agent\A

pps

*Registry

key not

found*

------------------

------------------

--------------

Load/Run

keys from

C:\WIND

OWS\WIN

.INI:

load=*INI

section

not

found*
run=*INI

section

not

found*

Load/Run

keys from

Registry:

HKLM\..\

Windows

NT\Curre

ntVersion

\WinLogo

n:

load=*Re

gistry

value not

found*
HKLM\..\

Windows

NT\Curre

ntVersion

\WinLogo

n:

run=*Regi

stry value

not

found*
HKLM\..\

Windows\

CurrentVe

rsion\Win

Logon:

load=*Re

gistry key

not

found*
HKLM\..\

Windows\

CurrentVe

rsion\Win

Logon:

run=*Regi

stry key

not

found*
HKCU\..\

Windows

NT\Curre

ntVersion

\WinLogo

n:

load=*Re

gistry

value not

found*
HKCU\..\

Windows

NT\Curre

ntVersion

\WinLogo

n:

run=*Regi

stry value

not

found*
HKCU\..\

Windows\

CurrentVe

rsion\Win

Logon:

load=*Re

gistry key

not

found*
HKCU\..\

Windows\

CurrentVe

rsion\Win

Logon:

run=*Regi

stry key

not

found*
HKCU\..\

Windows

NT\Curre

ntVersion

\Windows

: load=
HKCU\..\

Windows

NT\Curre

ntVersion

\Windows

:

run=*Regi

stry value

not

found*
HKLM\..\

Windows

NT\Curre

ntVersion

\Windows

:

load=*Re

gistry

value not

found*
HKLM\..\

Windows

NT\Curre

ntVersion

\Windows

:

run=*Regi

stry value

not

found*
HKLM\..\

Windows

NT\Curre

ntVersion

\Windows

:

AppInit_D

LLs=

------------------

------------------

--------------

Shell &

screensav

er key

from

C:\WIND

OWS\SYS

TEM.INI:

Shell=*INI

section

not

found*
SCRNSAV

E.EXE=*I

NI section

not

found*
drivers=*I

NI section

not

found*

Shell &

screensav

er key

from

Registry:

Shell=Expl

orer.exe
SCRNSAV

E.EXE=C:\

WINDOW

S\system3

2\logon.s

cr
drivers=*

Registry

value not

found*

Policies

Shell key:

HKCU\..\P

olicies:

Shell=*Re

gistry key

not

found*
HKLM\..\P

olicies:

Shell=*Re

gistry

value not

found*

------------------

------------------

--------------

Checking

for

EXPLORE

R.EXE

instances:

C:\WIND

OWS\Expl

orer.exe:

PRESENT!

C:\Explor

er.exe:

not

present
C:\WIND

OWS\Expl

orer\Expl

orer.exe:

not

present
C:\WIND

OWS\Syst

em\Explor

er.exe:

not

present
C:\WIND

OWS\Syst

em32\Exp

lorer.exe:

not

present
C:\WIND

OWS\Com

mand\Exp

lorer.exe:

not

present
C:\WIND

OWS\Fon

ts\Explore

r.exe: not

present

------------------

------------------

--------------

Checking

for

superhidd

en

extension

s:

.lnk:

HIDDEN!

(arrow

overlay:

yes)
.pif:

HIDDEN!

(arrow

overlay:

yes)
.exe: not

hidden
.com: not

hidden
.bat: not

hidden
.hta: not

hidden
.scr: not

hidden
.shs:

HIDDEN!
.shb:

HIDDEN!
.vbs: not

hidden
.vbe: not

hidden
.wsh: not

hidden
.scf:

HIDDEN!

(arrow

overlay:

NO!)
.url:

HIDDEN!

(arrow

overlay:

yes)
.js: not

hidden
.jse: not

hidden

------------------

------------------

--------------

Verifying

REGEDIT.

EXE

integrity:

-

Regedit.e

xe found

in

C:\WIND

OWS
- .reg

open

command

is normal

(regedit.e

xe %1)
-

Company

name OK:

'Microsoft

Corporati

on'
- Original

filename

OK:

'REGEDIT.

EXE'
- File

descriptio

n:

'Registry

Editor'

Registry

check

passed

------------------

------------------

--------------

Enumerati

ng

Browser

Helper

Objects:

(no name)

-

C:\Progra

m

Files\Yah

oo!\Comp

anion\Ins

talls\cpn\

yt.dll -

{02478D3

8-C3F9-4E

FB-9B51-

7695ECA

05670}
(no name)

-

C:\Progra

m

Files\Ado

be\Acrob

at

6.0\Acrob

at\Active

X\AcroIE

Helper.dll

-

{06849E9

F-C8D7-4

D59-B87D

-784B7D6

BE0B3}
(no name)

-

C:\Progra

m

Files\Telst

ra\Toolba

r\bpumTo

olBand.dll

-

{4C7B6D

E1-99A4-

4CF1-8B4

4-688899

00E1D0}
(no name)

-

C:\Progra

m

Files\Spyb

ot -

Search &

Destroy\S

DHelper.d

ll -

{5370796

2-6F74-2

D53-2644

-206D794

2484F}
(no name)

-

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ss

v.dll -

{761497B

B-D6F0-4

62C-B6EB

-D4DAF1

D92D43}
(no name)

-

c:\progra

m

files\goog

le\google

toolbar2.

dll -

{AA58ED

58-01DD-

4d91-833

3-CF1057

7473F7}
(no name)

-

C:\Progra

m

Files\Ado

be\Acrob

at

6.0\Acrob

at\AcroIE

FavClient.

dll -

{AE7CD0

45-E861-4

84f-8273-

0445EE1

61910}
(no name)

-

C:\PROGR

A~1\MOR

PHE~1\M

ORPHE~1

.DLL -

{E552EEF

C-DE97-4

5D4-BA1

A-F534A1

B4A579}

------------------

------------------

--------------

Enumerati

ng Task

Scheduler

jobs:

MP

Scheduled

Scan.job
[X codec

Pack]

uninstall.j

ob

------------------

------------------

--------------

Enumerati

ng

Downloa

d

Program

Files:

[Microsoft

XML

Parser for

Java]
CODEBAS

E =

file:///C:/

WINDOW

S/Java/cla

sses/xmld

so.cab
OSD =

C:\WIND

OWS\Do

wnloaded

Program

Files\Micr

osoft XML

Parser for

Java.osd

[{02BF25

D5-8C17-

4B23-BC8

0-D3488A

BDDC6B}]
CODEBAS

E =

http://ww

w.apple.c

om/qtacti

vex/qtplu

gin.cab

[asusTek_

sysctrl

Class]
InProcSer

ver32 =

C:\WIND

OWS\DO

WNLO~1\

ASUSTE~

1.DLL
CODEBAS

E =

http://sup

port.asus.

com/com

mon/asus

Tek_sys_c

trl.cab

[Windows

Genuine

Advantag

e

Validatio

n Tool]
InProcSer

ver32 =

C:\WIND

OWS\syst

em32\legi

tcheckcon

trol.dll
CODEBAS

E =

http://go.

microsoft.

com/fwlin

k/?linkid=

39204

[YInstStar

ter Class]
InProcSer

ver32 =

C:\WIND

OWS\Do

wnloaded

Program

Files\yinst

helper.dll
CODEBAS

E =

http://us.

dl1.yimg.c

om/downl

oad.yaho

o.com/dl/

yinst/yins

t_current.

cab

[Office

Update

Installatio

n Engine]
InProcSer

ver32 =

C:\WIND

OWS\opu

c.dll
CODEBAS

E =

http://offi

ce.micros

oft.com/o

fficeupdat

e/content

/opuc3.ca

b

[WUWeb

Control

Class]
InProcSer

ver32 =

C:\WIND

OWS\syst

em32\wu

web.dll
CODEBAS

E =

http://up

date.micr

osoft.com

/windows

update/v

6/V5Cont

rols/en/x

86/client/

wuweb_si

te.cab?11

4566803

4457

[MUWebC

ontrol

Class]
InProcSer

ver32 =

C:\WIND

OWS\syst

em32\mu

web.dll
CODEBAS

E =

http://up

date.micr

osoft.com

/microsoft

update/v

6/V5Cont

rols/en/x

86/client/

muweb_si

te.cab?11

4666962

6078

[Java

Plug-in]
InProcSer

ver32 =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ss

v.dll
CODEBAS

E =

http://jav

a.sun.com

/update/1

.5.0/jinsta

ll-1_5_0_0

7-window

s-i586.cab

[MsnMess

engerSetu

pDownlo

adControl

Class]
InProcSer

ver32 =

C:\WIND

OWS\Do

wnloaded

Program

Files\Msn

Messenge

rSetupDo

wnloader.

ocx
CODEBAS

E =

http://me

ssenger.m

sn.com/d

ownload/

MsnMesse

ngerSetup

Downloa

der.cab

[Java

Plug-in]
InProcSer

ver32 =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ss

v.dll
CODEBAS

E =

http://jav

a.sun.com

/update/1

.5.0/jinsta

ll-1_5_0_0

1-window

s-i586.cab

[Java

Plug-in]
InProcSer

ver32 =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ss

v.dll
CODEBAS

E =

http://jav

a.sun.com

/update/1

.5.0/jinsta

ll-1_5_0_0

6-window

s-i586.cab

[Java

Plug-in]
InProcSer

ver32 =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\ss

v.dll
CODEBAS

E =

http://jav

a.sun.com

/update/1

.5.0/jinsta

ll-1_5_0_0

7-window

s-i586.cab

[Java

Plug-in

1.5.0_07]
InProcSer

ver32 =

C:\Progra

m

Files\Java

\jre1.5.0_

07\bin\np

jpi150_07

.dll
CODEBAS

E =

http://jav

a.sun.com

/update/1

.5.0/jinsta

ll-1_5_0_0

7-window

s-i586.cab

[Shockwa

ve Flash

Object]
InProcSer

ver32 =

C:\WIND

OWS\syst

em32\Ma

cromed\Fl

ash\Flash

8b.ocx
CODEBAS

E =

http://do

wnload.m

acromedi

a.com/pu

b/shockw

ave/cabs/

flash/swfl

ash.cab

------------------

------------------

--------------

Enumerati

ng

Winsock

LSP files:

NameSpa

ce #1:

C:\WIND

OWS\Syst

em32\ms

wsock.dll
NameSpa

ce #2:

C:\WIND

OWS\Syst

em32\win

rnr.dll
NameSpa

ce #3:

C:\WIND

OWS\Syst

em32\ms

wsock.dll
Protocol

#1:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#2:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#3:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#4:

C:\WIND

OWS\syst

em32\rsv

psp.dll
Protocol

#5:

C:\WIND

OWS\syst

em32\rsv

psp.dll
Protocol

#6:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#7:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#8:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#9:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#10:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#11:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#12:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#13:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#14:

C:\WIND

OWS\syst

em32\ms

wsock.dll
Protocol

#15:

C:\WIND

OWS\syst

em32\ms

wsock.dll

------------------

------------------

--------------

Enumerati

ng

Windows

NT/2000/

XP

services

DVB-TV

878 BDA

Driver:

System32

\Drivers\8

78BDA.sy

s (system)
Microsoft

ACPI

Driver:

system32

\DRIVERS

\ACPI.sys

(system)
Microsoft

Kernel

Acoustic

Echo

Canceller:

system32

\drivers\a

ec.sys

(manual

start)
AFD:

\SystemR

oot\Syste

m32\drive

rs\afd.sys

(system)
Service

for WDM

3D Audio

Driver:

system32

\drivers\A

LCXSENS.

SYS

(manual

start)
Service

for

Realtek

AC97

Audio

(WDM):

system32

\drivers\A

LCXWDM.

SYS

(manual

start)
Alerter:

%SystemR

oot%\syst

em32\svc

host.exe

-k

LocalServi

ce

(disabled)
Applicatio

n Layer

Gateway

Service:

%SystemR

oot%\Syst

em32\alg.

exe

(manual

start)
Applicatio

n

Managem

ent:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
ASP.NET

State

Service:

%SystemR

oot%\Micr

osoft.NET

\Framewo

rk\v2.0.5

0727\asp

net_state.

exe

(manual

start)
RAS

Asynchro

nous

Media

Driver:

system32

\DRIVERS

\asyncma

c.sys

(manual

start)
Standard

IDE/ESDI

Hard Disk

Controller

:

system32

\DRIVERS

\atapi.sys

(system)
Ati

HotKey

Poller:

%SystemR

oot%\syst

em32\Ati

2evxx.exe

(autostart

)
ATI Smart:

C:\WIND

OWS\syst

em32\ati

2sgag.exe

(autostart

)
ati2mtag:

system32

\DRIVERS

\ati2mtag

.sys

(manual

start)
ATM ARP

Client

Protocol:

system32

\DRIVERS

\atmarpc.

sys

(manual

start)
Windows

Audio:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Audio

Stub

Driver:

system32

\DRIVERS

\audstub.

sys

(manual

start)
AVG7

Alert

Manager

Server:

C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

amsvr.exe

(autostart

)
AVG7

Kernel:

\SystemR

oot\Syste

m32\Driv

ers\avg7c

ore.sys

(system)
AVG7

Wrap

Driver:

\SystemR

oot\Syste

m32\Driv

ers\avg7r

sw.sys

(system)
AVG7

Resident

Driver XP:

\SystemR

oot\Syste

m32\Driv

ers\avg7r

sxp.sys

(system)
AVG7

Update

Service:

C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

upsvc.exe

(autostart

)
AVG

E-mail

Scanner:

C:\PROGR

A~1\Gris

oft\AVGF

RE~1\avg

emc.exe

(autostart

)
AVG

Network

Redirector

:

\SystemR

oot\Syste

m32\Driv

ers\avgtdi

.sys

(autostart

)
Belarc

SMBios

Access:

\SystemR

oot\Syste

m32\Driv

ers\BANT

Ext.sys

(system)
Backgrou

nd

Intelligent

Transfer

Service:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Computer

Browser:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Closed

Caption

Decoder:

system32

\DRIVERS

\CCDECO

DE.sys

(manual

start)
CdaC15B

A:

\??\C:\WI

NDOWS\s

ystem32\

drivers\C

DAC15BA

.SYS

(autostart

)
CD-ROM

Driver:

system32

\DRIVERS

\cdrom.sy

s (system)
Indexing

Service:

%SystemR

oot%\syst

em32\cisv

c.exe

(manual

start)
ClipBook:

%SystemR

oot%\syst

em32\clip

srv.exe

(disabled)
.NET

Runtime

Optimizat

ion

Service

v2.0.5072

7_X86:

C:\WIND

OWS\Micr

osoft.NET

\Framewo

rk\v2.0.5

0727\msc

orsvw.exe

(manual

start)
C-Media

WDM

Audio

Interface:

system32

\drivers\c

muda.sys

(manual

start)
COM+

System

Applicatio

n:

C:\WIND

OWS\syst

em32\dllh

ost.exe

/Processid

:{02D4B3

F1-FD88-

11D1-960

D-00805F

C79235}

(manual

start)
Cryptogra

phic

Services:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
DCOM

Server

Process

Launcher:

%SystemR

oot%\syst

em32\svc

host -k

DcomLau

nch

(autostart

)
DHCP

Client:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Disk

Driver:

system32

\DRIVERS

\disk.sys

(system)
Logical

Disk

Manager

Administr

ative

Service:

%SystemR

oot%\Syst

em32\dm

admin.exe

/com

(manual

start)
dmboot:

System32

\drivers\d

mboot.sys

(disabled)
dmio:

System32

\drivers\d

mio.sys

(disabled)
dmload:

System32

\drivers\d

mload.sys

(disabled)
Logical

Disk

Manager:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)
Microsoft

Kernel

DLS

Syntheisz

er:

system32

\drivers\D

Music.sys

(manual

start)
DNS

Client:

%SystemR

oot%\syst

em32\svc

host.exe

-k

NetworkS

ervice

(autostart

)
Microsoft

Kernel

DRM

Audio

Descramb

ler:

system32

\drivers\d

rmkaud.sy

s (manual

start)
DtvAudio:

system32

\DRIVERS

\DtvAudi

o.sys

(manual

start)
DtvVideo:

system32

\DRIVERS

\DtvVideo

.sys

(manual

start)
Error

Reporting

Service:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Event

Log:

%SystemR

oot%\syst

em32\ser

vices.exe

(autostart

)
COM+

Event

System:

C:\WIND

OWS\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
Fast User

Switching

Compatibi

lity:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)
Floppy

Disk

Controller

Driver:

system32

\DRIVERS

\fdc.sys

(manual

start)
VIA PCI

10/100M

b Fast

Ethernet

Adapter

NT Driver:

system32

\DRIVERS

\fetnd5.sy

s (manual

start)
Floppy

Disk

Driver:

system32

\DRIVERS

\flpydisk.s

ys

(manual

start)
FltMgr:

system32

\DRIVERS

\fltMgr.sy

s (system)
Volume

Manager

Driver:

system32

\DRIVERS

\ftdisk.sys

(system)
GMSIPCI:

\??\E:\INS

TALL\GM

SIPCI.SYS

(manual

start)
Generic

Packet

Classifier:

system32

\DRIVERS

\msgpc.sy

s (manual

start)
Help and

Support:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Human

Interface

Device

Access:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(disabled)
Microsoft

HID Class

Driver:

system32

\DRIVERS

\hidusb.s

ys

(manual

start)
HSFHWBS

2:

system32

\DRIVERS

\HSFBS2S

2.sys

(manual

start)
HSF_DP:

system32

\DRIVERS

\HSFDPSP

2.sys

(manual

start)
HTTP:

System32

\Drivers\

HTTP.sys

(manual

start)
HTTP SSL:

%SystemR

oot%\Syst

em32\svc

host.exe

-k

HTTPFilte

r (manual

start)
i8042

Keyboard

and PS/2

Mouse

Port

Driver:

system32

\DRIVERS

\i8042prt.

sys

(system)
InstallDriv

er Table

Manager:

"C:\Progra

m

Files\Com

mon

Files\Inst

allShield\

Driver\11

\Intel

32\IDriver

T.exe"

(manual

start)
CD-Burnin

g Filter

Driver:

system32

\DRIVERS

\imapi.sys

(system)
IMAPI

CD-Burnin

g COM

Service:

C:\WIND

OWS\syst

em32\ima

pi.exe

(manual

start)
Intel

Processor

Driver:

system32

\DRIVERS

\intelppm.

sys

(system)
IPv6

Windows

firewall

Driver:

system32

\DRIVERS

\Ip6Fw.sy

s (manual

start)
IP Traffic

Filter

Driver:

system32

\DRIVERS

\ipfltdrv.s

ys

(manual

start)
IP in IP

Tunnel

Driver:

system32

\DRIVERS

\ipinip.sys

(manual

start)
IP

Network

Address

Translator

:

system32

\DRIVERS

\ipnat.sys

(manual

start)
iPodServic

e:

C:\Progra

m

Files\iPod

\bin\iPod

Service.ex

e (manual

start)
IPSEC

driver:

system32

\DRIVERS

\ipsec.sys

(system)
IR

Enumerat

or Service:

system32

\DRIVERS

\irenum.s

ys

(manual

start)
PnP

ISA/EISA

Bus

Driver:

system32

\DRIVERS

\isapnp.sy

s (system)
Keyboard

Class

Driver:

system32

\DRIVERS

\kbdclass.

sys

(system)
Microsoft

Kernel

Wave

Audio

Mixer:

system32

\drivers\k

mixer.sys

(manual

start)
Server:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Workstati

on:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
TCP/IP

NetBIOS

Helper:

%SystemR

oot%\syst

em32\svc

host.exe

-k

LocalServi

ce

(autostart

)
Machine

Debug

Manager:

"C:\Progra

m

Files\Com

mon

Files\Micr

osoft

Shared\VS

7DEBUG\

MDM.EXE

"

(autostart

)
mdmxsdk:

system32

\DRIVERS

\mdmxsd

k.sys

(autostart

)
Messenge

r:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(disabled)
NetMeeti

ng

Remote

Desktop

Sharing:

C:\WIND

OWS\syst

em32\mn

msrvc.exe

(manual

start)
Unimode

m

Streaming

Filter

Device:

system32

\drivers\

MODEMC

SA.sys

(manual

start)
Mouse

Class

Driver:

system32

\DRIVERS

\mouclass

.sys

(system)
Mouse

HID

Driver:

system32

\DRIVERS

\mouhid.s

ys

(manual

start)
BDA MPE

Filter:

system32

\DRIVERS

\MPE.sys

(manual

start)
WebDav

Client

Redirector

:

system32

\DRIVERS

\mrxdav.s

ys

(manual

start)
MRXSMB:

system32

\DRIVERS

\mrxsmb.s

ys

(system)
Distribute

d

Transacti

on

Coordinat

or:

C:\WIND

OWS\syst

em32\ms

dtc.exe

(manual

start)
Windows

Installer:

C:\WIND

OWS\syst

em32\msi

exec.exe

/V

(manual

start)
Microsoft

Streaming

Service

Proxy:

system32

\drivers\

MSKSSRV.

sys

(manual

start)
Microsoft

Streaming

Clock

Proxy:

system32

\drivers\

MSPCLOC

K.sys

(manual

start)
Microsoft

Streaming

Quality

Manager

Proxy:

system32

\drivers\

MSPQM.sy

s (manual

start)
Microsoft

System

Managem

ent BIOS

Driver:

system32

\DRIVERS

\mssmbio

s.sys

(manual

start)
Microsoft

Streaming

Tee/Sink-t

o-Sink

Converter

:

system32

\drivers\

MSTEE.sy

s (manual

start)
NABTS/FE

C VBI

Codec:

system32

\DRIVERS

\NABTSFE

C.sys

(manual

start)
Microsoft

TV/Video

Connectio

n:

system32

\DRIVERS

\NdisIP.sy

s (manual

start)
Remote

Access

NDIS TAPI

Driver:

system32

\DRIVERS

\ndistapi.

sys

(manual

start)
NDIS

Usermode

I/O

Protocol:

system32

\DRIVERS

\ndisuio.s

ys

(manual

start)
Remote

Access

NDIS

WAN

Driver:

system32

\DRIVERS

\ndiswan.

sys

(manual

start)
NetBIOS

Interface:

system32

\DRIVERS

\netbios.s

ys

(system)
NetBios

over

Tcpip:

system32

\DRIVERS

\netbt.sys

(system)
Network

DDE:

%SystemR

oot%\syst

em32\net

dde.exe

(disabled)
Network

DDE

DSDM:

%SystemR

oot%\syst

em32\net

dde.exe

(disabled)
Net

Logon:

%SystemR

oot%\syst

em32\lsas

s.exe

(manual

start)
Network

Connectio

ns:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)
Network

Location

Awarenes

s (NLA):

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
NMSAcces

s:

C:\Progra

m

Files\Che

etah

Burner\C

heetah

DVD

Burner\N

MSAccess.

exe

(autostart

)
NT LM

Security

Support

Provider:

%SystemR

oot%\syst

em32\lsas

s.exe

(manual

start)
Removabl

e Storage:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
IPX Traffic

Filter

Driver:

system32

\DRIVERS

\nwlnkflt.

sys

(manual

start)
IPX Traffic

Forwarde

r Driver:

system32

\DRIVERS

\nwlnkfw

d.sys

(manual

start)
Office

Source

Engine:

"C:\Progra

m

Files\Com

mon

Files\Micr

osoft

Shared\So

urce

Engine\O

SE.EXE"

(manual

start)
Parallel

port

driver:

system32

\DRIVERS

\parport.s

ys

(manual

start)
PCI Bus

Driver:

system32

\DRIVERS

\pci.sys

(system)
PCIIde:

system32

\DRIVERS

\pciide.sy

s (system)
VSO

Software

pcouffin:

System32

\Drivers\p

couffin.sy

s (manual

start)
Padus

ASPI Shell:

system32

\drivers\p

fc.sys

(manual

start)
Plug and

Play:

%SystemR

oot%\syst

em32\ser

vices.exe

(autostart

)
IPSEC

Services:

%SystemR

oot%\syst

em32\lsas

s.exe

(autostart

)
WAN

Miniport

(PPTP):

system32

\DRIVERS

\raspptp.s

ys

(manual

start)
Protected

Storage:

%SystemR

oot%\syst

em32\lsas

s.exe

(autostart

)
QoS

Packet

Scheduler:

system32

\DRIVERS

\psched.s

ys

(manual

start)
Direct

Parallel

Link

Driver:

system32

\DRIVERS

\ptilink.sy

s (manual

start)
PxHelp20:

System32

\Drivers\P

xHelp20.s

ys

(system)
Remote

Access

Auto

Connectio

n Driver:

system32

\DRIVERS

\rasacd.sy

s (system)
Remote

Access

Auto

Connectio

n

Manager:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
WAN

Miniport

(L2TP):

system32

\DRIVERS

\rasl2tp.s

ys

(manual

start)
Remote

Access

Connectio

n

Manager:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(manual

start)
Remote

Access

PPPOE

Driver:

system32

\DRIVERS

\raspppoe

.sys

(manual

start)
Direct

Parallel:

system32

\DRIVERS

\raspti.sys

(manual

start)
Rdbss:

system32

\DRIVERS

\rdbss.sys

(system)
RDPCDD:

System32

\DRIVERS

\RDPCDD.

sys

(system)
Remote

Desktop

Help

Session

Manager:

C:\WIND

OWS\syst

em32\ses

smgr.exe

(manual

start)
Digital CD

Audio

Playback

Filter

Driver:

system32

\DRIVERS

\redbook.

sys

(system)
Routing

and

Remote

Access:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(disabled)
Remote

Procedure

Call (RPC)

Locator:

%SystemR

oot%\syst

em32\loc

ator.exe

(manual

start)
Remote

Procedure

Call (RPC):

%SystemR

oot%\syst

em32\svc

host -k

rpcss

(autostart

)
QoS RSVP:

%SystemR

oot%\syst

em32\rsv

p.exe

(manual

start)
Security

Accounts

Manager:

%SystemR

oot%\syst

em32\lsas

s.exe

(autostart

)
Smart

Card:

%SystemR

oot%\Syst

em32\SCa

rdSvr.exe

(manual

start)
Task

Scheduler:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Secdrv:

system32

\DRIVERS

\secdrv.sy

s (manual

start)
Secondar

y Logon:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
System

Event

Notificati

on:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Serenum

Filter

Driver:

system32

\DRIVERS

\serenum.

sys

(manual

start)
Serial port

driver:

system32

\DRIVERS

\serial.sys

(system)
ServiceLa

yer:

"C:\Progra

m

Files\Com

mon

Files\PCS

uite\Servi

ces\Servic

eLayer.ex

e"

(manual

start)
Windows

Firewall/I

nternet

Connectio

n Sharing

(ICS):

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Shell

Hardware

Detection:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
BDA Slip

De-Framer

:

system32

\DRIVERS

\SLIP.sys

(manual

start)
Microsoft

Kernel

Audio

Splitter:

system32

\drivers\s

plitter.sys

(manual

start)
Print

Spooler:

%SystemR

oot%\syst

em32\spo

olsv.exe

(autostart

)
System

Restore

Filter

Driver:

system32

\DRIVERS

\sr.sys

(system)
System

Restore

Service:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Srv:

system32

\DRIVERS

\srv.sys

(manual

start)
SSDP

Discovery

Service:

%SystemR

oot%\syst

em32\svc

host.exe

-k

LocalServi

ce

(manual

start)
Windows

Image

Acquisitio

n (WIA):

%SystemR

oot%\syst

em32\svc

host.exe

-k imgsvc

(autostart

)
BDA

IPSink:

system32

\DRIVERS

\StreamIP.

sys

(manual

start)
Software

Bus

Driver:

system32

\DRIVERS

\swenum.

sys

(manual

start)
Microsoft

Kernel GS

Wavetabl

e

Synthesiz

er:

system32

\drivers\s

wmidi.sys

(manual

start)
MS

Software

Shadow

Copy

Provider:

C:\WIND

OWS\syst

em32\dllh

ost.exe

/Processid

:{A1DD0C

35-2E28-4

DD8-8D6

E-618627

509033}

(manual

start)
Microsoft

Kernel

System

Audio

Device:

system32

\drivers\s

ysaudio.s

ys

(manual

start)
Performa

nce Logs

and

Alerts:

%SystemR

oot%\syst

em32\sml

ogsvc.exe

(manual

start)
Telephon

y:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)
TCP/IP

Protocol

Driver:

system32

\DRIVERS

\tcpip.sys

(system)
Terminal

Device

Driver:

system32

\DRIVERS

\termdd.s

ys

(system)
Terminal

Services:

%SystemR

oot%\Syst

em32\svc

host -k

DComLau

nch

(manual

start)
Themes:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Distribute

d Link

Tracking

Client:

%SystemR

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
LGE

U8XXX

driver

(WDM):

system32

\DRIVERS

\U81xbus

.sys

(manual

start)
LGE

U8XXX

USB WMC

Modem

Filter:

system32

\DRIVERS

\U81xmdf

l.sys

(manual

start)
LGE

U8XXX

USB WMC

Modem

Driver:

system32

\DRIVERS

\U81xmd

m.sys

(manual

start)
LGE

U8XXX

USB WMC

Device

Managem

ent

Drivers

(WDM):

system32

\DRIVERS

\U81xmg

mt.sys

(manual

start)
LGE

U8XXX

USB WMC

OBEX

Interface:

system32

\DRIVERS

\U81xobe

x.sys

(manual

start)
Microsoft

AGPv3.5

Filter:

system32

\DRIVERS

\uagp35.s

ys

(system)
Microcod

e Update

Driver:

system32

\DRIVERS

\update.s

ys

(manual

start)
Universal

Plug and

Play

Device

Host:

%SystemR

oot%\syst

em32\svc

host.exe

-k

LocalServi

ce

(manual

start)
Uninterru

ptible

Power

Supply:

%SystemR

oot%\Syst

em32\ups

.exe

(manual

start)
Microsoft

USB

Generic

Parent

Driver:

system32

\DRIVERS

\usbccgp.

sys

(manual

start)
Microsoft

USB 2.0

Enhanced

Host

Controller

Miniport

Driver:

system32

\DRIVERS

\usbehci.s

ys

(manual

start)
USB2

Enabled

Hub:

system32

\DRIVERS

\usbhub.s

ys

(manual

start)
Microsoft

USB

PRINTER

Class:

system32

\DRIVERS

\usbprint.

sys

(manual

start)
USB

Scanner

Driver:

system32

\DRIVERS

\usbscan.

sys

(manual

start)
USB Mass

Storage

Driver:

system32

\DRIVERS

\USBSTOR

.SYS

(manual

start)
Microsoft

USB

Universal

Host

Controller

Miniport

Driver:

system32

\DRIVERS

\usbuhci.s

ys

(manual

start)
VgaSave:

\SystemR

oot\Syste

m32\drive

rs\vga.sys

(system)
VIA AGP

Filter:

system32

\DRIVERS

\viaagp1.

sys

(system)
ViaIde:

system32

\DRIVERS

\viaide.sy

s (system)
viasraid:

system32

\DRIVERS

\viasraid.s

ys

(system)
DTVNet

Ethernet

Controller

:

system32

\DRIVERS

\DTVNet.s

ys

(manual

start)
Volume

Shadow

Copy:

%SystemR

oot%\Syst

em32\vss

vc.exe

(manual

start)
Windows

Time:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Remote

Access IP

ARP

Driver:

system32

\DRIVERS

\wanarp.s

ys

(manual

start)
Microsoft

WINMM

WDM

Audio

Compatibi

lity Driver:

system32

\drivers\

wdmaud.s

ys

(system)
WebClien

t:

%SystemR

oot%\syst

em32\svc

host.exe

-k

LocalServi

ce

(autostart

)
winachsf:

system32

\DRIVERS

\HSFCXTS

2.sys

(manual

start)
Windows

Defender

Service:

"C:\Progra

m

Files\Win

dows

Defender\

MsMpEng

.exe"

(autostart

)
Windows

Managem

ent

Instrumen

tation:

%systemr

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Portable

Media

Serial

Number

Service:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)
WMI

Performa

nce

Adapter:

C:\WIND

OWS\syst

em32\wb

em\wmia

psrv.exe

(manual

start)
Windows

Media

Player

Network

Sharing

Service:

C:\Progra

m

Files\Win

dows

Media

Player\W

MPNetwk.

exe

(manual

start)
Windows

Socket 2.0

Non-IFS

Service

Provider

Support

Environm

ent:

\SystemR

oot\Syste

m32\drive

rs\ws2ifsl.

sys

(disabled)
Security

Center:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
World

Standard

Teletext

Codec:

system32

\DRIVERS

\WSTCOD

EC.SYS

(manual

start)
Automati

c

Updates:

%systemr

oot%\syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Windows

Driver

Foundati

on -

User-mod

e Driver

Framewor

k Platform

Driver:

system32

\DRIVERS

\WudfPf.s

ys

(manual

start)
Windows

Driver

Foundati

on -

User-mod

e Driver

Framewor

k

Reflector:

system32

\DRIVERS

\wudfrd.s

ys

(manual

start)
Windows

Driver

Foundati

on -

User-mod

e Driver

Framewor

k:

%SystemR

oot%\syst

em32\svc

host.exe

-k

WudfServi

ceGroup

(manual

start)
Wireless

Zero

Configura

tion:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(autostart

)
Network

Provisioni

ng

Service:

%SystemR

oot%\Syst

em32\svc

host.exe

-k netsvcs

(manual

start)

------------------

------------------

--------------

Enumerati

ng

Windows

NT

logon/log

off

scripts:
*No

scripts set

to run*

Windows

NT

checkdisk

command

:
BootExec

ute =

autochec

k autochk

*

Windows

NT

'Wininit.in

i':
PendingFi

leRename

Operation

s:

*Registry

value not

found*

------------------

------------------

--------------

Enumerati

ng

ShellServi

ceObject

DelayLoa

d items:

PostBoot

Reminder:

C:\WIND

OWS\syst

em32\SH

ELL32.dll
CDBurn:

C:\WIND

OWS\syst

em32\SH

ELL32.dll
WebChec

k:

C:\WIND

OWS\syst

em32\we

bcheck.dll
SysTray:

C:\WIND

OWS\syst

em32\sto

bject.dll
WPDShSer

viceObj:

C:\WIND

OWS\syst

em32\WP

DShServic

eObj.dll

------------------

------------------

--------------
Autorun

entries

from

Registry:
HKCU\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\policie

s\Explorer

\Run

*Registry

key not

found*

------------------

------------------

--------------

Autorun

entries

from

Registry:
HKLM\Sof

tware\Mic

rosoft\Wi

ndows\Cu

rrentVersi

on\policie

s\Explorer

\Run

*Registry

key not

found*

------------------

------------------

--------------

End of

report,

38,070

bytes
Report

generated

in 0.157

seconds

Command

line

options:

/verbose

- to add

additional

info on

each

section

/complete

- to

include

empty

sections

and

unsuspici

ous data
/full -

to include

several

rarely-imp

ortant

sections
/force9x

- to

include

Win9x-onl

y startups

even if

running

on WinNT
/forcent

- to

include

WinNT-on

ly

startups

even if

running

on Win9x
/forceall

- to

include all

Win9x

and

WinNT

startups,

regardless

of

platform
/history

- to list

version

history

only

In anticipation

THANKS A MILLION

[ + quote]

Niobis

Senior Member

13. August 2006 @ 22:19

Link to this message

You got a real nasty there, AskBar.A. And it looks like it has infected many files. Let's get rid of this first!

After much research on this and not much to go by, I think Ewido will remove it. (key word "think") I have found limited solutions to this case so, let's give it a try.

You can get Ewdio here: http://free.grisoft.com/doc/1
Install and update.
Run in safe mode.
Post new HijackThis log along with the Ewdio log.

See a few other things but, they can wait. :)

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help me i am desperate and l.o.s.t.


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.