|
|
|
winlogon.exe, HJT log included.
|
|
Junior Member
|
9. November 2008 @ 23:03 |
Link to this message
|
Hello, I'm having a problem with winlogon.exe, can't seem to delete it.
Here is my HJT log..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:06 PM, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Louie\Desktop\ATF-Cleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://survey.questionmarket.com/surv/22...ite=5&from_ec=0
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Styler.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user')
O4 - .DEFAULT Startup: Styler.lnk = ? (User 'Default user')
O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
O4 - Startup: Styler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9029 bytes
Antec 1200
Intel Q9550
Gigabyte X48-DS4
Western Digital Velociraptor
Corsair Dominator DDR2-8500 (2x2)
Tuniq Tower 120
Visiontek 4870 X2
Samsung 2493HM
Logitech G15 Keyboard
Cyber Snipa Stinger Mouse (3200 DPI)
Logitech Z-4 Speakers
" Once you are born, you begin to die. " |
|
Advertisement
|
 |
|
|
Senior Member
|
10. November 2008 @ 05:48 |
Link to this message
|
Hi epilogue
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
11. November 2008 @ 02:47 |
Link to this message
|
thanks for replying...
here's the log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/10/2008 at 11:37 PM
Application Version : 4.21.1004
Core Rules Database Version : 3631
Trace Rules Database Version: 1614
Scan type : Complete Scan
Total Scan Time : 01:57:50
Memory items scanned : 168
Memory threats detected : 1
Registry items scanned : 5309
Registry threats detected : 8
File items scanned : 68499
File threats detected : 7
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JSNE87FIDGF.DLL
C:\WINDOWS\SYSTEM32\JSNE87FIDGF.DLL
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}
HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}
HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}
HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}#ThreadingModel
HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32
HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{C5BF49A2-94F3-42BD-F434-3604812C897D}
Adware.Tracking Cookie
C:\Documents and Settings\Louie\Cookies\louie@doubleclick[1].txt
Trojan.Csrssc/Systemc-B
C:\DOCUMENTS AND SETTINGS\LOUIE\LOCAL SETTINGS\TEMP\CSRSSC.EXE
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F14F7A74-524C-4349-A8D2-8E1F4D243ADD}\RP144\A0063302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F14F7A74-524C-4349-A8D2-8E1F4D243ADD}\RP145\A0064607.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F14F7A74-524C-4349-A8D2-8E1F4D243ADD}\RP146\A0064682.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F14F7A74-524C-4349-A8D2-8E1F4D243ADD}\RP147\A0064799.EXE
Antec 1200
Intel Q9550
Gigabyte X48-DS4
Western Digital Velociraptor
Corsair Dominator DDR2-8500 (2x2)
Tuniq Tower 120
Visiontek 4870 X2
Samsung 2493HM
Logitech G15 Keyboard
Cyber Snipa Stinger Mouse (3200 DPI)
Logitech Z-4 Speakers
" Once you are born, you begin to die. "
|
Senior Member
|
11. November 2008 @ 04:29 |
Link to this message
|
|
Hey epilogue
So, could you tell me your problem exactly? Why are you trying to delete winlogon.exe? And where is it located?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
11. November 2008 @ 15:17 |
Link to this message
|
|
I seem to have a virus that disables my Bitdefender.
The winlogon I'm trying to delete is in C:\Documents and Settings\"User"\Local Settings\Temp\
Isn't it supposed to be in Win32?
Before Bitdefender was disabled, it told me it had blocked multiple viruses, and I had a downloader.
Thanks.
Antec 1200
Intel Q9550
Gigabyte X48-DS4
Western Digital Velociraptor
Corsair Dominator DDR2-8500 (2x2)
Tuniq Tower 120
Visiontek 4870 X2
Samsung 2493HM
Logitech G15 Keyboard
Cyber Snipa Stinger Mouse (3200 DPI)
Logitech Z-4 Speakers
" Once you are born, you begin to die. "
|
Senior Member
|
11. November 2008 @ 22:46 |
Link to this message
|
Hey epilogue
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
11. November 2008 @ 23:28 |
Link to this message
|
Here is the combofix file
ComboFix 08-11-10.01 - Louie 2008-11-11 20:20:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1906 [GMT -8:00]
Running from: c:\documents and settings\Louie\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.
2008-11-11 18:43 . 2008-11-11 18:43 <DIR> d-------- c:\windows\LastGood
2008-11-10 21:32 . 2008-11-10 21:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-10 21:32 . 2008-11-10 21:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 21:32 . 2008-11-10 21:32 <DIR> d-------- c:\documents and settings\Louie\Application Data\SUPERAntiSpyware.com
2008-11-10 21:32 . 2008-11-10 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-10 00:11 . 2008-11-10 00:11 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-10 00:11 . 2008-11-10 00:11 <DIR> d-------- c:\program files\AVG
2008-11-10 00:11 . 2008-11-10 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-10 00:11 . 2008-11-10 00:11 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-10 00:11 . 2008-11-10 00:11 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-10 00:11 . 2008-11-10 00:11 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-10 00:02 . 2008-11-10 00:02 <DIR> d-------- C:\VundoFix Backups
2008-11-09 23:57 . 2008-11-09 23:57 <DIR> d-------- C:\HJT
2008-11-09 23:50 . 2008-11-09 23:57 <DIR> d-------- c:\documents and settings\Louie\.housecall6.6
2008-11-09 23:50 . 2008-11-09 23:50 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-09 20:03 . 2008-11-09 20:31 <DIR> d-------- C:\!KillBox
2008-11-09 16:06 . 2008-11-09 16:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 13:50 . 2008-11-09 13:50 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-09 13:50 . 2008-11-09 13:50 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-09 13:50 . 2008-11-09 13:50 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-09 13:50 . 2008-11-09 13:50 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-09 13:50 . 2008-11-09 13:50 22,328 --a------ c:\documents and settings\Louie\Application Data\PnkBstrK.sys
2008-11-09 13:30 . 2008-11-09 13:30 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-11-09 12:46 . 2008-11-09 12:46 8 --a------ c:\windows\atomhex.lic
2008-11-09 12:45 . 2008-11-09 12:45 <DIR> d-------- c:\program files\Games
2008-11-09 11:31 . 2008-11-09 11:31 <DIR> d-------- c:\program files\ATI
2008-11-09 11:29 . 2008-08-20 17:55 4,094,560 --a------ c:\windows\system32\ati3duag.dll
2008-11-09 11:29 . 2008-08-20 20:52 3,299,840 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-09 11:29 . 2008-08-20 17:11 561,152 --a------ c:\windows\system32\ati2cqag.dll
2008-11-09 11:29 . 2008-08-20 18:18 314,880 --a------ c:\windows\system32\ati2dvag.dll
2008-11-09 11:29 . 2008-08-20 17:17 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2008-11-09 11:29 . 2008-08-20 18:07 26,112 --a------ c:\windows\system32\Ati2mdxx.exe
2008-11-08 23:00 . 2008-11-08 23:00 <DIR> d-------- c:\program files\SixaxisDriver
2008-11-08 23:00 . 2006-12-24 05:15 27,904 --a------ c:\windows\system32\drivers\xPADFL02.sys
2008-11-08 01:34 . 2008-11-08 01:34 <DIR> d--hs---- c:\windows\ftpcache
2008-11-08 01:33 . 2008-11-08 01:33 319 --a------ c:\windows\game.ini
2008-11-08 01:29 . 2008-11-08 01:29 <DIR> d-------- c:\program files\Activision
2008-11-07 23:00 . 2008-11-07 23:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pure Networks
2008-11-02 18:48 . 2008-11-02 18:48 <DIR> d--h----- c:\windows\PIF
2008-10-30 14:55 . 2008-11-02 00:46 4,096 --a------ c:\windows\system32\crash
2008-10-29 21:19 . 2008-10-29 21:19 <DIR> d-------- c:\program files\Microsoft Games
2008-10-28 21:43 . 2008-10-28 21:43 <DIR> d-------- C:\NVIDIA
2008-10-28 20:21 . 2008-07-10 16:28 79,896 --a------ c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-10-28 20:21 . 2008-07-10 16:28 50,200 --a------ c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-10-28 20:20 . 2008-10-28 20:20 <DIR> d-------- c:\windows\system32\RsFx
2008-10-28 20:20 . 2008-10-28 20:20 <DIR> d-------- c:\program files\MSXML 6.0
2008-10-27 23:44 . 2008-10-28 20:20 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-10-27 23:42 . 2008-10-28 20:19 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-27 23:42 . 2008-10-27 23:43 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-10-27 23:42 . 2008-10-27 23:42 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-10-27 23:41 . 2008-10-27 23:41 <DIR> d-------- c:\program files\Microsoft SDKs
2008-10-27 23:39 . 2008-10-27 23:39 <DIR> d-------- C:\4a8d92ae9c22aa8d4a8da7
2008-10-27 23:38 . 2008-10-28 20:17 <DIR> d-------- c:\windows\SxsCaPendDel
2008-10-27 23:24 . 2008-10-27 23:24 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-27 23:16 . 2008-11-08 01:23 <DIR> d-------- c:\program files\Gears of War
2008-10-24 10:24 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 22:33 . 2008-10-21 22:33 <DIR> d-------- c:\windows\system32\xlive
2008-10-21 22:18 . 2008-10-21 22:23 <DIR> d-------- c:\documents and settings\Louie\Application Data\Microsoft Games
2008-10-21 21:59 . 2008-10-21 21:59 <DIR> d-------- c:\program files\7-Zip
2008-10-20 22:02 . 2008-10-20 22:02 236 --a------ C:\sqmdata19.sqm
2008-10-20 22:02 . 2008-10-20 22:02 200 --a------ C:\sqmnoopt19.sqm
2008-10-20 21:50 . 2008-10-20 21:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-10-18 18:52 . 2008-10-18 18:52 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-10-18 18:51 . 2008-04-14 04:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-18 18:50 . 2008-10-18 18:50 <DIR> d-------- c:\program files\HP
2008-10-18 18:50 . 2004-09-29 11:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-10-18 18:50 . 2004-09-29 11:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-10-18 18:50 . 2004-09-29 11:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-10-18 18:50 . 2004-09-29 11:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-10-18 18:50 . 2004-09-29 11:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-10-18 18:50 . 2004-09-29 11:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-10-18 18:50 . 2008-04-14 04:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-18 18:10 . 2008-10-18 18:10 <DIR> d-------- c:\program files\iTunes
2008-10-18 18:10 . 2008-10-18 18:10 <DIR> d-------- c:\program files\iPod
2008-10-18 18:10 . 2008-10-18 18:10 <DIR> d-------- c:\documents and settings\Louie\Application Data\Apple Computer
2008-10-18 18:10 . 2008-10-18 18:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-18 18:10 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-10-18 18:10 . 2008-04-17 12:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-18 18:09 . 2008-10-18 18:09 <DIR> d-------- c:\program files\QuickTime
2008-10-18 18:09 . 2008-10-18 18:09 <DIR> d-------- c:\program files\Bonjour
2008-10-18 18:09 . 2008-10-18 18:09 <DIR> d-------- c:\program files\Apple Software Update
2008-10-18 18:09 . 2008-10-18 18:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-18 18:08 . 2008-10-18 18:09 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-18 18:08 . 2008-10-18 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-18 18:08 . 2008-10-01 12:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-18 17:57 . 2008-10-18 17:57 236 --a------ C:\sqmdata18.sqm
2008-10-18 17:57 . 2008-10-18 17:57 200 --a------ C:\sqmnoopt18.sqm
2008-10-17 18:56 . 2008-10-17 18:56 <DIR> d-------- C:\.jagex_cache_32
2008-10-14 16:34 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 16:34 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:34 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:34 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 16:34 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 16:34 . 2008-09-08 02:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-14 16:33 . 2008-10-14 16:33 236 --a------ C:\sqmdata17.sqm
2008-10-14 16:33 . 2008-10-14 16:33 200 --a------ C:\sqmnoopt17.sqm
2008-10-12 18:04 . 2008-10-12 18:04 272 --a------ C:\sqmdata16.sqm
2008-10-12 18:04 . 2008-10-12 18:04 200 --a------ C:\sqmnoopt16.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 04:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 02:57 30 ----a-w c:\documents and settings\Louie\jagex_runescape_preferences.dat
2008-11-11 23:50 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-11 23:50 --------- d-----w c:\documents and settings\Louie\Application Data\SystemRequirementsLab
2008-11-11 20:08 81,984 ----a-w c:\windows\system32\bdod.bin
2008-11-10 07:57 --------- d-----w c:\documents and settings\Louie\Application Data\uTorrent
2008-11-10 07:28 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-11-09 21:53 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-09 21:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 21:41 --------- d-----w c:\program files\Ubisoft
2008-10-28 07:44 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-21 05:47 106,496 ----a-w c:\windows\DUMP47e6.tmp
2008-10-21 05:46 106,496 ----a-w c:\windows\DUMP4872.tmp
2008-10-21 05:42 --------- d-----w c:\program files\ATI Technologies
2008-10-19 17:25 --------- d-----w c:\documents and settings\Louie\Application Data\LimeWire
2008-10-12 05:23 --------- d-----w c:\program files\SysTool
2008-10-12 04:26 --------- d-----w c:\program files\PPMate
2008-10-12 04:26 --------- d-----w c:\program files\Common Files\Synacast
2008-10-12 04:26 --------- d-----w c:\documents and settings\Louie\Application Data\PPMate
2008-10-12 04:20 --------- d-----w c:\program files\TVAnts
2008-10-11 16:47 --------- d-----w c:\program files\DVDVideoSoft
2008-10-11 16:47 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-10-10 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2008-10-10 03:40 --------- d-----w c:\program files\DAEMON Tools Pro
2008-10-10 03:40 --------- d-----w c:\documents and settings\Louie\Application Data\DAEMON Tools Pro
2008-10-10 03:28 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-10 02:16 --------- d-----w c:\program files\Aspyr
2008-10-09 05:10 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers Headquarters
2008-10-09 04:50 --------- d-----w c:\program files\Paint.NET
2008-10-08 03:17 --------- d-----w c:\program files\SopCast
2008-10-07 02:28 --------- d-----w c:\program files\NOS
2008-10-07 02:24 --------- d-----w c:\program files\LibUSB-Win32-0.1.10.1
2008-10-07 02:21 --------- d-----w c:\documents and settings\Louie\Application Data\fretsonfire
2008-10-07 02:18 --------- d-----w c:\program files\Frets on Fire
2008-10-07 01:55 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-07 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-07 01:54 --------- d-----w c:\program files\Common Files\Adobe
2008-10-05 17:42 --------- d-----w c:\program files\MSXML 4.0
2008-10-05 07:07 --------- d-----w c:\program files\New Folder
2008-10-04 19:40 --------- d-----w c:\program files\Common Files\snp2std
2008-10-04 16:29 --------- d-----w c:\program files\Avanquest update
2008-10-04 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-10-04 16:28 --------- d-----w c:\program files\Sony Ericsson
2008-10-04 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-04 16:13 --------- d-----w c:\documents and settings\Louie\Application Data\Teleca
2008-10-04 16:12 --------- d-----w c:\program files\Common Files\Teleca Shared
2008-10-04 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\Teleca
2008-10-02 02:28 --------- d-----w c:\program files\Wisdom-soft ScreenHunter 5 Free
2008-09-30 06:29 --------- d-----w c:\program files\AndrosaSoft
2008-09-30 06:29 --------- d-----w c:\documents and settings\Louie\Application Data\AndrosaSoft
2008-09-30 06:16 --------- d-----w c:\program files\TeamViewer3
2008-09-30 06:16 --------- d-----w c:\documents and settings\Louie\Application Data\TeamViewer
2008-09-28 16:54 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-09-27 20:58 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-09-27 07:23 --------- d-----w c:\program files\Windows Resource Kits
2008-09-27 05:12 --------- d-----w c:\program files\RivaTuner v2.11
2008-09-27 05:12 --------- d-----w c:\program files\Ares
2008-09-27 03:22 --------- d-----w c:\documents and settings\All Users\Application Data\pixelStorm
2008-09-26 17:34 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2008-09-26 07:23 --------- d-----w c:\program files\Guild Wars
2008-09-26 07:08 77,824 ----a-w c:\windows\system32\xcomm.dll
2008-09-26 06:51 --------- d-----w c:\documents and settings\All Users\Application Data\POP3Profiles
2008-09-26 06:45 138,240 ----a-w c:\windows\system32\drivers\hdaudbus.sys
2008-09-26 06:03 98,304 ----a-w c:\windows\DUMP5c1a.tmp
2008-09-26 05:42 65,536 ----a-w c:\windows\DUMP760a.tmp
2008-09-26 05:07 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-09-26 04:52 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-09-26 04:29 --------- d-----w c:\program files\BitDefender
2008-09-26 04:29 --------- d-----w c:\documents and settings\Louie\Application Data\Bitdefender
2008-09-26 04:01 --------- d-----w c:\program files\Common Files\Logitech
2008-09-26 04:00 --------- d-----w c:\program files\Common Files\Logishrd
2008-09-26 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2008-09-26 03:41 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-09-25 15:28 --------- d-----w c:\program files\Windows Live
2008-09-25 05:53 16,608 ----a-w c:\windows\gdrv.sys
2008-09-25 01:15 --------- d-----w c:\documents and settings\Louie\Application Data\ATI
2008-09-25 00:56 --------- d-----w c:\program files\Test My Hardware
2008-09-24 05:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 07:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-08-29 17:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-25 06:49 65,536 ----a-w c:\windows\DUMP4d26.tmp
2008-08-25 03:32 315,392 ----a-w c:\windows\HideWin.exe
2008-08-22 10:16 637,984 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-22 10:10 11,985,408 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-08-22 10:09 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\wininet.dll
2008-08-22 10:08 878,592 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-08-22 10:08 43,008 ----a-w c:\windows\system32\licmgr10.dll
2008-08-22 10:08 43,008 ------w c:\windows\system32\dllcache\licmgr10.dll
2008-08-22 10:08 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2008-08-22 10:08 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-08-22 10:07 755,200 ------w c:\windows\system32\dllcache\VGX.dll
2008-08-22 10:07 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-08-22 10:07 18,944 ----a-w c:\windows\system32\corpol.dll
2008-08-22 10:07 18,944 ------w c:\windows\system32\dllcache\corpol.dll
2008-08-22 10:07 116,224 ----a-w c:\windows\system32\dllcache\occache.dll
2008-08-22 10:07 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2008-08-22 10:05 70,656 ----a-w c:\windows\system32\dllcache\mshtmled.dll
.
------- Sigcheck -------
2008-04-14 04:00 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe
2008-04-14 04:00 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll
2008-04-14 04:00 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-19 12:43 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys
2008-04-14 04:00 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe
2008-04-14 04:00 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
2008-04-14 04:00 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
2008-04-14 04:00 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
2008-04-14 04:00 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe
2008-04-14 04:00 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe
2008-04-14 04:00 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe
2008-04-14 04:00 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe
2008-04-14 04:00 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
2008-04-14 04:00 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-25 368640]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-10 1234712]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-22 c:\windows\system32\advpack.dll]
c:\documents and settings\Louie\Start Menu\Programs\Startup\
ScreenHunter 5.0 Free.lnk - c:\program files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2008-10-01 4878336]
Styler.lnk - c:\documents and settings\Louie\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-08-25 15086]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppmnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"f:\\GAMES\\files\\button1\\haloce.exe"=
"c:\\Program Files\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-10 97928]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-10 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-10 76040]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-09-25 86792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [ ]
S3 AR5523;TP-LINK TL-WN620G 11G Wireless Adapter Service;c:\windows\system32\DRIVERS\ar5523.sys [2006-01-16 360288]
S3 GPU-Z;GPU-Z;c:\docume~1\Louie\LOCALS~1\Temp\GPU-Z.sys [ ]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 12179584]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Louie\Application Data\Mozilla\Firefox\Profiles\dg17ilrt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.n4g.com/default.aspx | www.nba.com
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:23:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-11-11 20:23:57
ComboFix-quarantined-files.txt 2008-11-12 04:23:49
Pre-Run: 123,222,552,576 bytes free
Post-Run: 123,383,201,792 bytes free
359 --- E O F --- 2008-10-25 17:04:34
Antec 1200
Intel Q9550
Gigabyte X48-DS4
Western Digital Velociraptor
Corsair Dominator DDR2-8500 (2x2)
Tuniq Tower 120
Visiontek 4870 X2
Samsung 2493HM
Logitech G15 Keyboard
Cyber Snipa Stinger Mouse (3200 DPI)
Logitech Z-4 Speakers
" Once you are born, you begin to die. "
|
Senior Member
|
12. November 2008 @ 07:14 |
Link to this message
|
|
Hey epilogue
Is the winlogon.exe in C:\Documents and Settings\"User"\Local Settings\Temp\ or C:\Documents and Settings\User\Local Settings\Temp\?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Junior Member
|
12. November 2008 @ 20:22 |
Link to this message
|
|
hey,
winlogon is deleted now, but my bitdefender still refuses to run?
is there something wrong with my system, and how can i be sure the virus is completely gone?
thanks.
Antec 1200
Intel Q9550
Gigabyte X48-DS4
Western Digital Velociraptor
Corsair Dominator DDR2-8500 (2x2)
Tuniq Tower 120
Visiontek 4870 X2
Samsung 2493HM
Logitech G15 Keyboard
Cyber Snipa Stinger Mouse (3200 DPI)
Logitech Z-4 Speakers
" Once you are born, you begin to die. "
|
|
Advertisement
|
|
|
Senior Member
|
12. November 2008 @ 22:14 |
Link to this message
|
|
Hey epilogue
Perhaps you can try reinstalling Bitdefender...
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
