GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

HIJACK THIS: userinit.exe problems

View previous topic View next topic Go down

HIJACK THIS: userinit.exe problems

Post by larrybro on Fri Dec 03, 2010 10:52 pm

I am running Windows XP and have to get into the system using my Task Manager...I believe this to be the userinit.exe virus. Here are the OTL results (the second part follows in the next post):

OTL logfile created on: 12/3/2010 5:52:42 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.00 Mb Total Physical Memory | 36.00 Mb Available Physical Memory | 14.00% Memory free
619.00 Mb Paging File | 354.00 Mb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.38 Gb Free Space | 41.32% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.73% Space Free | Partition Type: FAT

Computer Name: LARRYANDSARLENO | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 16:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
PRC - [2010/12/03 16:11:26 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/09/01 05:58:00 | 000,152,832 | ---- | M] (Avanquest Software USA, Inc.) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe
PRC - [2007/02/12 18:56:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdccoms.exe
PRC - [2006/01/04 17:09:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Network Monitor\netmon.exe
PRC - [2005/08/02 15:58:38 | 000,293,888 | RHS- | M] () -- C:\WINDOWS\TGFycnkgVy4gQnJvd24\command.exe
PRC - [2004/10/13 05:28:15 | 000,040,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\fswsclds.exe
PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/02 11:20:12 | 000,155,702 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2003/10/01 12:16:26 | 000,065,589 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\fch32.exe
PRC - [2003/10/01 12:15:00 | 000,270,391 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.exe
PRC - [2003/10/01 12:11:28 | 000,061,494 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.exe
PRC - [2003/10/01 12:06:12 | 000,180,278 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 16:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
MOD - [2008/08/01 08:06:08 | 000,111,104 | ---- | M] () -- C:\WINDOWS\system32\aydekt.dll
MOD - [2007/08/31 12:57:42 | 000,028,672 | ---- | M] (Avanquest Software USA, Inc.) -- C:\Program Files\Avanquest\Fix-It\WinHook.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/19 07:59:41 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2005/08/02 15:46:54 | 000,187,904 | RHS- | M] () -- C:\WINDOWS\TGFycnkgVy4gQnJvd24\asappsrv.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/07/11 18:55:03 | 000,023,048 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\444.470 -- (MsSecurity1.209.4)
SRV - [2007/09/01 05:58:00 | 000,152,832 | ---- | M] (Avanquest Software USA, Inc.) [Auto | Running] -- C:\Program Files\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2007/08/09 19:48:26 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/02/12 18:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2006/01/04 17:09:34 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\Network Monitor\netmon.exe -- (Network Monitor)
SRV - [2005/08/02 15:58:38 | 000,293,888 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\TGFycnkgVy4gQnJvd24\command.exe -- (cmdService)
SRV - [2004/10/13 05:28:15 | 000,040,960 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\fswsclds.exe -- (Fswsclds)
SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/02 11:20:12 | 000,155,702 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2003/10/01 12:11:28 | 000,061,494 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - [2008/07/11 18:55:10 | 000,086,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rootmdmm.sys -- (rootmdmm)
DRV - [2008/07/11 18:55:04 | 000,099,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Larry\Local Settings\Temp\tni19D.tmp -- (TnIDriver)
DRV - [2007/11/29 17:30:24 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/11/29 17:30:24 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/09/01 05:58:00 | 000,020,496 | ---- | M] (Avanquest Software USA, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Avanquest\Fix-It\MailScan.sys -- (MailScan)
DRV - [2007/08/31 12:36:12 | 000,199,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Avanquest\Fix-It\tmxpflt.sys -- (tmxpflt)
DRV - [2007/08/31 12:36:12 | 000,032,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Avanquest\Fix-It\tmpreflt.sys -- (tmpreflt)
DRV - [2007/08/31 12:36:10 | 001,052,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Avanquest\Fix-It\Vsapint.sys -- (Vsapint)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2004/08/04 01:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/06/09 18:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2004/02/02 11:20:56 | 000,082,336 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2004/01/02 15:24:51 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2003/01/27 21:03:08 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/10/15 14:32:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/09 17:14:00 | 001,172,416 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/09 17:13:00 | 000,594,832 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002/07/09 17:13:00 | 000,167,155 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/04/10 17:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 17:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 17:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 16:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 16:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/10/16 16:47:04 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx2nd5.sys -- (pcx2nd5) Toshiba PCX2000 USB Cable Modem networking driver (NDIS)
DRV - [2001/10/16 16:46:58 | 000,069,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx2unic.sys -- (pcx2unic)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 07:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2000/03/29 16:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/reader/view/?hl=en&tab=wy#overview-page"
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.72
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.0.4
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.33

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/03 16:11:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/03 16:11:44 | 000,000,000 | ---D | M]

[2008/06/29 21:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
[2005/09/01 19:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\3dw496cy.Larry\extensions
[2005/09/01 19:00:47 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\3dw496cy.Larry\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/03 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions
[2008/06/20 20:51:39 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2006/06/06 13:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2005/12/18 16:42:41 | 000,000,000 | ---D | M] (Crystal Dream) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}
[2008/06/04 08:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2007/07/30 21:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2008/04/26 20:56:28 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/06/20 18:44:24 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\searchplugins\IMDB.xml
[2008/06/20 18:44:24 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\searchplugins\wikipedia.xml
[2010/12/03 00:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/01 14:10:19 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2002/06/25 16:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2673f941-a63e-4f1c-9355-5e2eb68c891d} - C:\WINDOWS\system32\aydekt.dll ()
O2 - BHO: (gooochi browser optimizer) - {67f1f031-3888-b1c3-2852-0a47dd8d8f44} - C:\WINDOWS\system32\wpuzhltehabgctt.dll ( )
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGxUOhe.dll ()
O2 - BHO: (MySidesearch Search Assistant) - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\system32\mysidesearch_sidebar.dll ()
O2 - BHO: (no name) - {C848797B-12BC-4983-A8D9-2BCC34D07FB2} - C:\WINDOWS\system32\efcYqnml.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [{64ed5f2c-60f4-5163-4e5e-db973fc7094e}] C:\WINDOWS\system32\wpuzhltehabgctt.DLL ( )
O4 - HKLM..\Run: [{DC-CF-F3-39-DW}] C:\WINDOWS\System32\rrwnw64p.exe ()
O4 - HKLM..\Run: [4c0dcf96] C:\WINDOWS\System32\jsiptlme.DLL ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [BM4f3efc0a] C:\WINDOWS\System32\kovhjwxm.DLL ()
O4 - HKLM..\Run: [ExploreUpdSched] C:\WINDOWS\System32\ocntqtdm.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171212340\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirusScannerPro] C:\Program Files\Avanquest\Fix-It\MemCheck.exe (Avanquest Software USA, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [GetModule20] C:\Program Files\GetModule\GetModule20.exe ()
O4 - HKCU..\Run: [GetPack20] C:\Program Files\GetPack\GetPack20.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [mjc] C:\Program Files\mjc\mjc.exe ()
O4 - HKCU..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Deewoo.lnk = C:\WINDOWS\system32\ocntqtdm.exe ()
O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\DW_Start.lnk = C:\WINDOWS\system32\rrwnw64p.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\add_url.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (aydekt.dll) - C:\WINDOWS\System32\aydekt.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\hgGxUOhe: DllName - hgGxUOhe.dll - C:\WINDOWS\System32\hgGxUOhe.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGxUOhe.dll ()
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcYqnml) - C:\WINDOWS\System32\efcYqnml.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/27 19:42:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MCVSRte"
MsConfig - Services: "mcupdmgr.exe"
MsConfig - Services: "McShield"
MsConfig - Services: "AOL ACS"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk - C:\PROGRA~1\AMERIC~3.0\aoltray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~1\MICROS~4\Office10\OSA.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe - C:\Documents and Settings\Larry\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe - File not found
MsConfig - StartUpReg: AdaptecDirectCD - hkey= - key= - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
MsConfig - StartUpReg: EPSON Stylus C62 Series - hkey= - key= - File not found
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe File not found
MsConfig - StartUpReg: Microsoft Works Portfolio - hkey= - key= - C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
MsConfig - StartUpReg: MoneyAgent - hkey= - key= - C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
MsConfig - StartUpReg: MoneyStartUp10.0 - hkey= - key= - C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe File not found
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe File not found
MsConfig - StartUpReg: WorksFUD - hkey= - key= - C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SYMTDI - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2D5974C5-5185-4f5b-80B6-28015ACDD74C} - q319182
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (14931784517025792)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 16:21:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
[2010/12/03 16:13:09 | 008,567,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Larry\Desktop\Firefox Setup 3.6.12.exe
[2010/12/03 15:51:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/03 00:01:08 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.50.0.0.exe
[2008/07/02 08:48:08 | 000,158,208 | ---- | C] ( ) -- C:\WINDOWS\System32\wpuzhltehabgctt.dll
[2008/02/21 19:16:02 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2007/01/10 19:02:06 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2007/01/10 19:00:42 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2007/01/10 18:54:42 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2007/01/10 18:53:10 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2007/01/10 18:51:52 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2007/01/10 18:49:44 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2007/01/10 18:49:00 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[2007/01/10 18:48:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2007/01/10 18:42:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2007/01/10 18:41:44 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2007/01/10 18:37:42 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2005/01/03 17:39:51 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2004/01/25 15:03:49 | 003,468,688 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Program Files\R41231.EXE
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Larry\My Documents\*.tmp files -> C:\Documents and Settings\Larry\My Documents\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Larry\Desktop\*.tmp files -> C:\Documents and Settings\Larry\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/03 17:47:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/03 17:46:53 | 000,000,033 | RHS- | M] () -- C:\WINDOWS\muotr.so
[2010/12/03 17:46:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/03 17:45:56 | 267,460,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/03 16:21:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
[2010/12/03 16:21:15 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/03 16:21:15 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/03 16:19:05 | 141,627,611 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/12/03 16:13:30 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Larry\Desktop\Firefox Setup 3.6.12.exe
[2010/12/03 15:52:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/03 00:01:09 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/02 19:02:20 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/02 19:02:20 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\Larry\My Documents\*.tmp files -> C:\Documents and Settings\Larry\My Documents\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Larry\Desktop\*.tmp files -> C:\Documents and Settings\Larry\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 16:21:15 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/03 16:21:15 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/03 16:17:42 | 141,627,611 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/12/03 15:52:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/08/01 08:09:00 | 001,487,632 | -HS- | C] () -- C:\WINDOWS\System32\emltpisj.ini
[2008/08/01 08:08:43 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\jsiptlme.dll
[2008/08/01 08:06:13 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\aydekt.dll
[2008/08/01 08:06:07 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\cabsvmwl.dll
[2008/08/01 08:02:56 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\kovhjwxm.dll
[2008/08/01 07:57:51 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\rvxwqody.dll
[2008/07/15 11:52:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\gpvmfg.dll
[2008/07/15 11:52:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\lmfgsvng.dll
[2008/07/15 11:49:18 | 001,843,043 | -HS- | C] () -- C:\WINDOWS\System32\ggsgdykn.ini
[2008/07/15 11:49:15 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\nkydgsgg.dll
[2008/07/15 11:47:33 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ilgyoubn.dll
[2008/07/15 08:44:40 | 001,843,087 | -HS- | C] () -- C:\WINDOWS\System32\eqbjgcdi.ini
[2008/07/15 08:36:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\pnzdtv.dll
[2008/07/15 08:35:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\ansryyoo.dll
[2008/07/15 08:23:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\pbjnqtxp.dll
[2008/07/13 17:33:31 | 001,842,631 | -HS- | C] () -- C:\WINDOWS\System32\yvoukkqm.ini
[2008/07/13 17:30:47 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\uajago.dll
[2008/07/13 17:30:45 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\xseqfutd.dll
[2008/07/13 17:30:03 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\wtyomvdv.dll
[2008/07/12 08:28:29 | 001,879,293 | -HS- | C] () -- C:\WINDOWS\System32\vccmrdrl.ini
[2008/07/12 08:25:31 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\swscmr.dll
[2008/07/12 08:25:27 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\qkcuhjww.dll
[2008/07/12 08:23:49 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/07/12 08:23:35 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\ubaocbbd.dll
[2008/07/11 23:15:03 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/07/11 19:01:48 | 001,878,770 | -HS- | C] () -- C:\WINDOWS\System32\ygndlejj.ini
[2008/07/11 19:00:09 | 000,722,035 | -HS- | C] () -- C:\WINDOWS\System32\lmnqYcfe.ini2
[2008/07/11 19:00:09 | 000,722,035 | -HS- | C] () -- C:\WINDOWS\System32\lmnqYcfe.ini
[2008/07/11 18:59:58 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\efcYqnml.dll
[2008/07/11 18:56:59 | 000,000,861 | ---- | C] () -- C:\WINDOWS\System32\winpfz33.sys
[2008/07/11 18:56:10 | 000,687,592 | ---- | C] () -- C:\WINDOWS\System32\atmtd.dll._
[2008/07/11 18:56:09 | 000,687,592 | ---- | C] () -- C:\WINDOWS\System32\atmtd.dll
[2008/07/11 18:55:10 | 000,086,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootmdmm.sys
[2008/07/11 18:54:45 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\wvUkHXoo.dll
[2008/07/11 18:54:45 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\hgGxUOhe.dll
[2008/05/30 12:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 12:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/27 10:35:26 | 000,333,824 | ---- | C] () -- C:\WINDOWS\System32\mysidesearch_sidebar.dll
[2008/02/25 10:30:01 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2008/02/21 19:16:02 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2007/02/12 05:46:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2006/07/09 23:33:11 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/08 19:22:20 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\fusioncache.dat
[2006/05/18 09:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2005/12/22 20:20:55 | 000,000,052 | ---- | C] () -- C:\WINDOWS\hpqwrap.INI
[2005/12/11 13:44:30 | 000,004,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/01/03 17:39:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/08/26 19:23:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2004/06/01 21:04:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 21:04:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/24 20:49:14 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/05/24 20:49:14 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/04/11 17:44:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\msegcompid.dll
[2004/04/07 23:17:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\mseggrpid.dll
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/11/16 01:06:47 | 000,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/11/16 01:03:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/09/01 11:46:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/05 09:44:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Sarleno.ini
[2003/07/19 10:48:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/30 21:53:38 | 000,000,278 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2003/01/28 18:37:30 | 000,005,094 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/01/27 21:50:30 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini
[2003/01/27 21:30:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/27 14:31:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/01/27 19:41:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/18 13:18:54 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdcdrpp.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2001/05/07 17:14:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Film Factory.scr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/10/29 19:09:38 | 000,001,554 | -H-- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2004/01/25 15:03:49 | 003,468,688 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] -- C:\Program Files\R41231.EXE

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/09/23 19:40:52 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/10/25 14:23:49 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/01/27 19:55:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/07/10 23:43:54 | 020,388,328 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Larry\Desktop\DivXInstaller.exe
[2010/12/03 16:13:30 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Larry\Desktop\Firefox Setup 3.6.12.exe
[2008/03/28 12:30:27 | 001,491,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Larry\Desktop\install_flash_player.exe
[2010/12/03 16:19:05 | 141,627,611 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/12/03 00:01:09 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Larry\Desktop\mbam-setup-1.50.0.0.exe
[1 C:\Documents and Settings\Larry\Desktop\*.tmp files -> C:\Documents and Settings\Larry\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/05/29 10:59:07 | 000,953,008 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\install_flash_player.exe
[7 C:\Documents and Settings\Larry\My Documents\*.tmp files -> C:\Documents and Settings\Larry\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/03 16:11:25 | 000,185,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/03 16:11:26 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/03 16:11:37 | 000,242,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/09/23 21:28:55 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Larry\Favorites\Desktop.ini
[2007/09/07 18:40:55 | 000,008,704 | -HS- | M] () -- C:\Documents and Settings\Larry\Favorites\Thumbs.db

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2005/01/29 13:47:19 | 000,000,253 | -H-- | M] () -- C:\Documents and Settings\All Users\hpothb07.tif

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/15 08:35:11 | 000,101,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ansryyoo.dll
[2008/07/15 11:52:00 | 000,101,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\gpvmfg.dll
[2008/07/11 18:54:45 | 000,031,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\hgGxUOhe.dll
[2008/07/15 11:47:34 | 000,092,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ilgyoubn.dll
[2008/07/15 11:52:00 | 000,101,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\lmfgsvng.dll
[2008/07/15 08:23:01 | 000,092,672 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\pbjnqtxp.dll
[2008/07/15 08:35:11 | 000,101,376 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\pnzdtv.dll
[2008/07/12 08:25:27 | 000,101,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\qkcuhjww.dll
[2008/07/12 08:25:27 | 000,101,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\swscmr.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/07/11 18:55:10 | 000,086,144 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rootmdmm.sys

< %systemroot%\System32\config\*.sav >
[2003/01/27 14:30:10 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/01/27 14:30:10 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/01/27 14:30:09 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/06/25 16:36:17 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/09/13 16:12:44 | 000,004,557 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\atiicdxx.sys
[2002/06/25 16:37:06 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2004/06/09 13:31:10 | 000,006,144 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DLPT.sys
[2002/06/25 16:38:27 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/06/25 16:39:20 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 00:46:54 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/06/25 16:43:29 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/06/25 16:43:29 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/06/25 16:43:30 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/06/25 16:43:30 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/06/25 16:43:30 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/04 01:07:32 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2008/03/19 04:47:00 | 001,845,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2008/07/11 18:57:46 | 000,000,861 | ---- | M] () -- C:\WINDOWS\system32\winpfz33.sys
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 02:56:41 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/04 02:56:41 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/04 02:56:41 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/04 02:56:41 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/04 02:56:41 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/04 02:56:41 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/04 02:56:41 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004/08/04 02:56:41 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/04 02:56:41 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/04 02:56:41 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/04 02:56:41 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/04 02:56:41 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/04 02:56:41 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 02:56:45 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/04 02:56:46 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >



Last edited by larrybro on Fri Dec 03, 2010 10:53 pm; edited 1 time in total

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Fri Dec 03, 2010 10:53 pm

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/01/18 13:18:54 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdcdrpp.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2005/07/29 06:33:55 | 000,004,632 | ---- | M] () -- C:\0x0409.ini
[2003/01/27 19:42:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/09/23 19:41:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2003/01/27 19:42:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/03/11 19:50:24 | 000,012,862 | ---- | M] () -- C:\desktop.ico
[2008/07/14 22:17:35 | 000,000,198 | ---- | M] () -- C:\diffdebug.txt
[2010/12/03 17:45:56 | 267,460,608 | -HS- | M] () -- C:\hiberfil.sys
[2005/04/13 08:32:22 | 000,000,395 | -H-- | M] () -- C:\hpothb07.dat
[2005/04/13 08:32:22 | 000,048,354 | -H-- | M] () -- C:\hpothb07.tif
[2003/01/27 19:42:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/02/11 11:46:10 | 000,000,665 | -H-- | M] () -- C:\IPH.PH
[2005/07/29 06:34:04 | 021,069,312 | ---- | M] () -- C:\iTunes.msi
[1999/09/13 23:00:00 | 000,000,035 | ---- | M] () -- C:\mscrsv.syc
[2003/01/27 19:42:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/23 19:33:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/09/23 19:33:18 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/08/04 07:00:06 | 000,000,557 | -H-- | M] () -- C:\os049561.bin
[2010/12/03 17:45:54 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2005/04/14 05:38:38 | 000,127,037 | ---- | M] () -- C:\testes6.jpg

< %PROGRAMFILES%\*. >
[2005/04/17 18:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/07/16 17:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2007/02/11 11:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2010/12/03 15:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/07/13 17:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest
[2008/03/20 18:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2004/02/03 21:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2008/07/13 17:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/01/27 20:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2003/01/27 21:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2008/07/10 23:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2005/05/08 07:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Download Coach
[2006/06/12 10:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Download Express
[2003/01/27 21:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2003/01/27 21:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON Software
[2005/05/22 12:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2005/03/04 21:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\FreshGames
[2008/08/01 08:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\GetModule
[2008/08/01 08:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\GetPack
[2006/07/09 21:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2003/01/27 21:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/07/14 10:48:15 | 000,000,000 | ---D | M] -- C:\Program Files\iCheck
[2006/03/27 13:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2008/07/14 10:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\InetGet2
[2006/09/05 19:19:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/01/27 20:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/06/10 21:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/11/13 11:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/11/13 11:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2003/01/27 21:11:53 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2008/03/10 19:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/07/11 20:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2005/02/10 03:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/04/03 18:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2003/01/27 21:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2003/01/27 19:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/01/27 21:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2005/04/09 11:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/12/12 14:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 2002
[2008/06/11 17:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2003/01/27 21:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2003/01/27 21:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2003/01/27 21:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2002
[2005/04/03 18:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/09/05 19:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\MINITAB 14
[2008/07/13 22:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\mjc
[2004/09/23 19:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/12/03 17:48:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/06/11 17:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/01/27 19:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2004/06/18 20:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\MTBWIN
[2003/01/27 21:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2005/01/30 16:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\MusicNetonAOL
[2004/09/23 19:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/08/24 22:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2008/07/11 18:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Network Monitor
[2007/08/09 19:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Nortel Networks
[2003/01/27 19:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/06/14 02:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/05/24 20:48:26 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2008/03/27 18:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2003/01/27 22:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2004/05/24 20:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2003/01/27 21:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/03/20 18:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/07/14 10:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sakora
[2004/02/03 21:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com
[2003/11/16 00:50:51 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/07/14 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Temporary
[2008/06/06 08:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2003/08/27 21:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2003/01/27 20:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\UIU
[2004/08/01 16:44:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/06/23 13:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh
[2003/01/27 22:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/07/13 22:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Webtools
[2007/01/04 18:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/01/04 18:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2004/09/23 19:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/13 16:56:32 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2003/01/27 19:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/04/08 23:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2005/02/27 13:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games

< %appdata%\*.* >
[2003/01/27 14:31:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Larry\Application Data\desktop.ini
[2004/09/25 12:18:38 | 000,057,728 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/01/30 14:49:08 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/06/25 16:36:22 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=48BC2767CEEC6E8B0E15B0289F18232E -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2002/06/25 16:37:26 | 000,033,664 | ---- | M] (Microsoft Corporation) MD5=43A10CD19D648E57ED039A6CAA667A56 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/06/25 16:38:01 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2002/06/25 16:42:56 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/06/25 16:45:41 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/09/23 19:27:32 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2001/08/17 13:03:22 | 000,021,760 | ---- | M] (Microsoft Corporation) MD5=694F2B90124EB086C38C18DA97A13E48 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-07-09 05:12:45

< End of report >

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Fri Dec 03, 2010 11:40 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


      PRC - [2006/01/04 17:09:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Network Monitor\netmon.exe
      PRC - [2005/08/02 15:58:38 | 000,293,888 | RHS- | M] () -- C:\WINDOWS\TGFycnkgVy4gQnJvd24\command.exe
      O2 - BHO: (no name) - {2673f941-a63e-4f1c-9355-5e2eb68c891d} - C:\WINDOWS\system32\aydekt.dll ()
      O2 - BHO: (gooochi browser optimizer) - {67f1f031-3888-b1c3-2852-0a47dd8d8f44} - C:\WINDOWS\system32\wpuzhltehabgctt.dll ( )
      O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGxUOhe.dll ()
      O2 - BHO: (no name) - {C848797B-12BC-4983-A8D9-2BCC34D07FB2} - C:\WINDOWS\system32\efcYqnml.dll ()
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O4 - HKLM..\Run: [{64ed5f2c-60f4-5163-4e5e-db973fc7094e}] C:\WINDOWS\system32\wpuzhltehabgctt.DLL ( )
      O4 - HKLM..\Run: [{DC-CF-F3-39-DW}] C:\WINDOWS\System32\rrwnw64p.exe ()
      O4 - HKLM..\Run: [4c0dcf96] C:\WINDOWS\System32\jsiptlme.DLL ()
      O4 - HKLM..\Run: [BM4f3efc0a] C:\WINDOWS\System32\kovhjwxm.DLL ()
      O4 - HKLM..\Run: [ExploreUpdSched] C:\WINDOWS\System32\ocntqtdm.exe ()
      O4 - HKLM..\Run: [KernelFaultCheck] File not found
      O4 - HKLM..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe ()
      O4 - HKCU..\Run: [GetModule20] C:\Program Files\GetModule\GetModule20.exe ()
      O4 - HKCU..\Run: [GetPack20] C:\Program Files\GetPack\GetPack20.exe ()
      O4 - HKCU..\Run: [mjc] C:\Program Files\mjc\mjc.exe ()
      O4 - HKCU..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe ()
      O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Deewoo.lnk = C:\WINDOWS\system32\ocntqtdm.exe ()
      O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\DW_Start.lnk = C:\WINDOWS\system32\rrwnw64p.exe ()
      O20 - AppInit_DLLs: (aydekt.dll) - C:\WINDOWS\System32\aydekt.dll ()
      O20 - Winlogon\Notify\hgGxUOhe: DllName - hgGxUOhe.dll - C:\WINDOWS\System32\hgGxUOhe.dll ()
      O28 - HKLM ShellExecuteHooks: {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\hgGxUOhe.dll ()
      O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcYqnml) - C:\WINDOWS\System32\efcYqnml.dll ()
      [2010/12/03 17:46:53 | 000,000,033 | RHS- | M] () -- C:\WINDOWS\muotr.so
      [2008/08/01 08:09:00 | 001,487,632 | -HS- | C] () -- C:\WINDOWS\System32\emltpisj.ini
      [2008/08/01 08:08:43 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\jsiptlme.dll
      [2008/08/01 08:06:13 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\aydekt.dll
      [2008/08/01 08:06:07 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\cabsvmwl.dll
      [2008/08/01 08:02:56 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\kovhjwxm.dll
      [2008/08/01 07:57:51 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\rvxwqody.dll
      [2008/07/15 11:52:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\gpvmfg.dll
      [2008/07/15 11:52:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\lmfgsvng.dll
      [2008/07/15 11:49:18 | 001,843,043 | -HS- | C] () -- C:\WINDOWS\System32\ggsgdykn.ini
      [2008/07/15 11:49:15 | 000,081,408 | ---- | C] () -- C:\WINDOWS\System32\nkydgsgg.dll
      [2008/07/15 11:47:33 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ilgyoubn.dll
      [2008/07/15 08:44:40 | 001,843,087 | -HS- | C] () -- C:\WINDOWS\System32\eqbjgcdi.ini
      [2008/07/15 08:36:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\pnzdtv.dll
      [2008/07/15 08:35:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\ansryyoo.dll
      [2008/07/15 08:23:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\pbjnqtxp.dll
      [2008/07/13 17:33:31 | 001,842,631 | -HS- | C] () -- C:\WINDOWS\System32\yvoukkqm.ini
      [2008/07/13 17:30:47 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\uajago.dll
      [2008/07/13 17:30:45 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\xseqfutd.dll
      [2008/07/13 17:30:03 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\wtyomvdv.dll
      [2008/07/12 08:28:29 | 001,879,293 | -HS- | C] () -- C:\WINDOWS\System32\vccmrdrl.ini
      [2008/07/12 08:25:31 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\swscmr.dll
      [2008/07/12 08:25:27 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\qkcuhjww.dll
      [2008/07/12 08:23:35 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\ubaocbbd.dll
      [2008/07/11 19:01:48 | 001,878,770 | -HS- | C] () -- C:\WINDOWS\System32\ygndlejj.ini
      [2008/07/11 19:00:09 | 000,722,035 | -HS- | C] () -- C:\WINDOWS\System32\lmnqYcfe.ini2
      [2008/07/11 19:00:09 | 000,722,035 | -HS- | C] () -- C:\WINDOWS\System32\lmnqYcfe.ini
      [2008/07/11 18:59:58 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\efcYqnml.dll:OTL



    • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sat Dec 04, 2010 2:51 pm

========== OTL ==========
Process netmon.exe killed successfully!
Process command.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2673f941-a63e-4f1c-9355-5e2eb68c891d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2673f941-a63e-4f1c-9355-5e2eb68c891d}\ deleted successfully.
C:\WINDOWS\system32\aydekt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67f1f031-3888-b1c3-2852-0a47dd8d8f44}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67f1f031-3888-b1c3-2852-0a47dd8d8f44}\ deleted successfully.
C:\WINDOWS\system32\wpuzhltehabgctt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7768234D-E494-424D-96E6-4819A1E16325}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7768234D-E494-424D-96E6-4819A1E16325}\ deleted successfully.
File move failed. C:\WINDOWS\system32\hgGxUOhe.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C848797B-12BC-4983-A8D9-2BCC34D07FB2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C848797B-12BC-4983-A8D9-2BCC34D07FB2}\ not found.
C:\WINDOWS\system32\efcYqnml.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{64ed5f2c-60f4-5163-4e5e-db973fc7094e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ed5f2c-60f4-5163-4e5e-db973fc7094e}\ not found.
File C:\WINDOWS\system32\wpuzhltehabgctt.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{DC-CF-F3-39-DW} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC-CF-F3-39-DW}\ not found.
C:\WINDOWS\system32\rrwnw64p.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4c0dcf96 deleted successfully.
C:\WINDOWS\system32\jsiptlme.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BM4f3efc0a deleted successfully.
C:\WINDOWS\system32\kovhjwxm.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ExploreUpdSched deleted successfully.
C:\WINDOWS\system32\ocntqtdm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
C:\WINDOWS\mrofinu1188.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GetModule20 deleted successfully.
C:\Program Files\GetModule\GetModule20.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GetPack20 deleted successfully.
C:\Program Files\GetPack\GetPack20.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mjc deleted successfully.
C:\Program Files\mjc\mjc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sakora deleted successfully.
C:\Program Files\Sakora\Sakora.exe moved successfully.
C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Deewoo.lnk moved successfully.
File C:\WINDOWS\system32\ocntqtdm.exe not found.
C:\Documents and Settings\Larry\Start Menu\Programs\Startup\DW_Start.lnk moved successfully.
File C:\WINDOWS\system32\rrwnw64p.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:aydekt.dll deleted successfully.
File C:\WINDOWS\System32\aydekt.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGxUOhe\ deleted successfully.
File move failed. C:\WINDOWS\system32\hgGxUOhe.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{7768234D-E494-424D-96E6-4819A1E16325} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7768234D-E494-424D-96E6-4819A1E16325}\ deleted successfully.
File move failed. C:\WINDOWS\system32\hgGxUOhe.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\efcYqnml deleted successfully.
File C:\WINDOWS\System32\efcYqnml.dll not found.
C:\WINDOWS\muotr.so moved successfully.
C:\WINDOWS\system32\emltpisj.ini moved successfully.
File C:\WINDOWS\System32\jsiptlme.dll not found.
File C:\WINDOWS\System32\aydekt.dll not found.
C:\WINDOWS\system32\cabsvmwl.dll moved successfully.
File C:\WINDOWS\System32\kovhjwxm.dll not found.
C:\WINDOWS\system32\rvxwqody.dll moved successfully.
C:\WINDOWS\system32\gpvmfg.dll moved successfully.
C:\WINDOWS\system32\lmfgsvng.dll moved successfully.
C:\WINDOWS\system32\ggsgdykn.ini moved successfully.
C:\WINDOWS\system32\nkydgsgg.dll moved successfully.
C:\WINDOWS\system32\ilgyoubn.dll moved successfully.
C:\WINDOWS\system32\eqbjgcdi.ini moved successfully.
C:\WINDOWS\system32\pnzdtv.dll moved successfully.
C:\WINDOWS\system32\ansryyoo.dll moved successfully.
C:\WINDOWS\system32\pbjnqtxp.dll moved successfully.
C:\WINDOWS\system32\yvoukkqm.ini moved successfully.
C:\WINDOWS\system32\uajago.dll moved successfully.
C:\WINDOWS\system32\xseqfutd.dll moved successfully.
C:\WINDOWS\system32\wtyomvdv.dll moved successfully.
C:\WINDOWS\system32\vccmrdrl.ini moved successfully.
C:\WINDOWS\system32\swscmr.dll moved successfully.
C:\WINDOWS\system32\qkcuhjww.dll moved successfully.
C:\WINDOWS\system32\ubaocbbd.dll moved successfully.
C:\WINDOWS\system32\ygndlejj.ini moved successfully.
C:\WINDOWS\system32\lmnqYcfe.ini2 moved successfully.
C:\WINDOWS\system32\lmnqYcfe.ini moved successfully.
File C:\WINDOWS\System32\efcYqnml.dll:OTL not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12042010_011849

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\hgGxUOhe.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sat Dec 04, 2010 3:17 pm

So far I have been able to log straight in for the first time ages...

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Sat Dec 04, 2010 7:11 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sun Dec 05, 2010 2:57 am

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5245

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/4/2010 10:27:14 PM
mbam-log-2010-12-04 (22-26-59).txt

Scan type: Quick scan
Objects scanned: 175777
Time elapsed: 28 minute(s), 37 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 52
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 42

Memory Processes Infected:
c:\WINDOWS\tgfycnkgvy4gqnjvd24\command.exe (Adware.CommAd) -> 1632 -> No action taken.
c:\program files\network monitor\netmon.exe (Trojan.Service) -> 152 -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\hgGxUOhe.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rootmdmm (Rootkit.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E404D48-670A-4085-A6A0-D195793DDD33} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1E404D48-670A-4085-A6A0-D195793DDD33} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{749EC66F-A838-4B38-B8E5-E65D905FFF74} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9506910A-0F94-4ea1-B567-7070428B8B2B} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910A-0F94-4EA1-B567-7070428B8B2B} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9506910A-0F94-4EA1-B567-7070428B8B2B} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{FF46F4AB-A85F-487E-B399-3F191AC0FE23} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGxUOhe (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{FABA076A-478A-4c32-A0A5-C774607901C2} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FABA076A-478A-4C32-A0A5-C774607901C2} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3DA3-4B29-A041-03535909D361} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E4A04A1-A24D-45AE-ACA4-949778400813} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webtools (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} (Trojan.Network.Monitor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\NaviHelper.NaviHelperObject (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\NaviHelper.NaviHelperObject.1 (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\testCPV6.BHO (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\testCPV6.BHO.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cmdService (Adware.CommAd) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TnIDriver (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Value: {7768234D-E494-424D-96E6-4819A1E16325} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Value: {7768234D-E494-424D-96E6-4819A1E16325} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\localservice\application data\NetMon (Trojan.NetMon) -> No action taken.
c:\program files\iCheck (Trojan.Agent) -> No action taken.
c:\program files\mjc (Trojan.Agent) -> No action taken.
c:\program files\network monitor (Trojan.DNSChanger) -> No action taken.
c:\program files\Sakora (Trojan.Agent) -> No action taken.
c:\program files\temporary (Trojan.Agent) -> No action taken.
c:\program files\Webtools (Trojan.Agent) -> No action taken.
c:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.

Files Infected:
c:\WINDOWS\444.470 (Trojan.DNSChanger) -> No action taken.
c:\WINDOWS\system32\drivers\rootmdmm.sys (Rootkit.Agent) -> No action taken.
c:\WINDOWS\system32\mysidesearch_sidebar.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\hgGxUOhe.dll (Trojan.Vundo) -> No action taken.
c:\program files\Webtools\webtools.dll (Trojan.BHO) -> No action taken.
c:\WINDOWS\system32\fvqjpiiatew.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\gside.exe (Trojan.BHO) -> No action taken.
c:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.BHO) -> No action taken.
c:\WINDOWS\system32\rwwnw64d.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Larry\local settings\Temp\cmdinst.exe (Adware.CommAd) -> No action taken.
c:\documents and settings\Larry\local settings\temporary internet files\Content.IE5\Q9Y5Z3SS\kb767887[1] (Trojan.Vundo) -> No action taken.
c:\documents and settings\Larry\local settings\temporary internet files\Content.IE5\YL8CYUMP\kb456456[1] (Trojan.Vundo) -> No action taken.
c:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\b148.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\b152.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\b155.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\b156.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\msegcompid.dll (Adware.EGDAccess) -> No action taken.
c:\WINDOWS\system32\mseggrpid.dll (Adware.EGDAccess) -> No action taken.
c:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\wvUkHXoo.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> No action taken.
c:\WINDOWS\b104.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\bm4f3efc0a.txt (Trojan.Vundo) -> No action taken.
c:\WINDOWS\bm4f3efc0a.xml (Trojan.Vundo) -> No action taken.
c:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
c:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> No action taken.
c:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> No action taken.
c:\WINDOWS\tgfycnkgvy4gqnjvd24\command.exe (Adware.CommAd) -> No action taken.
c:\program files\network monitor\netmon.exe (Trojan.Service) -> No action taken.
c:\documents and settings\Larry\local settings\Temp\tni19D.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\localservice\application data\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
c:\documents and settings\localservice\application data\NetMon\log.txt (Trojan.NetMon) -> No action taken.
c:\program files\iCheck\iCheck.exe (Trojan.Agent) -> No action taken.
c:\program files\iCheck\uninstall.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> No action taken.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Sun Dec 05, 2010 11:20 pm

Did you remove what was found? the log says no action taken.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sun Dec 05, 2010 11:26 pm

Sorry, I posted the log before hit "remove." Here is the new log:

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5245

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/5/2010 6:55:36 PM
mbam-log-2010-12-05 (18-55-36).txt

Scan type: Quick scan
Objects scanned: 175777
Time elapsed: 28 minute(s), 37 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 52
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 42

Memory Processes Infected:
c:\WINDOWS\tgfycnkgvy4gqnjvd24\command.exe (Adware.CommAd) -> 1632 -> Failed to unload process.
c:\program files\network monitor\netmon.exe (Trojan.Service) -> 152 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\hgGxUOhe.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rootmdmm (Rootkit.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1E404D48-670A-4085-A6A0-D195793DDD33} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1E404D48-670A-4085-A6A0-D195793DDD33} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{749EC66F-A838-4B38-B8E5-E65D905FFF74} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9506910A-0F94-4ea1-B567-7070428B8B2B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910A-0F94-4EA1-B567-7070428B8B2B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9506910A-0F94-4EA1-B567-7070428B8B2B} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{FF46F4AB-A85F-487E-B399-3F191AC0FE23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGxUOhe (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FABA076A-478A-4c32-A0A5-C774607901C2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FABA076A-478A-4C32-A0A5-C774607901C2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3DA3-4B29-A041-03535909D361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E4A04A1-A24D-45AE-ACA4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webtools (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\NaviHelper.NaviHelperObject (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\NaviHelper.NaviHelperObject.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testCPV6.BHO.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TnIDriver (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Value: {7768234D-E494-424D-96E6-4819A1E16325} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7768234D-E494-424D-96E6-4819A1E16325} (Trojan.Vundo) -> Value: {7768234D-E494-424D-96E6-4819A1E16325} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\localservice\application data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\program files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mjc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\network monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\Sakora (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\temporary (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\444.470 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\rootmdmm.sys (Rootkit.Agent) -> Delete on reboot.
c:\WINDOWS\system32\mysidesearch_sidebar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgGxUOhe.dll (Trojan.Vundo) -> Delete on reboot.
c:\program files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fvqjpiiatew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gside.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rwwnw64d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Larry\local settings\Temp\cmdinst.exe (Adware.CommAd) -> Quarantined and deleted successfully.
c:\documents and settings\Larry\local settings\temporary internet files\Content.IE5\Q9Y5Z3SS\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\Larry\local settings\temporary internet files\Content.IE5\YL8CYUMP\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\b148.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\b156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msegcompid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseggrpid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wvUkHXoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\bm4f3efc0a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\bm4f3efc0a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\tgfycnkgvy4gqnjvd24\command.exe (Adware.CommAd) -> Delete on reboot.
c:\program files\network monitor\netmon.exe (Trojan.Service) -> Quarantined and deleted successfully.
c:\documents and settings\Larry\local settings\Temp\tni19D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\program files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\iCheck\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sun Dec 05, 2010 11:51 pm

I have also just rebooted.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Sun Dec 05, 2010 11:56 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Mon Dec 06, 2010 3:47 pm

ComboFix 10-12-04.03 - Larry 12/05/2010 23:33:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.99 [GMT -5:00]
Running from: c:\documents and settings\Larry\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Larry\Favorites\Thumbs.db
c:\documents and settings\Larry\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Larry\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Larry\My Documents\DPE.DUS
c:\documents and settings\Sarleno\Cookies\hpothb07.dat
c:\documents and settings\Sarleno\My Documents\DPE.DUS
c:\program files\GetModule
c:\program files\GetModule\dicik.gz
c:\program files\GetModule\GetModule19.exe
c:\program files\GetModule\kwdik.gz
c:\program files\GetModule\zolnupdate.exe
c:\program files\GetPack
c:\program files\GetPack\dianeadupd.exe
c:\program files\GetPack\dictame.gz
c:\program files\GetPack\GetPack19.exe
c:\program files\GetPack\trgtame.gz
c:\program files\inetget2
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\megavid.cdt
c:\windows\muotr.so

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-06 05:17 . 2010-12-06 05:17 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-12-06 05:01 . 2010-12-06 05:04 -------- d-----w- c:\windows\LastGood
2010-12-06 01:52 . 2010-12-06 01:52 -------- d-----w- c:\program files\iPod
2010-12-06 01:52 . 2010-12-06 01:54 -------- d-----w- c:\program files\iTunes
2010-12-06 01:52 . 2010-12-06 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-04 21:24 . 2010-12-04 21:24 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes
2010-12-04 21:24 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 21:24 . 2010-12-04 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-04 21:23 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 21:23 . 2010-12-04 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 06:18 . 2010-12-04 06:18 -------- d-----w- C:\_OTL
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Conduit
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\program files\Conduit
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\uTorrentBar
2010-12-03 23:53 . 2010-12-03 23:53 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Temp
2010-12-03 23:53 . 2010-12-03 23:53 -------- d-----w- c:\program files\uTorrent
2010-12-03 21:21 . 2010-12-03 21:21 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2004-01-25 20:03 . 2004-01-25 20:03 3468688 ----a-w- c:\program files\R41231.EXE
2010-12-04 15:19 . 2006-07-10 02:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-08-02 20:46 187904 --sha-r- c:\windows\TGFycnkgVy4gQnJvd24\asappsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2003-10-21 118832]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\TNB\TNBUtil.exe" [2003-10-22 647168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-04 30192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-03 185896]
"HostManager"="c:\program files\Common Files\AOL\1171212340\ee\AOLSoftware.exe" [2006-09-26 50736]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=c:\documents and settings\Larry\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
2002-04-10 08:00 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 15:00 184376 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 15:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-11-03 04:11 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 09:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [x]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [x]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-04 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-29 38224]
R3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\windows\system32\DRIVERS\pcx2nd5.sys [2001-10-16 17648]
R3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\windows\system32\DRIVERS\pcx2unic.sys [2001-10-16 69456]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2004-02-02 82336]
S2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\F-Secure Internet Security\fswsclds.exe [2004-10-13 40960]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-12 537520]
S2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [2007-08-31 32528]
S3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [2007-09-01 20496]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
Contents of the 'Scheduled Tasks' folder

2010-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {062B4D8E-B84B-4BB9-A7CD-14852A1E3D74} = 68.105.28.12,68.105.29.12
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\np32dsw.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npaudio.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npavi32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npbeatnk.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npdrmv2.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npdsplay.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npnul32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nppdf32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nppl3260.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin8.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprfxins.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprjplug.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - Extension: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Extension: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Extension: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Extension: Conduit Engine : [You must be registered and logged in to see this link.] - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\engine@conduit.com
FF - Extension: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

BHO-{720BC91B-DAA9-42FA-9D01-7E9FE4D4B3C1} - c:\windows\system32\efcYqnml.dll
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-AdaptecDirectCD - c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-06 00:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ??????????g?????CY????????g????2???????$???
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x81B67030]
3 CLASSPNP[0xF9A7305B] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x81BB0030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\progra~1\AVANQU~1\Fix-It\WinHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\F-Secure Internet Security\Common\FSMB32.EXE
c:\program files\F-Secure Internet Security\Common\FCH32.EXE
c:\program files\F-Secure Internet Security\Common\FAMEH32.EXE
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
c:\windows\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-06 00:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 05:55

Pre-Run: 18,777,837,568 bytes free
Post-Run: 21,326,016,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - C684D2DCFAD27745984A63D7A558A804

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Mon Dec 06, 2010 8:57 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Mon Dec 06, 2010 10:11 pm

2010/12/06 17:07:24.0109 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 17:07:24.0109 ================================================================================
2010/12/06 17:07:24.0109 SystemInfo:
2010/12/06 17:07:24.0109
2010/12/06 17:07:24.0109 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/06 17:07:24.0109 Product type: Workstation
2010/12/06 17:07:24.0109 ComputerName: LARRYANDSARLENO
2010/12/06 17:07:24.0171 UserName: Larry
2010/12/06 17:07:24.0171 Windows directory: C:\WINDOWS
2010/12/06 17:07:24.0171 System windows directory: C:\WINDOWS
2010/12/06 17:07:24.0171 Processor architecture: Intel x86
2010/12/06 17:07:24.0171 Number of processors: 1
2010/12/06 17:07:24.0171 Page size: 0x1000
2010/12/06 17:07:24.0171 Boot type: Normal boot
2010/12/06 17:07:24.0171 ================================================================================
2010/12/06 17:07:25.0609 Initialize success
2010/12/06 17:07:29.0468 ================================================================================
2010/12/06 17:07:29.0468 Scan started
2010/12/06 17:07:29.0468 Mode: Manual;
2010/12/06 17:07:29.0468 ================================================================================
2010/12/06 17:07:32.0781 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/06 17:07:32.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/06 17:07:33.0359 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/06 17:07:33.0562 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys
2010/12/06 17:07:33.0750 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/12/06 17:07:33.0968 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/06 17:07:35.0671 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/06 17:07:35.0875 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/06 17:07:36.0218 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
2010/12/06 17:07:36.0468 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2010/12/06 17:07:36.0843 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/06 17:07:37.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/06 17:07:37.0640 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/12/06 17:07:38.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/06 17:07:38.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/06 17:07:39.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/06 17:07:39.0640 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/06 17:07:40.0906 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/06 17:07:41.0656 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/06 17:07:42.0281 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/06 17:07:43.0937 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/12/06 17:07:45.0218 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/06 17:07:46.0640 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/06 17:07:49.0515 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/06 17:07:50.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/06 17:07:51.0234 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/06 17:07:52.0078 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/06 17:07:53.0000 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/06 17:07:53.0640 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/12/06 17:07:54.0234 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/12/06 17:07:55.0500 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/12/06 17:07:56.0265 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/06 17:07:56.0796 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/06 17:07:57.0437 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/06 17:07:58.0000 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/06 17:07:58.0937 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/06 17:07:59.0546 FSFW (2a402d0a241bbc97fec7275cd5449101) C:\WINDOWS\system32\drivers\fsdfw.sys
2010/12/06 17:08:00.0500 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/12/06 17:08:01.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/06 17:08:02.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/06 17:08:02.0750 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/06 17:08:03.0140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/06 17:08:03.0578 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/06 17:08:04.0515 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/06 17:08:05.0593 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/06 17:08:07.0828 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/12/06 17:08:08.0625 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/06 17:08:09.0125 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/06 17:08:09.0281 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/06 17:08:09.0750 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/06 17:08:10.0218 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/06 17:08:10.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/06 17:08:10.0593 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/06 17:08:11.0234 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/06 17:08:11.0453 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/06 17:08:11.0734 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/06 17:08:11.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/06 17:08:12.0109 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/12/06 17:08:12.0437 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/06 17:08:12.0875 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/06 17:08:13.0062 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/06 17:08:13.0484 MailScan (06b6a9e4cb6942c2d326870e2f57ee68) C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys
2010/12/06 17:08:13.0718 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/12/06 17:08:13.0921 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/06 17:08:14.0234 MCSTRM (08b9943468f32d9d144880d3ec634b5f) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/12/06 17:08:14.0718 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/06 17:08:15.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/06 17:08:15.0375 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/06 17:08:16.0078 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/06 17:08:16.0734 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/06 17:08:17.0281 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/06 17:08:18.0187 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/06 17:08:19.0031 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/06 17:08:19.0937 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/06 17:08:21.0203 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/06 17:08:21.0968 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/06 17:08:22.0671 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/06 17:08:23.0390 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/06 17:08:24.0375 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/06 17:08:25.0109 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/12/06 17:08:26.0031 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/06 17:08:26.0875 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/06 17:08:27.0437 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/06 17:08:27.0984 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/06 17:08:28.0546 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/06 17:08:29.0109 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/06 17:08:29.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/06 17:08:30.0343 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/06 17:08:31.0046 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/06 17:08:32.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/06 17:08:32.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/06 17:08:33.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/06 17:08:33.0640 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/12/06 17:08:33.0906 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/06 17:08:34.0125 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/06 17:08:34.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/06 17:08:34.0500 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/06 17:08:34.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/06 17:08:35.0031 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/06 17:08:35.0281 pcx2nd5 (fa06f0f3eb2abb0652aeec176f573c88) C:\WINDOWS\system32\DRIVERS\pcx2nd5.sys
2010/12/06 17:08:35.0500 pcx2unic (952449aadc01200b6db7713e8731ba6b) C:\WINDOWS\system32\DRIVERS\pcx2unic.sys
2010/12/06 17:08:36.0484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/06 17:08:36.0703 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/06 17:08:36.0890 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/06 17:08:37.0109 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/06 17:08:37.0312 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/12/06 17:08:38.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/06 17:08:38.0234 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/06 17:08:38.0421 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/06 17:08:38.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/06 17:08:38.0796 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/06 17:08:38.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/06 17:08:39.0312 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/06 17:08:39.0609 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/06 17:08:39.0968 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/12/06 17:08:40.0234 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2010/12/06 17:08:40.0531 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/06 17:08:40.0796 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/06 17:08:41.0046 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/06 17:08:41.0375 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/06 17:08:41.0687 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/12/06 17:08:42.0265 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/12/06 17:08:42.0656 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2010/12/06 17:08:42.0859 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/06 17:08:43.0093 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/06 17:08:43.0343 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/06 17:08:43.0562 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/06 17:08:43.0812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/06 17:08:44.0843 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/06 17:08:45.0171 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/06 17:08:45.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/06 17:08:46.0046 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/06 17:08:46.0328 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/06 17:08:46.0578 tmpreflt (e4d1bfeee3a2526d9a986c314a4a4d52) C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys
2010/12/06 17:08:46.0796 tmxpflt (d975ce5ab8d80f785938fe2fcc374b0a) C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys
2010/12/06 17:08:47.0015 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/12/06 17:08:47.0453 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/06 17:08:47.0921 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/06 17:08:48.0281 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/06 17:08:48.0578 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
2010/12/06 17:08:48.0953 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/06 17:08:49.0343 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/06 17:08:49.0609 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/06 17:08:49.0875 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/06 17:08:50.0093 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/06 17:08:50.0421 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/06 17:08:50.0718 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/12/06 17:08:51.0062 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/06 17:08:51.0468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/06 17:08:51.0671 Vsapint (4e1ea031d3ab080b7007f13fd6f1f291) C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys
2010/12/06 17:08:52.0046 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/06 17:08:52.0203 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/12/06 17:08:52.0515 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/06 17:08:52.0750 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/06 17:08:53.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/06 17:08:53.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/06 17:08:53.0859 ================================================================================
2010/12/06 17:08:53.0859 Scan finished
2010/12/06 17:08:53.0859 ================================================================================

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Tue Dec 07, 2010 12:32 am

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Tue Dec 07, 2010 1:35 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF9F32000 \WINDOWS\system32\KDCOM.DLL
0xF9E42000 \WINDOWS\system32\BOOTVID.dll
0xF99E3000 ACPI.sys
0xF9F34000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF99D2000 pci.sys
0xF9A32000 isapnp.sys
0xF9FFA000 pciide.sys
0xF9CB2000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF9A42000 MountMgr.sys
0xF99B3000 ftdisk.sys
0xF9CBA000 PartMgr.sys
0xF9A52000 VolSnap.sys
0xF999B000 atapi.sys
0xF9A62000 disk.sys
0xF9A72000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF997B000 fltmgr.sys
0xF9969000 sr.sys
0xF9A82000 PxHelp20.sys
0xF9952000 KSecDD.sys
0xF98C5000 Ntfs.sys
0xF98B0000 fsdfw.sys
0xF9883000 \WINDOWS\System32\drivers\NDIS.SYS
0xF9CC2000 \WINDOWS\System32\drivers\TDI.SYS
0xF9CCA000 \WINDOWS\System32\drivers\fsndis5.sys
0xF9868000 Mup.sys
0xF9A92000 agp440.sys
0xF9BC2000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF97BF000 \SystemRoot\system32\DRIVERS\ati2mtaa.sys
0xF97AB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF9D1A000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF9788000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF9D22000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF9762000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF9657000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF95CD000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF9D2A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF9587000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF9563000 \SystemRoot\system32\drivers\portcls.sys
0xF9BD2000 \SystemRoot\system32\drivers\drmk.sys
0xF9540000 \SystemRoot\system32\drivers\ks.sys
0xF9BE2000 \SystemRoot\system32\drivers\sfmanm.sys
0xF9F4A000 \SystemRoot\system32\drivers\ctlfacem.sys
0xFA12A000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF9EEA000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF951D000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF9D32000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9BF2000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF9D3A000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF9D42000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9C02000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9EEE000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF9509000 \SystemRoot\System32\DRIVERS\parport.sys
0xF9C12000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF9D4A000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF9C22000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9C32000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF9D52000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF9C42000 \SystemRoot\system32\DRIVERS\imapi.sys
0xFA131000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF9C52000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9EFE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF94F2000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF9C62000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF9C72000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF94E1000 \SystemRoot\System32\DRIVERS\psched.sys
0xF9C82000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF9D5A000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9D62000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF9D6A000 \SystemRoot\System32\DRIVERS\wanatw4.sys
0xF9C92000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF9F4C000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF93E8000 \SystemRoot\System32\DRIVERS\update.sys
0xF9F02000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF9CA2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF9AB2000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9F4E000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF9F2A000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF9D7A000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF9FFF000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xFA001000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF9F50000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xFA002000 \SystemRoot\System32\Drivers\Null.SYS
0xF9F52000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9D8A000 \SystemRoot\System32\drivers\vga.sys
0xF9F54000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9F56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF9D92000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9D9A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF9823000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5EC5000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5E6D000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5E45000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5E23000 \SystemRoot\System32\drivers\afd.sys
0xF9AE2000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF9DA2000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xF5DF8000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF9ECE000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF5D61000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF9B12000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5D40000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF9B22000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF9DAA000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF5C7D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF5C65000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9F5C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF635E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9DBA000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xFA136000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvaa.dll
0xF544D000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF51D1000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF9F88000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF509A000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xF507D000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xF4FF5000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xF4FA3000 \SystemRoot\System32\DRIVERS\srv.sys
0xF9F9A000 \SystemRoot\System32\Drivers\MASPINT.SYS
0xF9F9C000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xF51CD000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF4EAA000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xF4E98000 \SystemRoot\System32\DRIVERS\HSF_SPKP.sys
0xF539D000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xF4DF8000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xF4CF8000 \??\C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys
0xF5171000 \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys
0xF4C91000 \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys
0xF4BA5000 \??\C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys
0xF4754000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4F4B000 \SystemRoot\system32\drivers\sysaudio.sys
0xF53CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF44F2000 \SystemRoot\System32\Drivers\HTTP.sys
0xF9E3A000 \??\C:\Combo-Fix\catchme.sys
0xF9F92000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
692 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
960 svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1232 svchost.exe
1396 C:\WINDOWS\system32\spoolsv.exe
1512 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1524 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1568 C:\Program Files\Bonjour\mDNSResponder.exe
1672 C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
1736 C:\Program Files\F-Secure Internet Security\Common\FSMA32.exe
1748 C:\Program Files\F-Secure Internet Security\fswsclds.exe
1756 C:\Program Files\F-Secure Internet Security\Common\FSMB32.exe
1780 C:\WINDOWS\system32\lxdccoms.exe
1864 C:\WINDOWS\system32\svchost.exe
144 C:\Program Files\F-Secure Internet Security\Common\fch32.exe
312 C:\Program Files\F-Secure Internet Security\Common\FAMEH32.exe
580 C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
380 C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
908 alg.exe
2832 C:\WINDOWS\system32\wscntfy.exe
3988 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
220 C:\WINDOWS\system32\devldr32.exe
336 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
1708 C:\Program Files\F-Secure Internet Security\Common\FSM32.exe
2408 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
2400 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2564 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2360 C:\Program Files\Common Files\AOL\1171212340\ee\aolsoftware.exe
2892 C:\Program Files\iTunes\iTunesHelper.exe
2744 C:\WINDOWS\system32\svchost.exe
3876 wmiprvse.exe
1008 C:\Program Files\iPod\bin\iPodService.exe
3056 C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
2788 C:\WINDOWS\explorer.exe
2504 C:\WINDOWS\system32\notepad.exe
152 C:\Program Files\Mozilla Firefox\firefox.exe
3552 C:\WINDOWS\system32\wuauclt.exe
3136 C:\Documents and Settings\Larry\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: MAXTOR6L040J2, Rev: A93.0500

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CB

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Tue Dec 07, 2010 9:37 pm

Any word on what next to do?

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Tue Dec 07, 2010 11:56 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Folder::
    c:\windows\TGFycnkgVy4gQnJvd24

    MBR::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Wed Dec 08, 2010 4:57 pm

ComboFix 10-12-04.03 - Larry 12/08/2010 1:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255.104 [GMT -5:00]
Running from: c:\documents and settings\Larry\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Larry\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TGFycnkgVy4gQnJvd24
c:\windows\TGFycnkgVy4gQnJvd24\asappsrv.dll
c:\windows\TGFycnkgVy4gQnJvd24\n3IVwB40pVb0kBLSxZb.vbs

.
((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-06 05:17 . 2010-12-06 06:16 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-12-06 05:11 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-12-06 05:11 . 2010-06-14 14:30 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-06 05:10 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-12-06 05:10 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-12-06 05:10 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-12-06 05:10 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-12-06 05:10 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-12-06 05:10 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-12-06 05:10 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-12-06 05:10 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-12-06 05:09 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-12-06 05:07 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-12-06 05:06 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-12-06 01:52 . 2010-12-06 01:52 -------- d-----w- c:\program files\iPod
2010-12-06 01:52 . 2010-12-06 01:54 -------- d-----w- c:\program files\iTunes
2010-12-06 01:52 . 2010-12-06 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-06 01:33 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-04 21:24 . 2010-12-04 21:24 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes
2010-12-04 21:24 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 21:24 . 2010-12-04 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-04 21:23 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 21:23 . 2010-12-04 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 06:18 . 2010-12-04 06:18 -------- d-----w- C:\_OTL
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Conduit
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\program files\Conduit
2010-12-03 23:59 . 2010-12-03 23:59 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\uTorrentBar
2010-12-03 23:53 . 2010-12-03 23:53 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Temp
2010-12-03 23:53 . 2010-12-03 23:53 -------- d-----w- c:\program files\uTorrent
2010-12-03 21:21 . 2010-12-03 21:21 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 20:44 . 2007-11-13 16:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2004-01-25 20:03 . 2004-01-25 20:03 3468688 ----a-w- c:\program files\R41231.EXE
2010-12-04 15:19 . 2006-07-10 02:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-14 02:58 3913000 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2003-10-21 118832]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\TNB\TNBUtil.exe" [2003-10-22 647168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-04 30192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-03 185896]
"HostManager"="c:\program files\Common Files\AOL\1171212340\ee\AOLSoftware.exe" [2006-09-26 50736]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=c:\documents and settings\Larry\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
2002-04-10 08:00 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2001-07-25 15:00 184376 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 15:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-11-03 04:11 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 09:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/13/2004 4:53 AM 82336]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\F-Secure Internet Security\fswsclds.exe [10/13/2004 5:28 AM 40960]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [9/1/2007 5:58 AM 20496]
S2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [?]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [?]
S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys --> c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/9/2006 9:49 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/4/2010 4:24 PM 38224]
S3 pcx2nd5;Toshiba PCX2000 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pcx2nd5.sys [2/3/2004 9:15 PM 17648]
S3 pcx2unic;Toshiba PCX2000 USB Cable Modem WDM driver;c:\windows\system32\drivers\pcx2unic.sys [2/3/2004 9:14 PM 69456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
Contents of the 'Scheduled Tasks' folder

2010-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {062B4D8E-B84B-4BB9-A7CD-14852A1E3D74} = 68.105.28.12,68.105.29.12
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~2\mdpph.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\np32dsw.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npaudio.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npavi32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npbeatnk.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npdrmv2.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npdsplay.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npnul32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nppdf32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nppl3260.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npqtplugin8.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprfxins.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprjplug.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\NPSWF32.dll
FF - plugin: c:\progra~1\Netscape\COMMUN~1\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - Extension: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Extension: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Extension: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Extension: Conduit Engine : [You must be registered and logged in to see this link.] - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\engine@conduit.com
FF - Extension: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-08 01:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ??????????g?????CY????????g????2???????$???
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
c:\docume~1\Larry\LOCALS~1\Temp\catchme.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82367030]
3 CLASSPNP[0xF98B305B] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x823B0030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

**************************************************************************
.
Completion time: 2010-12-08 01:26:00
ComboFix-quarantined-files.txt 2010-12-08 06:25
ComboFix2.txt 2010-12-06 05:55

Pre-Run: 20,252,246,016 bytes free
Post-Run: 20,205,621,248 bytes free

- - End Of File - - 15C0ADB9445DB8417AEF9F2213993CC9

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Thu Dec 09, 2010 12:52 am

Hello.

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Fri Dec 10, 2010 5:28 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x823CC9C8 [4] System
0x81F2CB28 [156] C:\Program Files\F-Secure Internet Security\Common\fch32.exe (F-Secure Corporation, F-Secure Configuration Handler)
0x81F4E8B0 [264] C:\Program Files\F-Secure Internet Security\Common\FAMEH32.exe (F-Secure Corporation, F-Secure Alert and Management Extension Handler)
0xFF885020 [400] C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc., Java(TM) Update Checker)
0x81F26D10 [600] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x822044B0 [620] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x81EE43C0 [656] C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe (Avanquest Software USA, Inc., MXTask Background Service)
0x81EE58B0 [660] C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe (F-Secure Corporation, F-Secure Anti-Virus Internet Shield daemon)
0x81F22788 [668] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x820CBDA0 [692] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8213CDA0 [736] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x822CB5A8 [748] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0xFF4E2138 [876] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x82177710 [908] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x820B5580 [956] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8226B568 [1040] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x822D6B88 [1096] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81ECF4F8 [1112] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8218C808 [1228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x81EF6500 [1396] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x81EE3858 [1488] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8215D818 [1520] C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (America Online, Inc., AOL Connectivity Service)
0x81F1CA18 [1532] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x82165020 [1548] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x81F37B28 [1736] C:\Program Files\F-Secure Internet Security\Common\FSMA32.exe (F-Secure Corporation, F-Secure Management Agent)
0x81F0E958 [1748] C:\Program Files\F-Secure Internet Security\fswsclds.exe (F-Secure Corporation, F-Secure Windows Security Center Suport legacy detection service)
0x81F54DA0 [1756] C:\Program Files\F-Secure Internet Security\Common\FSMB32.exe (F-Secure Corporation, F-Secure Message Broker)
0x81EFEDA0 [1788] C:\WINDOWS\system32\lxdccoms.exe ( , Printer Communication System)
0x82169330 [1892] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8216D020 [2364] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc., mm_tray)
0x823306E8 [2392] C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd., DevLdr32)
0x821BF3D8 [2496] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc, AOL Connectivity Service Dialer)
0x82207370 [2512] C:\Program Files\F-Secure Internet Security\Common\FSM32.exe (F-Secure Corporation, F-Secure Settings and Statistics)
0x81BE0020 [2612] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc., Java(TM) Platform SE binary)
0x81E20350 [2620] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google, Google Desktop)
0xFFB26020 [2644] C:\Program Files\Common Files\AOL\1171212340\ee\aolsoftware.exe (America Online, Inc., AOL)
0xFFAFD908 [2708] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0xFF8EB738 [2792] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0xFF28E020 [2896] C:\Documents and Settings\Larry\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\JJd1sFk6mXoHXl.exe (UG North, RKULE, SR2 Normandy)
0xFF1D6020 [2924] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0xFF8E67B8 [3684] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0xFF290DA0 [3724] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc., µTorrent)
0xFF804310 [3792] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0xFF8A4020 [3860] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0xFF8A3AC0 [3992] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF9497000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF4B5B000 C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys 1048576 bytes (Trend Micro Inc., VsapiNT )
0xF9705000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF940D000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 565248 bytes (Conexant Systems, WinACHSF driver)
0xF4C5B000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF5BC9000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF4E5D000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 380928 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF9228000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xF5CAD000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF4D3E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF95FF000 C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys 327680 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xF4F02000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xF93C7000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xF44B0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF4ACC000 C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys 258048 bytes (Trend Micro Inc., Post Filter For XP)
0xF4CE5000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF9823000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF96C3000 C:\WINDOWS\System32\drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF5011000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF3CE5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5C38000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5C85000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF95A2000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 155648 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xF93A3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF935D000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF5ABD000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF9380000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF95C8000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5C63000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5BA8000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF97BB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF97F3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF4EBD000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xF96A8000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF97DB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF5AA5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF9792000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF9332000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF96F0000 fsdfw.sys 86016 bytes (F-Secure Corporation, F-Secure Distributed Firewall Driver)
0xF45DF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF9349000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF95EB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF5D05000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF4CD3000 C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys 73728 bytes (Conexant, SpkpNT driver)
0xF97A9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF9812000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF9321000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF466C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF9912000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF9AE2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF9942000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF4A74000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF99C2000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF9932000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF98B2000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF4F99000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF9902000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF9962000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF4F69000 C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xF9892000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF9982000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF98D2000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF9952000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF9882000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF9972000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF99B2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF99A2000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF9922000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF98A2000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF9A32000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF9AD2000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF9872000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9992000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF9A02000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF40B5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF98C2000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF98F2000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont(R) Manager)
0xF9A42000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF9C7A000 C:\DOCUME~1\Larry\LOCALS~1\Temp\catchme.sys 32768 bytes
0xF9B0A000 C:\WINDOWS\System32\drivers\fsndis5.sys 32768 bytes (F-Secure Corporation, F-Secure Network Interceptor)
0xF9BC2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF9C32000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF9BCA000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF9BE2000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF9AF2000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF9BBA000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF9C42000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF9BEA000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF9BD2000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF9BDA000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF9C3A000 C:\WINDOWS\system32\Drivers\SbcpHid.sys 24576 bytes (-, -)
0xF9C22000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF9C02000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF9C12000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF9C2A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9AFA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF9BF2000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9BFA000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF9B02000 C:\WINDOWS\System32\drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF9BB2000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF9C5A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF49B4000 C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys 16384 bytes (Avanquest Software USA, Inc., MailScan Kernel Module)
0xF9D6A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF9D42000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF527D000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF9D0A000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF9D32000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF9C82000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF61A6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF9D2E000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF525D000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF9D3E000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF9667000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF9D9A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF9D90000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF9DA4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF9D98000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF9D72000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9E2A000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xF9E2C000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xF9D9C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9E10000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF9E16000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF9D9E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF9D92000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF9D94000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF9D74000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF9FA6000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF9E89000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF9E8B000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF9FA0000 C:\WINDOWS\System32\DRIVERS\ctljystk.sys 4096 bytes (Creative Technology Ltd., Creative Joyport Enabler)
0xF9FB0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF9E8C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF9E3A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\105A2501d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\1A260CBFd01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\20BACBC9d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\22445B13d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\2B35306Fd01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\2D04996Ad01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\382FC2BCd01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\478C30D9d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\51A7ED6Cd01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\55891503d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\674DCCA9d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\78521B96d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\7F0E3D02d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\80CE9724d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\9B2931D3d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\B60CF63Ad01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\BAEE1A35d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\C1295B45d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\CCD3B0CAd01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\E5BA1727d01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\F28F017Ed01
!-->[Hidden] C:\Documents and Settings\Larry\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlcckdqo.default\Cache\F541DA26d01
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe-->IoCreateDevice, Type: Inline - RelativeJump 0x805A0D97-->F9B0AF0A [fsndis5.sys]
ntoskrnl.exe-->IofCallDriver, Type: Address change 0x80552980-->F9C7CF84 [catchme.sys]
[2644]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[2644]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[2644]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[2644]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[2644]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F8-->00000000 [tbdiag.dll]
[2644]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411308-->00000000 [tbdiag.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Sat Dec 11, 2010 12:30 am

Hello.

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\drivers\SbcpHid.sys
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


Please do the same for this file:

C:\WINDOWS\system32\drivers\fsndis5.sys


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sat Dec 11, 2010 4:31 am

VirSCAN.org Scanned Report :
Scanned time : 2009/08/09 16:03:27 (EDT)
Scanner results: Scanners did not find malware!
File Name : SbcpHid.sys
File Size : 22400 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 30d94039a729571146eb9d736ec1aadd
SHA1 : 76cf4f0471b7308f746f10f5df3ad1eb20a48fbc
Online report : [You must be registered and logged in to see this link.]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090809170326 2009-08-09 0.34 -
AhnLab V3 2009.08.08.00 2009.08.08 2009-08-08 1.10 -
AntiVir 8.2.0.248 7.1.5.86 2009-08-09 0.27 -
Antiy 2.0.18 20090804.2672262 2009-08-04 0.02 -
Arcavir 2009 200908090922 2009-08-09 0.10 -
Authentium 5.1.1 200908090001 2009-08-09 1.21 -
AVAST! 4.7.4 090808-0 2009-08-08 0.01 -
AVG 8.5.288 270.13.48/2292 2009-08-09 0.32 -
BitDefender 7.81008.3835398 7.27079 2009-08-10 3.40 -
CA (VET) 9.0.0.143 31.6.6666 2009-08-08 4.92 -
ClamAV 0.95.2 9666 2009-08-08 0.01 -
Comodo 3.10 1924 2009-08-09 0.91 -
CP Secure 1.1.0.715 2009.08.09 2009-08-09 13.24 -
Dr.Web 4.44.0.9170 2009.08.09 2009-08-09 7.81 -
F-Prot 4.4.4.56 20090808 2009-08-08 1.17 -
F-Secure 7.02.73807 2009.08.09.02 2009-08-09 0.08 -
Fortinet 2.81-3.120 10.691 2009-08-07 0.20 -
GData 19.6991/19.433 20090809 2009-08-09 4.50 -
ViRobot 20090808 2009.08.08 2009-08-08 0.41 -
Ikarus T3.1.01.64 2009.08.09.73208 2009-08-09 3.38 -
JiangMin 11.0.800 2009.08.09 2009-08-09 10.77 -
Kaspersky 5.5.10 2009.08.09 2009-08-09 0.06 -
KingSoft 2009.2.5.15 2009.8.9.15 2009-08-09 0.52 -
McAfee 5.3.00 5704 2009-08-09 3.10 -
Microsoft 1.4903 2009.08.09 2009-08-09 5.98 -
Norman 6.01.09 6.01.00 2009-08-06 0.00 -
Panda 9.05.01 2009.08.09 2009-08-09 3.54 -
Trend Micro 8.700-1004 6.350.24 2009-08-09 0.03 -
Quick Heal 10.00 2009.08.08 2009-08-08 1.20 -
Rising 20.0 21.41.62.00 2009-08-09 1.07 -
Sophos 2.89.1 4.44 2009-08-10 2.86 -
Sunbelt 5321 5321 2009-08-09 1.62 -
Symantec 1.3.0.24 20090809.005 2009-08-09 0.26 -
nProtect 20090809.01 4982391 2009-08-09 6.53 -
The Hacker 6.3.4.3 v00378 2009-08-07 0.67 -
VBA32 3.12.10.9 20090808.1434 2009-08-08 1.81 -
VirusBuster 4.5.11.10 10.111.8/1844777 2009-08-09 2.25 -


VirSCAN.org Scanned Report :
Scanned time : 2009/08/09 16:03:27 (EDT)
Scanner results: Scanners did not find malware!
File Name : SbcpHid.sys
File Size : 22400 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 30d94039a729571146eb9d736ec1aadd
SHA1 : 76cf4f0471b7308f746f10f5df3ad1eb20a48fbc
Online report : [You must be registered and logged in to see this link.]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090809170326 2009-08-09 0.34 -
AhnLab V3 2009.08.08.00 2009.08.08 2009-08-08 1.10 -
AntiVir 8.2.0.248 7.1.5.86 2009-08-09 0.27 -
Antiy 2.0.18 20090804.2672262 2009-08-04 0.02 -
Arcavir 2009 200908090922 2009-08-09 0.10 -
Authentium 5.1.1 200908090001 2009-08-09 1.21 -
AVAST! 4.7.4 090808-0 2009-08-08 0.01 -
AVG 8.5.288 270.13.48/2292 2009-08-09 0.32 -
BitDefender 7.81008.3835398 7.27079 2009-08-10 3.40 -
CA (VET) 9.0.0.143 31.6.6666 2009-08-08 4.92 -
ClamAV 0.95.2 9666 2009-08-08 0.01 -
Comodo 3.10 1924 2009-08-09 0.91 -
CP Secure 1.1.0.715 2009.08.09 2009-08-09 13.24 -
Dr.Web 4.44.0.9170 2009.08.09 2009-08-09 7.81 -
F-Prot 4.4.4.56 20090808 2009-08-08 1.17 -
F-Secure 7.02.73807 2009.08.09.02 2009-08-09 0.08 -
Fortinet 2.81-3.120 10.691 2009-08-07 0.20 -
GData 19.6991/19.433 20090809 2009-08-09 4.50 -
ViRobot 20090808 2009.08.08 2009-08-08 0.41 -
Ikarus T3.1.01.64 2009.08.09.73208 2009-08-09 3.38 -
JiangMin 11.0.800 2009.08.09 2009-08-09 10.77 -
Kaspersky 5.5.10 2009.08.09 2009-08-09 0.06 -
KingSoft 2009.2.5.15 2009.8.9.15 2009-08-09 0.52 -
McAfee 5.3.00 5704 2009-08-09 3.10 -
Microsoft 1.4903 2009.08.09 2009-08-09 5.98 -
Norman 6.01.09 6.01.00 2009-08-06 0.00 -
Panda 9.05.01 2009.08.09 2009-08-09 3.54 -
Trend Micro 8.700-1004 6.350.24 2009-08-09 0.03 -
Quick Heal 10.00 2009.08.08 2009-08-08 1.20 -
Rising 20.0 21.41.62.00 2009-08-09 1.07 -
Sophos 2.89.1 4.44 2009-08-10 2.86 -
Sunbelt 5321 5321 2009-08-09 1.62 -
Symantec 1.3.0.24 20090809.005 2009-08-09 0.26 -
nProtect 20090809.01 4982391 2009-08-09 6.53 -
The Hacker 6.3.4.3 v00378 2009-08-07 0.67 -
VBA32 3.12.10.9 20090808.1434 2009-08-08 1.81 -
VirusBuster 4.5.11.10 10.111.8/1844777 2009-08-09 2.25 -

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Sat Dec 11, 2010 5:37 pm

Hello.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

part 1

Post by larrybro on Sun Dec 12, 2010 3:04 am


SpiderKill by DragonMaster Jay


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 4C0D-CF39

Directory of C:\Windows\System32\Drivers

12/09/2010 11:43 PM .
12/09/2010 11:43 PM ..
07/21/2001 01:49 PM 2,104,298 2gmgsmt.sf2
08/04/2004 01:07 AM 187,776 acpi.sys
06/25/2002 04:36 PM 11,648 acpiec.sys
08/04/2004 02:56 AM 4,255 adv01nt5.dll
08/04/2004 02:56 AM 3,967 adv02nt5.dll
08/04/2004 02:56 AM 3,615 adv05nt5.dll
08/04/2004 02:56 AM 3,647 adv07nt5.dll
08/04/2004 02:56 AM 3,135 adv08nt5.dll
08/04/2004 02:56 AM 3,711 adv09nt5.dll
08/04/2004 02:56 AM 3,775 adv11nt5.dll
02/14/2006 07:22 PM 142,464 aec.sys
08/14/2008 04:51 AM 138,368 afd.sys
10/07/2004 08:16 PM 35,840 AFS2K.SYS
08/04/2004 01:07 AM 42,368 agp440.sys
08/04/2004 01:07 AM 44,928 agpcpq.sys
08/04/2004 01:07 AM 42,752 alim1541.sys
08/04/2004 01:07 AM 43,008 amdagp.sys
08/04/2004 12:59 AM 36,992 amdk6.sys
08/04/2004 12:59 AM 37,376 amdk7.sys
08/04/2004 12:58 AM 60,800 arp1394.sys
04/22/2003 10:21 PM 8,552 asctrm.sys
08/04/2004 01:05 AM 14,336 asyncmac.sys
08/04/2004 12:59 AM 95,360 atapi.sys
08/04/2004 12:29 AM 56,623 ati1btxx.sys
08/04/2004 12:29 AM 11,615 ati1mdxx.sys
08/04/2004 12:29 AM 12,047 ati1pdxx.sys
08/04/2004 12:29 AM 30,671 ati1raxx.sys
08/04/2004 12:29 AM 63,663 ati1rvxx.sys
08/04/2004 12:29 AM 26,367 ati1snxx.sys
08/04/2004 12:29 AM 21,343 ati1ttxx.sys
08/04/2004 12:29 AM 36,463 ati1tuxx.sys
08/04/2004 12:29 AM 29,455 ati1xbxx.sys
08/04/2004 12:29 AM 34,735 ati1xsxx.sys
08/17/2001 07:48 AM 281,856 ati2mpaa.sys
08/04/2004 01:29 AM 327,040 ati2mtaa.sys
08/04/2004 12:29 AM 701,440 ati2mtag.sys
08/04/2004 12:29 AM 57,856 atinbtxx.sys
08/04/2004 12:29 AM 13,824 atinmdxx.sys
08/04/2004 12:29 AM 14,336 atinpdxx.sys
08/04/2004 12:29 AM 52,224 atinraxx.sys
08/04/2004 12:29 AM 104,960 atinrvxx.sys
08/04/2004 12:29 AM 28,672 atinsnxx.sys
08/04/2004 12:29 AM 13,824 atinttxx.sys
08/04/2004 12:29 AM 73,216 atintuxx.sys
08/04/2004 12:29 AM 31,744 atinxbxx.sys
08/04/2004 12:29 AM 63,488 atinxsxx.sys
07/17/2004 01:36 PM 64,352 ativmc20.cod
08/04/2004 12:58 AM 59,904 atmarpc.sys
06/25/2002 04:36 PM 31,360 atmepvc.sys
08/04/2004 12:58 AM 55,936 atmlane.sys
06/25/2002 04:36 PM 352,256 atmuni.sys
08/04/2004 02:56 AM 21,183 atv01nt5.dll
08/04/2004 02:56 AM 11,359 atv02nt5.dll
08/04/2004 02:56 AM 25,471 atv04nt5.dll
08/04/2004 02:56 AM 14,143 atv06nt5.dll
08/04/2004 02:56 AM 17,279 atv10nt5.dll
08/17/2001 08:59 AM 3,072 audstub.sys
06/25/2002 04:36 PM 4,224 beep.sys
08/04/2004 12:59 AM 71,552 bridge.sys
08/04/2004 01:10 AM 17,024 bthenum.sys
08/04/2004 01:10 AM 38,016 bthmodem.sys
08/04/2004 12:58 AM 100,992 bthpan.sys
06/13/2008 08:10 AM 272,128 bthport.sys
08/04/2004 01:10 AM 35,456 bthprint.sys
08/04/2004 01:10 AM 18,944 bthusb.sys
06/25/2002 04:36 PM 13,952 cbidf2k.sys
06/25/2002 04:37 PM 18,688 cdaudio.sys
08/04/2004 01:14 AM 63,744 cdfs.sys
11/29/2007 05:30 PM 9,336 cdr4_xp.sys
11/29/2007 05:30 PM 9,464 cdralw2k.sys
08/04/2004 12:59 AM 49,536 cdrom.sys
08/04/2004 02:56 AM 15,423 ch7xxnt5.dll
06/25/2002 04:37 PM 262,528 cinemst2.sys
08/04/2004 01:14 AM 49,664 classpnp.sys
06/25/2002 04:37 PM 11,776 cpqdap01.sys
08/04/2004 12:59 AM 36,480 crusoe.sys
08/17/2001 07:19 AM 6,912 ctlfacem.sys
08/17/2001 07:19 AM 3,712 ctljystk.sys
07/18/2004 12:55 AM 129,045 cxthsfs2.cty
07/09/2002 05:13 PM 138,650 del0219.cty
01/27/2003 02:27 PM disdn
08/04/2004 12:59 AM 36,352 disk.sys
08/04/2004 12:59 AM 14,208 diskdump.sys
08/04/2004 01:07 AM 799,744 dmboot.sys
08/04/2004 01:07 AM 153,344 dmio.sys
06/25/2002 04:37 PM 5,888 dmload.sys
08/04/2004 01:07 AM 52,864 dmusic.sys
08/04/2004 01:07 AM 60,288 drmk.sys
08/04/2004 01:07 AM 2,944 drmkaud.sys
06/25/2002 04:37 PM 10,496 dxapi.sys
08/04/2004 01:00 AM 71,040 dxg.sys
06/25/2002 04:37 PM 3,328 dxgthk.sys
04/30/2002 12:53 PM 139,776 e100b325.sys
08/17/2001 07:19 AM 283,904 emu10k1m.sys
12/08/2010 01:18 AM etc
08/04/2004 01:14 AM 143,360 fastfat.sys
08/04/2004 12:59 AM 27,392 fdc.sys
06/25/2002 04:38 PM 34,944 fips.sys
08/04/2004 12:59 AM 20,480 flpydisk.sys
08/21/2006 04:14 AM 128,896 fltmgr.sys
02/02/2004 11:20 AM 82,336 fsdfw.sys
02/02/2004 11:20 AM 29,376 fsndis5.sys
06/25/2002 04:37 PM 12,160 fsvga.sys
06/25/2002 04:38 PM 7,936 fs_rec.sys
06/25/2002 04:38 PM 125,056 ftdisk.sys
08/04/2004 01:07 AM 46,464 gagp30kx.sys
08/04/2004 01:08 AM 10,624 gameenum.sys
05/18/2009 01:17 PM 26,600 GEARAspiWDM.sys
06/25/2002 04:38 PM 3,440,660 gm.dls
06/25/2002 04:38 PM 646 gmreadme.txt
08/04/2004 01:10 AM 25,600 hidbth.sys
08/04/2004 01:08 AM 36,224 hidclass.sys
08/04/2004 01:08 AM 15,104 hidir.sys
08/04/2004 01:08 AM 24,960 hidparse.sys
08/04/2004 12:41 AM 220,032 hsfbs2s2.sys
08/04/2004 12:41 AM 685,056 hsfcxts2.sys
08/04/2004 12:41 AM 1,041,536 hsfdpsp2.sys
07/09/2002 05:13 PM 167,155 HSFHWBS2.sys
08/17/2001 08:28 AM 150,239 HSF_AMOS.sys
08/17/2001 08:28 AM 67,167 HSF_BSC2.sys
07/09/2002 05:13 PM 594,832 HSF_CNXT.sys
07/09/2002 05:14 PM 1,172,416 HSF_DP.sys
08/17/2001 08:28 AM 289,887 HSF_FALL.sys
08/17/2001 08:28 AM 199,711 HSF_FAXX.sys
08/17/2001 08:28 AM 115,807 HSF_FSKS.sys
08/17/2001 08:28 AM 391,199 HSF_K56K.sys
08/17/2001 08:28 AM 542,879 HSF_MSFT.sys
08/17/2001 08:28 AM 57,471 HSF_SAMP.sys
08/17/2001 08:28 AM 44,863 HSF_SOAR.sys
08/17/2001 08:28 AM 73,279 HSF_SPKP.sys
08/17/2001 08:28 AM 50,751 HSF_TONE.sys
08/17/2001 08:28 AM 488,383 HSF_V124.sys
10/20/2009 09:58 AM 263,552 http.sys
08/04/2004 01:14 AM 52,736 i8042prt.sys
08/04/2004 01:00 AM 41,856 imapi.sys
08/04/2004 12:59 AM 36,096 intelppm.sys
08/04/2004 01:00 AM 29,056 ip6fw.sys
06/25/2002 04:38 PM 32,896 ipfltdrv.sys
08/04/2004 01:04 AM 20,992 ipinip.sys
09/29/2004 05:28 PM 134,912 ipnat.sys
08/04/2004 01:14 AM 74,752 ipsec.sys
08/04/2004 01:00 AM 11,264 irenum.sys
08/17/2001 01:58 PM 35,840 isapnp.sys
08/04/2004 12:58 AM 24,576 kbdclass.sys
06/14/2006 03:47 AM 172,416 kmixer.sys
08/04/2004 01:15 AM 140,928 ks.sys
06/22/2009 06:34 AM 92,544 ksecdd.sys
03/29/2000 04:11 PM 8,096 MASPINT.SYS
11/29/2010 05:42 PM 20,952 mbam.sys
11/29/2010 05:42 PM 38,224 mbamswissarmy.sys
06/25/2002 04:40 PM 7,680 mcd.sys
01/02/2004 03:24 PM 8,413 mcstrm.sys
07/09/2002 05:14 PM 9,855 mdmxsdk.sys
08/04/2004 01:07 AM 63,744 mf.sys
06/25/2002 04:40 PM 4,224 mnmdd.sys
08/04/2004 01:08 AM 30,080 modem.sys
08/17/2001 08:57 AM 16,128 MODEMCSA.sys
08/04/2004 12:58 AM 23,040 mouclass.sys
08/04/2004 12:58 AM 42,240 mountmgr.sys
12/18/2007 04:51 AM 179,584 mrxdav.sys
02/24/2010 07:31 AM 454,016 mrxsmb.sys
08/04/2004 01:00 AM 19,072 msfs.sys
08/04/2004 01:04 AM 35,072 msgpc.sys
08/04/2004 12:58 AM 7,552 mskssrv.sys
08/04/2004 12:58 AM 5,376 mspclock.sys
08/04/2004 12:58 AM 4,992 mspqm.sys
08/04/2004 01:07 AM 15,488 mssmbios.sys
08/04/2004 12:41 AM 126,686 mtlmnt5.sys
08/04/2004 12:41 AM 1,309,184 mtlstrm.sys
08/04/2004 12:29 AM 452,736 mtxparhm.sys
08/04/2004 01:15 AM 107,904 mup.sys
08/04/2004 01:04 AM 12,672 mutohpen.sys
01/27/2003 09:03 PM 28,164 MxlW2k.sys
08/04/2004 01:14 AM 182,912 ndis.sys
06/25/2002 04:42 PM 9,600 ndistapi.sys
08/04/2004 01:03 AM 12,928 ndisuio.sys
08/04/2004 01:14 AM 91,776 ndiswan.sys
06/25/2002 04:42 PM 38,016 ndproxy.sys
08/04/2004 01:03 AM 34,560 netbios.sys
08/04/2004 01:14 AM 162,816 netbt.sys
07/17/2004 01:34 PM 67,866 netwlan5.img
08/04/2004 12:58 AM 61,824 nic1394.sys
06/25/2002 04:37 PM 12,032 nikedrv.sys
08/04/2004 12:59 AM 40,320 nmnt.sys
08/04/2004 01:00 AM 30,848 npfs.sys
02/09/2007 06:10 AM 574,464 ntfs.sys
08/04/2004 12:41 AM 180,360 ntmtlfax.sys
06/25/2002 04:43 PM 2,944 null.sys
08/04/2004 12:29 AM 1,897,408 nv4_mini.sys
06/25/2002 04:43 PM 12,416 nwlnkflt.sys
06/25/2002 04:43 PM 32,512 nwlnkfwd.sys
08/04/2004 01:03 AM 88,448 nwlnkipx.sys
06/25/2002 04:43 PM 63,232 nwlnknb.sys
06/25/2002 04:43 PM 55,936 nwlnkspx.sys
08/22/2001 08:42 AM 13,632 omci.sys
06/25/2002 04:44 PM 3,456 oprghdlr.sys
08/04/2004 12:59 AM 42,496 p3.sys
08/04/2004 12:59 AM 80,128 parport.sys
06/25/2002 04:44 PM 18,688 partmgr.sys
06/25/2002 04:44 PM 6,784 parvdm.sys
08/04/2004 01:07 AM 68,224 pci.sys
08/17/2001 01:51 PM 3,328 pciide.sys
08/04/2004 12:59 AM 25,088 pciidex.sys
08/04/2004 01:07 AM 119,936 pcmcia.sys
10/16/2001 04:46 PM 3,936 pcx2cr.sys
10/16/2001 04:47 PM 17,648 pcx2nd5.sys
10/16/2001 04:46 PM 69,456 pcx2unic.sys
10/16/2001 04:46 PM 5,712 pcx2wh.sys
08/04/2004 01:15 AM 145,792 portcls.sys
08/04/2004 12:59 AM 35,328 processr.sys
08/04/2004 01:04 AM 69,120 psched.sys
06/25/2002 04:44 PM 17,792 ptilink.sys
11/29/2007 05:30 PM 43,528 pxhelp20.sys
06/25/2002 04:44 PM 8,832 rasacd.sys
08/04/2004 01:14 AM 51,328 rasl2tp.sys
08/04/2004 01:05 AM 41,472 raspppoe.sys
08/04/2004 01:14 AM 48,384 raspptp.sys
06/25/2002 04:45 PM 16,512 raspti.sys
06/25/2002 04:45 PM 34,432 rawwan.sys
05/05/2006 04:47 AM 174,592 rdbss.sys
06/25/2002 04:45 PM 4,224 rdpcdd.sys
08/04/2004 01:01 AM 196,864 rdpdr.sys
06/09/2005 11:09 PM 139,528 rdpwd.sys
08/04/2004 12:41 AM 13,776 recagent.sys
08/04/2004 12:59 AM 57,472 redbook.sys
08/04/2004 01:10 AM 59,648 rfcomm.sys
06/25/2002 04:37 PM 12,032 rio8drv.sys
06/25/2002 04:37 PM 12,032 riodrv.sys
05/08/2008 07:28 AM 202,752 rmcast.sys
08/04/2004 01:04 AM 30,080 rndismp.sys
08/04/2004 01:04 AM 30,080 rndismpx.sys
06/25/2002 04:45 PM 5,888 rootmdm.sys
08/04/2004 12:29 AM 166,912 s3gnbm.sys
06/09/2004 06:42 PM 15,429 Sacm2A.sys
08/23/2001 02:00 PM 22,400 SbcpHid.sys
08/04/2004 12:59 AM 96,256 scsiport.sys
08/04/2004 01:07 AM 67,584 sdbus.sys
11/13/2007 05:25 AM 20,480 secdrv.sys
08/04/2004 12:59 AM 15,488 serenum.sys
08/04/2004 01:15 AM 64,896 serial.sys
08/04/2004 12:59 AM 11,136 sffdisk.sys
08/04/2004 12:59 AM 10,240 sffp_sd.sys
08/04/2004 12:59 AM 11,392 sfloppy.sys
08/17/2001 07:19 AM 36,480 sfmanm.sys
08/04/2004 02:56 AM 3,901 siint5.dll
08/04/2004 01:07 AM 41,088 sisagp.sys
08/04/2004 12:41 AM 129,535 slnt7554.sys
08/04/2004 12:41 AM 404,990 slntamr.sys
08/04/2004 12:41 AM 95,424 slnthal.sys
08/04/2004 12:41 AM 13,240 slwdmsup.sys
08/04/2004 01:07 AM 6,016 smbali.sys
06/25/2002 04:46 PM 14,592 smclib.sys
08/04/2004 01:09 AM 25,472 sonydcam.sys
06/14/2006 03:47 AM 6,400 splitter.sys
08/04/2004 01:06 AM 73,472 sr.sys
12/31/2009 11:14 AM 352,640 srv.sys
08/04/2004 01:08 AM 48,640 stream.sys
08/04/2004 12:58 AM 4,352 swenum.sys
08/17/2001 09:00 AM 54,272 swmidi.sys
08/04/2004 01:15 AM 60,800 sysaudio.sys
08/04/2004 12:59 AM 14,976 tape.sys
06/20/2008 05:45 AM 360,320 tcpip.sys
02/11/2010 07:01 AM 226,880 tcpip6.sys
08/04/2004 01:07 AM 18,560 tdi.sys
08/04/2004 03:01 AM 12,040 tdpipe.sys
08/04/2004 03:01 AM 21,896 tdtcp.sys
08/04/2004 03:01 AM 40,840 termdd.sys
06/25/2002 04:37 PM 51,712 tosdvd.sys
06/25/2002 04:37 PM 21,376 tsbvcap.sys
08/04/2004 01:03 AM 12,416 tunmp.sys
08/04/2004 01:07 AM 44,672 uagp35.sys
08/04/2004 01:00 AM 66,176 udfs.sys
01/04/2007 06:49 PM umdf
04/23/2007 05:32 AM 364,160 update.sys
08/04/2004 01:04 AM 12,672 usb8023.sys
08/04/2004 01:04 AM 12,672 usb8023x.sys
09/28/2010 03:44 PM 41,984 usbaapl.sys
06/25/2002 04:37 PM 23,808 usbcamd.sys
06/25/2002 04:37 PM 23,936 usbcamd2.sys
06/25/2002 04:48 PM 4,736 usbd.sys
08/04/2004 01:08 AM 26,624 usbehci.sys
08/04/2004 01:08 AM 57,600 usbhub.sys
08/04/2004 01:08 AM 16,000 usbintel.sys
08/04/2004 01:08 AM 142,976 usbport.sys
08/04/2004 01:01 AM 25,856 usbprint.sys
08/04/2004 12:58 AM 15,104 usbscan.sys
08/04/2004 01:08 AM 26,496 usbstor.sys
08/04/2004 01:08 AM 20,480 usbuhci.sys
08/04/2004 01:10 AM 78,464 usbvideo.sys
11/24/2001 12:11 PM 81,924 VC4CB104.SYS
08/04/2004 02:56 AM 11,325 vchnt5.dll
06/25/2002 04:37 PM 58,112 vdmindvd.sys
08/04/2004 01:07 AM 20,992 vga.sys
08/04/2004 01:07 AM 42,240 viaagp.sys
08/04/2004 01:07 AM 79,744 videoprt.sys
08/04/2004 01:00 AM 52,352 volsnap.sys
08/04/2004 01:04 AM 13,568 wacompen.sys
08/04/2004 12:29 AM 11,807 wadv07nt.sys
08/04/2004 12:29 AM 11,295 wadv08nt.sys
08/04/2004 12:29 AM 11,871 wadv09nt.sys
08/04/2004 12:29 AM 11,935 wadv11nt.sys
08/04/2004 01:04 AM 34,560 wanarp.sys
10/15/2002 02:32 PM 33,588 wanatw4.sys
08/04/2004 12:29 AM 22,271 watv06nt.sys
08/04/2004 12:29 AM 25,471 watv10nt.sys
06/14/2006 04:00 AM 82,944 wdmaud.sys
06/25/2002 04:50 PM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
06/25/2002 04:51 PM 12,032 ws2ifsl.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
308 File(s) 33,678,841 bytes

Directory of C:\Windows\System32\Drivers\disdn

01/27/2003 02:27 PM .
01/27/2003 02:27 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

12/08/2010 01:18 AM .
12/08/2010 01:18 AM ..
12/08/2010 01:18 AM 27 hosts
06/25/2002 04:40 PM 3,683 lmhosts.sam
06/25/2002 04:43 PM 407 networks
06/25/2002 04:44 PM 799 protocol
06/25/2002 04:45 PM 7,116 services
5 File(s) 12,032 bytes

Directory of C:\Windows\System32\Drivers\umdf

01/04/2007 06:49 PM .
01/04/2007 06:49 PM ..
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
314 File(s) 34,362,105 bytes
11 Dir(s) 20,138,520,576 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 4C0D-CF39

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 620 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 668 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 692 High C:\WINDOWS\system32\winlogon.exe
services.exe 736 Normal C:\WINDOWS\system32\services.exe
lsass.exe 748 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 908 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 956 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1040 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1096 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1228 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1396 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1488 Normal C:\WINDOWS\System32\svchost.exe
AOLacsd.exe 1520 Normal C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
AppleMobileDeviceService.exe 1532 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
mDNSResponder.exe 1548 Normal C:\Program Files\Bonjour\mDNSResponder.exe
FSMA32.EXE 1736 Normal C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
fswsclds.exe 1748 Normal C:\Program Files\F-Secure Internet Security\fswsclds.exe
FSMB32.EXE 1756 Normal C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
lxdccoms.exe 1788 High C:\WINDOWS\system32\lxdccoms.exe
svchost.exe 1892 Normal C:\WINDOWS\System32\svchost.exe
FCH32.EXE 156 Normal C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
FAMEH32.EXE 264 Normal C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
mxtask.exe 656 Normal C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
fsdfwd.exe 660 Normal C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
alg.exe 1112 Normal C:\WINDOWS\System32\alg.exe
wscntfy.exe 600 Normal C:\WINDOWS\system32\wscntfy.exe
mm_tray.exe 2364 Normal C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
devldr32.exe 2392 Normal C:\WINDOWS\system32\devldr32.exe
AOLDial.exe 2496 Normal C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
FSM32.EXE 2512 Normal C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
jusched.exe 2612 Normal C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
GoogleDesktop.exe 2620 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
AOLSoftware.exe 2644 Normal C:\Program Files\Common Files\AOL\1171212340\ee\AOLSoftware.exe
iTunesHelper.exe 2708 Normal C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe 2792 Normal C:\WINDOWS\System32\svchost.exe
wmiprvse.exe 3684 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
iPodService.exe 3860 Normal C:\Program Files\iPod\bin\iPodService.exe
jucheck.exe 400 Normal C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
wuauclt.exe 3792 Normal C:\WINDOWS\system32\wuauclt.exe
explorer.exe 876 Normal C:\WINDOWS\explorer.exe
firefox.exe 3992 Normal C:\Program Files\Mozilla Firefox\firefox.exe
uTorrent.exe 3724 Normal C:\Program Files\uTorrent\uTorrent.exe
realsched.exe 3160 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
cmd.exe 2192 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 2540 Normal C:\Documents and Settings\Larry\Desktop\SpiderKill\processes.exe


*********************Modules of explorer.exe and svchost.exe*******************
Module information for 'explorer.exe'(876)
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.3020 (xpsp.061023-0222) Shell Browser UI Library
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
SHDOCVW.dll 77760000 1507328 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.3020 (xpsp.061023-0222) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.3661 (xpsp_sp2_gdr.091223-1722) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.17055 (vista_gdr.100414-0533) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.17055 (vista_gdr.100414-0533) Run time utility for Internet Explorer
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Windows Theme API
Secur32.dll 77fe0000 69632 C:\WINDOWS\System32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) GDIEXT Client DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ieframe.dll 3e1c0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.17055 (vista_gdr.100414-0533) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
NETSHELL.dll 76400000 1728512 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.17055 (vista_gdr.100414-0533) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.3619 (xpsp_sp2_gdr.090824-1329) Windows HTTP Services
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
urlmon.dll 78130000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.17055 (vista_gdr.100414-0533) OLE32 Extensions for Win32
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WDM Audio driver mapper
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Multi Language Support DLL
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft MIDI Mapper
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Web DAV Client DLL
browselc.dll e80000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows DirectUser Engine
wmvcore.dll 15110000 2478080 C:\WINDOWS\system32\wmvcore.dll 11.0.5721.5275 (WMP_11.100405-1047) Windows Media Playback/Authoring DLL
WMASF.DLL 11c70000 237568 C:\WINDOWS\system32\WMASF.DLL 11.0.5721.5238 (WMP_11.071025-0642) Windows Media ASF DLL
l3codeca.acm 3d520000 598016 C:\WINDOWS\System32\l3codeca.acm 1, 9, 0, 0306 MPEG Layer-3 Audio Codec for MSACM
gdiplus.dll 4ec50000 1748992 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll 5.2.6001.22319 (vistasp1_ldr.081126-1506) Microsoft GDI+
msdmo.dll 736b0000 28672 C:\WINDOWS\system32\msdmo.dll
MFPlat.DLL bef0000 225280 C:\WINDOWS\system32\MFPlat.DLL 11.0.5721.5145 (WMP_11.061018-2006) Media Foundation Platform DLL
mydocs.dll 72410000 106496 C:\WINDOWS\System32\mydocs.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) My Documents Folder UI
mbamext.dll 10000000 94208 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1.50.0.0000 Malwarebytes' Anti-Malware
PDFShell.dll a80000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension
mxctxmnu.dll ff0000 36864 C:\Program Files\Avanquest\Fix-It\mxctxmnu.dll 8.0.2.2 Fix-It Context Menus
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
MXDlgSup.dll 1550000 45056 C:\Program Files\Avanquest\Fix-It\MXDlgSup.dll 8.0.2.2 Dialog Support
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
7-zip.dll 15a0000 69632 C:\Program Files\7-Zip\7-zip.dll 9.20 7-Zip Shell Extension
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Compressed (zipped) Folders
wuapi.dll 506a0000 581632 C:\WINDOWS\system32\wuapi.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update Client API
Cabinet.dll 75150000 81920 C:\WINDOWS\system32\Cabinet.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Cabinet File API
mnyviewer.dll 2590000 147456 C:\Program Files\Microsoft Money\System\mnyviewer.dll 10.00.0809 MoneySide Controls
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Common Dialogs DLL
MSISIP.DLL 60980000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4000.1823 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.8820 Microsoft (r) Shell Extension for Windows Script Host
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~4\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sun Dec 12, 2010 3:15 am

Module information for 'svchost.exe'(908)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
rpcss.dll 76a80000 409600 c:\windows\system32\rpcss.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Distributed COM Services
Secur32.dll 77fe0000 69632 c:\windows\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
termsrv.dll 760f0000 339968 c:\windows\system32\termsrv.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Terminal Server Service
ICAAPI.dll 74f70000 24576 c:\windows\system32\ICAAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) DLL Interface to TermDD Device Driver
SETUPAPI.dll 77920000 995328 c:\windows\system32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.3661 (xpsp_sp2_gdr.091223-1722) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
AUTHZ.dll 776c0000 69632 c:\windows\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework
mstlsapi.dll 75110000 126976 c:\windows\system32\mstlsapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Terminal Server Licensing
ACTIVEDS.dll 77cc0000 204800 c:\windows\system32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 c:\windows\system32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
ATL.DLL 76b20000 69632 c:\windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Registry Configuration APIs
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
msv1_0.dll 77c70000 147456 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.3625 (xpsp_sp2_gdr.090909-1233) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cryptography Manager
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
Module information for 'svchost.exe'(956)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
rpcss.dll 76a80000 409600 c:\windows\system32\rpcss.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Distributed COM Services
Secur32.dll 77fe0000 69632 c:\windows\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) DNS Client API DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,4,12 Bonjour Namespace Provider
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
Module information for 'svchost.exe'(1040)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
shsvcs.dll 776e0000 143360 c:\windows\system32\shsvcs.dll 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) Windows Shell Services Dll
WINSTA.dll 76360000 65536 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
dhcpcsvc.dll 76d80000 122880 c:\windows\system32\dhcpcsvc.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) DHCP Client Service
DNSAPI.dll 76f20000 159744 c:\windows\system32\DNSAPI.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) DNS Client API DLL
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
Secur32.dll 77fe0000 69632 c:\windows\system32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
rsaenh.dll ffd0000 163840 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
wzcsvc.dll 77620000 450560 c:\windows\system32\wzcsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Wireless Zero Configuration Service
rtutils.dll 76e80000 57344 c:\windows\system32\rtutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Routing Utilities
WMI.dll 76d30000 16384 c:\windows\system32\WMI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI DC and DP functionality
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
WTSAPI32.dll 76f50000 32768 c:\windows\system32\WTSAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Terminal Server SDK APIs
ESENT.dll 606b0000 1101824 c:\windows\system32\ESENT.dll 5.1.2600.2780 (xpsp_sp2_gdr.051019-1518) Server Database Storage Engine
ATL.DLL 76b20000 69632 c:\windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
rastls.dll 76b70000 126976 C:\WINDOWS\System32\rastls.dll 5.1.2600.3632 (xpsp_sp2_gdr.091012-1238) Remote Access PPP EAP-TLS
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Trust UI Provider
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.3661 (xpsp_sp2_gdr.091223-1722) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.17055 (vista_gdr.100414-0533) Internet Extensions for Win32
Normaliz.dll b50000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.17055 (vista_gdr.100414-0533) Run time utility for Internet Explorer
MPRAPI.dll 76d40000 98304 C:\WINDOWS\System32\MPRAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ADs LDAP Provider C DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\System32\rasman.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Windows(TM) Telephony API Client DLL
SCHANNEL.dll 767f0000 184320 C:\WINDOWS\System32\SCHANNEL.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) TLS / SSL Security Provider
WinSCard.dll 723d0000 114688 C:\WINDOWS\System32\WinSCard.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Smart Card API
raschap.dll 76bd0000 81920 C:\WINDOWS\System32\raschap.dll 5.1.2600.3632 (xpsp_sp2_gdr.091012-1238) Remote Access PPP CHAP
msv1_0.dll 77c70000 147456 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.3625 (xpsp_sp2_gdr.090909-1233) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\System32\cryptdll.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cryptography Manager
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
schedsvc.dll 77300000 204800 c:\windows\system32\schedsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Task Scheduler Engine
NTDSAPI.dll 767a0000 77824 c:\windows\system32\NTDSAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NT5DS
MSIDLE.DLL 74f50000 20480 C:\WINDOWS\System32\MSIDLE.DLL 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) User Idle Monitor
audiosrv.dll 708b0000 53248 c:\windows\system32\audiosrv.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Audio Service
wkssvc.dll 76e40000 143360 c:\windows\system32\wkssvc.dll 5.1.2600.3584 (xpsp_sp2_gdr.090609-1426) Workstation Service DLL
cryptsvc.dll 76ce0000 73728 c:\windows\system32\cryptsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cryptographic Services
certcli.dll 77b90000 204800 c:\windows\system32\certcli.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Certificate Services Client
ersvc.dll 74f80000 36864 c:\windows\system32\ersvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Error Reporting Service
es.dll 77710000 278528 c:\windows\system32\es.dll 2001.12.4414.320 2001.12.4414.320
pchsvc.dll 74f40000 49152 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft PCHealth Service Holder
srvsvc.dll 75090000 106496 c:\windows\system32\srvsvc.dll 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) Server Service DLL
HNETCFG.DLL 662b0000 360448 C:\WINDOWS\System32\HNETCFG.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
netman.dll 77d00000 208896 c:\windows\system32\netman.dll 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) Network Connections Manager
netshell.dll 76400000 1728512 c:\windows\system32\netshell.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Connections Shell
credui.dll 76c00000 188416 c:\windows\system32\credui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Credential Manager User Interface
WZCSAPI.DLL 73030000 65536 c:\windows\system32\WZCSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Wireless Zero Configuration service API
seclogon.dll 73d20000 32768 c:\windows\system32\seclogon.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Secondary Logon Service DLL
sens.dll 722d0000 53248 c:\windows\system32\sens.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) System Event Notification Service (SENS)
winspool.drv 73000000 155648 C:\WINDOWS\System32\winspool.drv 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
trkwks.dll 75070000 102400 c:\windows\system32\trkwks.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Distributed Link Tracking Client
srsvc.dll 751a0000 188416 c:\windows\system32\srsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) System Restore Service
POWRPROF.dll 74ad0000 32768 c:\windows\system32\POWRPROF.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Power Profile Helper DLL
w32time.dll 767c0000 180224 c:\windows\system32\w32time.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Time Service
MSVCP60.dll 76080000 413696 c:\windows\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
wmisvc.dll 59490000 163840 c:\windows\system32\wbem\wmisvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
VSSAPI.DLL 753e0000 446464 C:\WINDOWS\system32\VSSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
wuauserv.dll 50000000 20480 c:\windows\system32\wuauserv.dll 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) Windows Update AutoUpdate Service
wuaueng.dll 50040000 1937408 C:\WINDOWS\system32\wuaueng.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update Agent
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\System32\WINHTTP.dll 5.1.2600.3619 (xpsp_sp2_gdr.090824-1329) Windows HTTP Services
Cabinet.dll 75150000 81920 C:\WINDOWS\System32\Cabinet.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® Cabinet File API
mspatcha.dll 600a0000 45056 C:\WINDOWS\System32\mspatcha.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft(R) Patch Engine
wscsvc.dll 4c0a0000 94208 c:\windows\system32\wscsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Security Center Service
msi.dll 7d1e0000 2875392 c:\windows\system32\msi.dll 3.1.4000.4039 Windows Installer
ipnathlp.dll 66460000 348160 c:\windows\system32\ipnathlp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft NAT Helper Components
AUTHZ.dll 776c0000 69632 c:\windows\system32\AUTHZ.dll 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519) Authorization Framework
wbemcomn.dll 75290000 225280 C:\WINDOWS\System32\wbem\wbemcomn.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
wbemcore.dll 762c0000 544768 C:\WINDOWS\system32\wbem\wbemcore.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
esscli.dll 75310000 258048 C:\WINDOWS\system32\wbem\esscli.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
FastProx.dll 75690000 483328 C:\WINDOWS\system32\wbem\FastProx.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) WMI
wbemsvc.dll 74ed0000 57344 C:\WINDOWS\System32\wbem\wbemsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
SXS.DLL 75e90000 720896 C:\WINDOWS\System32\SXS.DLL 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414) Fusion 2.5
wmiutils.dll 75020000 110592 C:\WINDOWS\System32\wbem\wmiutils.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
comsvcs.dll 76620000 1294336 C:\WINDOWS\system32\comsvcs.dll 2001.12.4414.308 2001.12.4414.308
colbact.DLL 75130000 81920 C:\WINDOWS\system32\colbact.DLL 2001.12.4414.308 2001.12.4414.308
MTXCLU.DLL 750f0000 77824 C:\WINDOWS\system32\MTXCLU.DLL 2001.12.4414.320 MS DTC amd MTS clustering support DLL
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 32-Bit DLL
CLUSAPI.DLL 76d10000 69632 C:\WINDOWS\System32\CLUSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Cluster API Library
RESUTILS.DLL 750b0000 73728 C:\WINDOWS\System32\RESUTILS.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Cluster Resource Utility DLL
repdrvfs.dll 75200000 188416 C:\WINDOWS\system32\wbem\repdrvfs.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
wmiprvsd.dll 418a0000 466944 C:\WINDOWS\System32\wbem\wmiprvsd.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) WMI
NCObjAPI.DLL 5f770000 49152 C:\WINDOWS\system32\NCObjAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
wbemess.dll 75390000 286720 C:\WINDOWS\System32\wbem\wbemess.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) WMI
ncprov.dll 5f740000 57344 C:\WINDOWS\System32\wbem\ncprov.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Non-COM WMI Event Provision APIs
sfc.dll 76bb0000 20480 C:\WINDOWS\System32\sfc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
sfc_os.dll 76c60000 172032 C:\WINDOWS\System32\sfc_os.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows File Protection
browser.dll 76da0000 86016 c:\windows\system32\browser.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Computer Browser Service DLL
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Application Compatibility Client Library
wups2.dll 50f00000 53248 C:\WINDOWS\system32\wups2.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update client proxy stub 2
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020) Remote Access AutoDial Helper
netcfgx.dll 755f0000 630784 C:\WINDOWS\System32\netcfgx.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Network Configuration Objects
rasmans.dll 7df30000 200704 C:\WINDOWS\System32\rasmans.dll 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343) Remote Access Connection Manager
WINIPSEC.DLL 74370000 45056 C:\WINDOWS\System32\WINIPSEC.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows IPSec SPD Client DLL
tapisrv.dll 733e0000 262144 c:\windows\system32\tapisrv.dll 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) Microsoft® Windows(TM) Telephony Server
PSAPI.DLL 76bf0000 45056 c:\windows\system32\PSAPI.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Process Status Helper
rastapi.dll 75880000 69632 C:\WINDOWS\System32\rastapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access TAPI Compliance Layer
unimdm.tsp 57cc0000 221184 C:\WINDOWS\System32\unimdm.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Unimodem 5 Service Provider
uniplat.dll 72000000 28672 C:\WINDOWS\System32\uniplat.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Unimodem AT Mini Driver Platform Driver for Windows NT
unimdmat.dll 5b070000 81920 C:\WINDOWS\System32\unimdmat.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Unimodem Service Provider AT Mini Driver
modemui.dll 61650000 163840 C:\WINDOWS\system32\modemui.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Modem Properties
kmddsp.tsp 57d40000 45056 C:\WINDOWS\System32\kmddsp.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TAPI Kernel-Mode Service Provider
ndptsp.tsp 57d20000 65536 C:\WINDOWS\System32\ndptsp.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) NDIS Proxy TAPI Service Provider
ipconf.tsp 57d50000 32768 C:\WINDOWS\System32\ipconf.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft Multicast Conference TAPI Service Provider
h323.tsp 57d70000 286720 C:\WINDOWS\System32\h323.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft H.323 Telephony Service Provider
hidphone.tsp 57d60000 40960 C:\WINDOWS\System32\hidphone.tsp 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft HID Phone TSP
HID.DLL 688f0000 36864 C:\WINDOWS\System32\HID.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Hid User Library
rasppp.dll 72240000 217088 C:\WINDOWS\System32\rasppp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access PPP
ntlsapi.dll 724b0000 24576 C:\WINDOWS\System32\ntlsapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft® License Server Interface DLL
kerberos.dll 71cf0000 307200 C:\WINDOWS\system32\kerberos.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Kerberos Security Package
advpack.dll 42ec0000 188416 C:\WINDOWS\system32\advpack.dll 7.00.6000.17055 (vista_gdr.100414-0533) ADVPACK
upnp.dll 76de0000 143360 C:\WINDOWS\System32\upnp.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Universal Plug and Play API
SSDPAPI.dll 74f00000 49152 C:\WINDOWS\System32\SSDPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SSDP Client API DLL
RASDLG.dll 768d0000 671744 C:\WINDOWS\System32\RASDLG.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Remote Access Common Dialog API
msxml3.dll 74980000 1191936 C:\WINDOWS\System32\msxml3.dll 8.100.1050.0 MSXML 3.0 SP10

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Sun Dec 12, 2010 3:15 am

urlmon.dll 78130000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.17055 (vista_gdr.100414-0533) OLE32 Extensions for Win32
qmgr.dll 5b9f0000 409600 c:\windows\system32\qmgr.dll 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) Background Intelligent Transfer Service
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Multiple Provider Router DLL
SHFOLDER.dll 76780000 36864 c:\windows\system32\SHFOLDER.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Shell Folder Service
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) LDAP RnR Provider DLL
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,4,12 Bonjour Namespace Provider
dssenh.dll 68100000 147456 C:\WINDOWS\System32\dssenh.dll 5.1.2600.2133 (xpsp.040514-1639) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
catsrvut.dll 6fb10000 647168 C:\WINDOWS\System32\catsrvut.dll 2001.12.4414.308 2001.12.4414.308
catsrv.dll 6fbd0000 249856 C:\WINDOWS\System32\catsrv.dll 2001.12.4414.308 2001.12.4414.308
MfcSubs.dll 61990000 36864 C:\WINDOWS\System32\MfcSubs.dll 2001.12.4414.258 2001.12.4414.258
wuapi.dll 506a0000 581632 C:\WINDOWS\system32\wuapi.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update Client API
Module information for 'svchost.exe'(1096)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
dnsrslvr.dll 76770000 53248 c:\windows\system32\dnsrslvr.dll 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) DNS Caching Resolver Service
DNSAPI.dll 76f20000 159744 c:\windows\system32\DNSAPI.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) DNS Client API DLL
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
rsaenh.dll ffd0000 163840 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\System32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
Module information for 'svchost.exe'(1228)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\system32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\system32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
lmhsvc.dll 74c40000 24576 c:\windows\system32\lmhsvc.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TCPIP NetBios Transport Services DLL
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) IP Helper API
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
ssdpsrv.dll 765e0000 81920 c:\windows\system32\ssdpsrv.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SSDP Service DLL
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Home Networking Configuration Manager
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Sockets Helper DLL
secur32.dll 77fe0000 69632 C:\WINDOWS\system32\secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
rsaenh.dll ffd0000 163840 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 (xpsp.040706-1629) Microsoft Enhanced Cryptographic Provider
httpapi.dll 67570000 40960 C:\WINDOWS\system32\httpapi.dll 5.1.2600.3637 (xpsp_sp2_gdr.091020-1757) HTTP Protocol Stack API
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.3619 (xpsp_sp2_gdr.090824-1329) Windows HTTP Services
upnphost.dll 62bf0000 200704 c:\windows\system32\upnphost.dll 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) UPnP Device Host
SSDPAPI.dll 74f00000 49152 c:\windows\system32\SSDPAPI.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SSDP Client API DLL
netapi32.dll 5b860000 344064 C:\WINDOWS\system32\netapi32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
msi.dll 7d1e0000 2875392 C:\WINDOWS\system32\msi.dll 3.1.4000.4039 Windows Installer
msxml3.dll 74980000 1191936 C:\WINDOWS\System32\msxml3.dll 8.100.1050.0 MSXML 3.0 SP10
urlmon.dll 78130000 1212416 C:\WINDOWS\system32\urlmon.dll 7.00.6000.17055 (vista_gdr.100414-0533) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.17055 (vista_gdr.100414-0533) Run time utility for Internet Explorer
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.17055 (vista_gdr.100414-0533) Internet Extensions for Win32
Normaliz.dll f40000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
Module information for 'svchost.exe'(1488)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
webclnt.dll 5a6e0000 86016 c:\windows\system32\webclnt.dll 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) Web DAV Service DLL
WININET.dll 3d930000 856064 C:\WINDOWS\system32\WININET.dll 7.00.6000.17055 (vista_gdr.100414-0533) Internet Extensions for Win32
Normaliz.dll 660000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.17055 (vista_gdr.100414-0533) Run time utility for Internet Explorer
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT
Secur32.dll 77fe0000 69632 C:\WINDOWS\System32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
Module information for 'svchost.exe'(1892)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
wiaservc.dll 75aa0000 348160 c:\windows\system32\wiaservc.dll 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) Still Image Devices Service
CFGMGR32.dll 74ae0000 28672 c:\windows\system32\CFGMGR32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Configuration Manager Forwarder DLL
setupapi.dll 77920000 995328 C:\WINDOWS\System32\setupapi.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Setup API
mscms.dll 73b30000 86016 c:\windows\system32\mscms.dll 5.1.2600.3396 (xpsp_sp2_gdr.080624-1253) Microsoft Color Matching System DLL
WINSPOOL.DRV 73000000 155648 c:\windows\system32\WINSPOOL.DRV 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Spooler Driver
WINSTA.dll 76360000 65536 c:\windows\system32\WINSTA.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Winstation Library
NETAPI32.dll 5b860000 344064 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.3462 (xpsp_sp2_gdr.081015-1244) Net Win32 API DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.308 2001.12.4414.308
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.258 2001.12.4414.258
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.3661 (xpsp_sp2_gdr.091223-1722) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT Image Helper
actxprxy.dll 71d40000 114688 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ActiveX Interface Marshaling Library
sti.dll 73ba0000 77824 C:\WINDOWS\System32\sti.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Still Image Devices client DLL
Module information for 'svchost.exe'(2792)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) NT Layer DLL
kernel32.dll 7c800000 1003520 C:\WINDOWS\system32\kernel32.dll 5.1.2600.3541 (xpsp_sp2_gdr.090321-1320) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 593920 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.3555 (xpsp_sp2_qfe.090415-1244) Remote Procedure Call Runtime
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Compatibility DLL
USER32.dll 7e410000 589824 C:\WINDOWS\system32\USER32.dll 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) Windows XP USER API Client DLL
GDI32.dll 77f10000 294912 C:\WINDOWS\system32\GDI32.dll 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3266 5.1.2600.3266
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.3653 (xpsp_sp2_qfe.091207-1502) Shell Light-weight Utility Library
USERENV.dll 769c0000 733184 C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows XP IMM32 API Client DLL
serwvdrv.dll 5cd70000 28672 C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Serial Wave driver
umdmxfrm.dll 5b0a0000 28672 C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 (xpclient.010817-1148) Unimodem Tranform Module
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 6.0 (xpsp.060825-0040) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.060825-0040) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows NT MARTA provider
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Win32 LDAP API DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) SAM Library DLL
xpsp2res.dll 20000000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Service Pack 2 Messages
w3ssl.dll 5aa90000 28672 c:\windows\system32\w3ssl.dll 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) SSL service for HTTP
strmfilt.dll 6f290000 90112 C:\WINDOWS\System32\strmfilt.dll 6.0.2600.3637 (xpsp_sp2_gdr.091020-1757) Stream Filter Library
Secur32.dll 77fe0000 69632 C:\WINDOWS\System32\Secur32.dll 5.1.2600.3592 (xpsp_sp2_gdr.090622-1453) Security Support Provider Interface
CRYPT32.dll 77a80000 606208 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.3624 (xpsp_sp2_gdr.090904-1413) ASN.1 Runtime APIs
HTTPAPI.dll 67570000 40960 C:\WINDOWS\System32\HTTPAPI.dll 5.1.2600.3637 (xpsp_sp2_gdr.091020-1757) HTTP Protocol Stack API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Windows Socket 2.0 Helper for Windows NT



******************************************
EOF

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Tue Dec 14, 2010 12:13 am

Please delete your version of TDSSKiller and re-download it, then run a new scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Tue Dec 14, 2010 5:46 am

2010/12/13 22:22:02.0671 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/13 22:22:02.0671 ================================================================================
2010/12/13 22:22:02.0671 SystemInfo:
2010/12/13 22:22:02.0671
2010/12/13 22:22:02.0671 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/13 22:22:02.0671 Product type: Workstation
2010/12/13 22:22:02.0671 ComputerName: LARRYANDSARLENO
2010/12/13 22:22:02.0702 UserName: Larry
2010/12/13 22:22:02.0702 Windows directory: C:\WINDOWS
2010/12/13 22:22:02.0702 System windows directory: C:\WINDOWS
2010/12/13 22:22:02.0702 Processor architecture: Intel x86
2010/12/13 22:22:02.0702 Number of processors: 1
2010/12/13 22:22:02.0702 Page size: 0x1000
2010/12/13 22:22:02.0702 Boot type: Normal boot
2010/12/13 22:22:02.0702 ================================================================================
2010/12/13 22:22:04.0077 Initialize success
2010/12/13 22:22:05.0796 ================================================================================
2010/12/13 22:22:05.0796 Scan started
2010/12/13 22:22:05.0796 Mode: Manual;
2010/12/13 22:22:05.0796 ================================================================================
2010/12/13 22:22:08.0702 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/13 22:22:08.0874 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/13 22:22:09.0155 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/13 22:22:09.0296 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/13 22:22:09.0499 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/12/13 22:22:09.0702 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/13 22:22:11.0249 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/13 22:22:11.0421 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/13 22:22:11.0968 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
2010/12/13 22:22:12.0186 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2010/12/13 22:22:12.0452 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/13 22:22:12.0655 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/13 22:22:12.0889 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/12/13 22:22:13.0139 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/13 22:22:13.0639 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/13 22:22:13.0999 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/13 22:22:14.0249 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/13 22:22:14.0499 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/13 22:22:14.0702 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/13 22:22:14.0905 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/13 22:22:15.0639 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/12/13 22:22:16.0171 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/13 22:22:16.0389 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/13 22:22:16.0608 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/13 22:22:16.0764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/13 22:22:16.0905 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/13 22:22:17.0171 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/13 22:22:17.0311 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/13 22:22:17.0468 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/12/13 22:22:17.0608 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/12/13 22:22:18.0233 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/12/13 22:22:18.0436 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/13 22:22:18.0624 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/13 22:22:18.0858 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/13 22:22:19.0077 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/13 22:22:19.0343 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/13 22:22:19.0577 FSFW (2a402d0a241bbc97fec7275cd5449101) C:\WINDOWS\system32\drivers\fsdfw.sys
2010/12/13 22:22:19.0796 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/12/13 22:22:19.0999 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/13 22:22:20.0202 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/13 22:22:20.0374 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/13 22:22:20.0593 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/13 22:22:20.0827 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/13 22:22:21.0389 HSFHWBS2 (95b894b508db03507b61fe213ef6fe19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/13 22:22:21.0671 HSF_DP (f66402179ca2b2ae68493103db5fa48c) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/13 22:22:21.0905 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/12/13 22:22:22.0108 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/13 22:22:22.0499 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/13 22:22:22.0686 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/13 22:22:23.0108 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/13 22:22:23.0264 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/13 22:22:23.0436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/13 22:22:23.0577 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/13 22:22:23.0702 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/13 22:22:23.0889 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/13 22:22:24.0186 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/13 22:22:24.0311 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/13 22:22:24.0468 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/12/13 22:22:24.0639 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/13 22:22:24.0780 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/13 22:22:24.0921 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/13 22:22:25.0218 MailScan (06b6a9e4cb6942c2d326870e2f57ee68) C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys
2010/12/13 22:22:25.0389 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2010/12/13 22:22:25.0546 MBAMSwissArmy (e74dc2f3f9675a6025a4aa020edd4341) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/12/13 22:22:25.0764 MCSTRM (08b9943468f32d9d144880d3ec634b5f) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/12/13 22:22:25.0968 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/13 22:22:26.0202 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/13 22:22:26.0436 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/13 22:22:26.0639 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/13 22:22:26.0858 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/13 22:22:27.0061 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/13 22:22:27.0389 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/13 22:22:27.0624 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/13 22:22:27.0874 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/13 22:22:28.0124 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/13 22:22:28.0343 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/13 22:22:28.0546 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/13 22:22:28.0733 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/13 22:22:28.0905 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/13 22:22:29.0124 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/12/13 22:22:29.0358 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/13 22:22:29.0561 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/13 22:22:29.0780 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/13 22:22:29.0983 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/13 22:22:30.0186 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/13 22:22:30.0374 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/13 22:22:30.0561 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/13 22:22:30.0858 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/13 22:22:31.0093 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/13 22:22:31.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/13 22:22:31.0452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/13 22:22:31.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/13 22:22:31.0780 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/12/13 22:22:32.0030 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/13 22:22:32.0186 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/13 22:22:32.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/13 22:22:32.0483 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/13 22:22:32.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/13 22:22:32.0936 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/13 22:22:33.0124 pcx2nd5 (fa06f0f3eb2abb0652aeec176f573c88) C:\WINDOWS\system32\DRIVERS\pcx2nd5.sys
2010/12/13 22:22:33.0280 pcx2unic (952449aadc01200b6db7713e8731ba6b) C:\WINDOWS\system32\DRIVERS\pcx2unic.sys
2010/12/13 22:22:34.0139 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/13 22:22:34.0264 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/13 22:22:34.0421 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/13 22:22:34.0561 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/13 22:22:34.0686 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/12/13 22:22:35.0358 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/13 22:22:35.0499 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/13 22:22:35.0624 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/13 22:22:35.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/13 22:22:35.0952 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/13 22:22:36.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/13 22:22:36.0280 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/13 22:22:36.0436 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/13 22:22:36.0577 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/12/13 22:22:36.0780 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2010/12/13 22:22:36.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/13 22:22:37.0171 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/13 22:22:37.0311 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/13 22:22:37.0452 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/13 22:22:37.0561 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/12/13 22:22:37.0780 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/12/13 22:22:38.0014 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
2010/12/13 22:22:38.0155 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/13 22:22:38.0358 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/13 22:22:38.0530 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/13 22:22:38.0936 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/13 22:22:39.0327 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/13 22:22:40.0843 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/13 22:22:41.0171 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/13 22:22:41.0577 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/13 22:22:41.0905 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/13 22:22:42.0264 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/13 22:22:42.0608 tmpreflt (e4d1bfeee3a2526d9a986c314a4a4d52) C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys
2010/12/13 22:22:42.0843 tmxpflt (d975ce5ab8d80f785938fe2fcc374b0a) C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys
2010/12/13 22:22:43.0171 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/12/13 22:22:43.0827 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/13 22:22:44.0499 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/13 22:22:44.0968 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/13 22:22:45.0280 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
2010/12/13 22:22:45.0624 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/13 22:22:45.0999 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/13 22:22:46.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/13 22:22:46.0671 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/13 22:22:47.0108 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/13 22:22:47.0530 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/13 22:22:48.0014 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/12/13 22:22:48.0593 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/13 22:22:49.0124 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/13 22:22:49.0764 Vsapint (4e1ea031d3ab080b7007f13fd6f1f291) C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys
2010/12/13 22:22:50.0905 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/13 22:22:51.0202 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/12/13 22:22:51.0733 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/13 22:22:52.0171 winachsf (fe71b3857bed54600e02288b212e7b7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/13 22:22:52.0702 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/13 22:22:52.0983 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/13 22:22:54.0905 ================================================================================
2010/12/13 22:22:54.0905 Scan finished
2010/12/13 22:22:54.0905 ================================================================================

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Tue Dec 14, 2010 10:58 pm

Hello.
How is the machine running? any re-directs or anything?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Wed Dec 15, 2010 12:35 am

Everything seems to be running smoothly; no re-directs that I have seen or any of the other problems associated with userinit...the anti-virus program I had installed some time ago pops up a lot still (when it is enabled) but otherwise it seems ok.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Wed Dec 15, 2010 11:49 pm

Can you explain what you mean by "pop-ups?"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Thu Dec 16, 2010 4:37 pm

The anti-virus program sends messages pretty frequently, not necessarily for virus warnings, but notices, etc. Since I temp deactivated the anti virus scan in order to run the last few scans on here, I have not had the virus warnings.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by Belahzur on Thu Dec 16, 2010 11:11 pm

Okay.
Reactivate the real time protection and take a screenshot next time you get any warning and paste them here so I can see what it's complaining about.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HIJACK THIS: userinit.exe problems

Post by larrybro on Fri Dec 17, 2010 4:24 am

I have had the real time protection reactivated and have not received any warnings, but if I do I will paste it. Otherwise, everything else seems to be working smoothly.

larrybro
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2010-01-13
OS : windows xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum