Vundo, Key Loggers, and Spyware oh My!

TIKIWOLF · 04-Nov-2009, 09:35 PM #1

Hell-low, Recently I have been attacked by multiple virus including Vundo, Key Loggers, and Spyware. These are particularly nefarious as they repopulate and seem to be corrupting other programs. All browser except newly installed Safari, crash now. I have dubious .exe processes running (d.exe, b.exe,) All of my Spyware Programs have been corrupted,. Even the websites for the anti Spyware have been banned and my System Restore points have all been erased. Also, a "Malicious Spyware" pop-up constantly informs me that I should get a Spy Removal software. Am I better off to reinstall the System? and if so, couldn't the virus be outside of the system and reinstall itself? Please Advise wise sages what path to take and how to avoid this ever happening again.
-TIki

**sjpritch25** · 08-Nov-2009, 05:31 PM #2

Welcome to TSG

We need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

TIKIWOLF · 08-Nov-2009, 07:46 PM #3

Thanks Tech Guy for your Reply. Since posting, the virus deteriorated my system until it wouldn't even boot. Just repeatedly restart. So I reinstalled XP and hopefully, it is not lurking on another drive or in a folder somewhere. Real Pain. I'd love to disconnect this machine from the web entirely, but the conveinence is too much for me. So I will get another drive, back up regularly, and Norton Ghost the system with drives. Here is that report of my new system, for what it's worth. Thanks Again for your reply Tech Guy.
Mahalos.
-Tiki

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 11/6/2009 3:51:32 AM
System Uptime: 11/8/2009 1:16:13 PM (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4C800-E
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2998/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2998/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 27.252 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 9 GiB total, 1.088 GiB free.
G: is Removable
H: is FIXED (NTFS) - 178 GiB total, 56.071 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_80F71043&REV_00\4&3B3CB9B1&0&0818
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_1019&SUBSYS_80F71043&REV_00\4&3B3CB9B1&0&0818
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_70011799&REV_02\4&2E98101C&0&50F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_70011799&REV_02\4&2E98101C&0&50F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Service:

==== System Restore Points ===================

RP21: 11/8/2009 1:38:28 AM - Installed SUPERAntiSpyware Free Edition
RP22: 11/8/2009 2:29:59 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AVG 9.0
Google Chrome
Google Toolbar for Internet Explorer
Hawking Technologies HWUG1 Wireless-G USB Adapter
HP Deskjet 3840 Series
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
Picasa 3
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/8/2009 12:36:07 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'addins' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/8/2009 12:08:09 AM, error: Dhcp [1002] - The IP address lease 192.168.0.103 for the Network Card with network address 000E3B087CB3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/8/2009 12:06:35 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file winlogon.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.2180.
11/8/2009 12:06:35 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file licdll.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.0, the version of the system file is 5.1.2600.2180.
11/8/2009 1:38:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '2.0.0.0__b03f5f7f11d50a3a' on the volume 'Hardd .. lume2'. It has stopped monitoring the volume.
11/7/2009 11:52:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 000E3B087CB3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/7/2009 11:02:55 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 000E3B087CB3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/7/2009 1:02:44 AM, error: Dhcp [1002] - The IP address lease 192.168.1.47 for the Network Card with network address 000E3B087CB3 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/6/2009 4:49:29 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

==== End Of File ===========================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 13:33:37.62 on Sun 11/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.286 [GMT -10:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hawking\Common\RaUI.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\u pdate\update.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe c:\windows\winlogon.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [mswinlogon] c:\windows\mswinlogon.exe
mRun: [systemupdate] c:\documents and settings\owner\local settings\temp\temporary directory 1 for windows sp3 keygen.zip\Windows SP3 Keygen.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257562648820
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1l87eorm.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-7 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-7 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-7 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-7 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-7 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-7 285392]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-7 5832712]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-7 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-7 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-7 25736]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-08 23:32:51 0 d-----w- c:\windows\system32\CatRoot_bak
2009-11-08 23:31:05 0 d--h--w- c:\windows\PIF
2009-11-08 10:38:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-08 10:38:11 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-08 10:38:11 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-11-08 10:37:35 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-08 09:30:56 0 d--h--w- C:\$AVG
2009-11-08 09:30:47 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-08 09:30:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-08 09:30:46 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-08 09:30:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 09:30:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-08 09:30:36 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-08 09:30:23 0 d-----w- c:\program files\AVG
2009-11-08 09:30:19 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-08 08:59:30 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2009-11-08 08:58:53 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-11-08 08:58:53 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-11-08 08:58:53 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-11-08 08:58:53 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-11-08 08:58:52 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-11-08 08:58:52 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-11-08 08:58:52 130048 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
2009-11-08 08:58:52 130048 ----a-w- c:\windows\system32\ksproxy.ax
2009-11-08 08:58:16 0 d-----w- c:\windows\system32\wbem\AutoRecover
2009-11-08 08:55:01 316640 ----a-w- c:\windows\WMSysPr9.prx
2009-11-08 08:53:35 0 d-----w- c:\windows\ServicePackFiles
2009-11-08 08:52:24 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-11-08 08:51:42 19528 ----a-w- c:\windows\002116_.tmp
2009-11-08 08:51:38 0 d-----w- c:\windows\system32\ReinstallBackups
2009-11-08 08:50:12 0 d-----w- c:\windows\EHome
2009-11-08 02:13:07 0 d-----w- C:\Downloads
2009-11-08 01:58:01 0 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-11-07 11:13:43 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2009-11-07 11:08:31 0 d-----w- c:\windows\system32\URTTemp
2009-11-07 03:40:58 3144 -c--a-w- c:\windows\system32\dllcache\srgb.icm
2009-11-07 03:31:02 376 ----a-w- c:\windows\ODBC.INI
2009-11-07 03:30:41 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-07 03:30:39 0 d-----w- c:\windows\ShellNew
2009-11-07 03:14:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-07 03:08:36 0 d-----w- c:\windows\system32\PreInstall
2009-11-07 03:08:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-07 03:08:34 0 d--h--w- c:\windows\$hf_mig$
2009-11-07 03:07:59 0 d-----w- c:\windows\system32\bits
2009-11-07 03:06:38 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-11-07 03:06:38 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-11-07 03:06:38 438784 ------w- c:\windows\system32\xpob2res.dll
2009-11-07 03:06:38 351232 ----a-w- c:\windows\system32\winhttp.dll
2009-11-07 03:06:38 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-11-07 02:59:03 31768 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-11-07 02:59:03 23576 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-11-07 02:59:03 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-07 02:59:03 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-11-07 02:59:03 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-11-07 02:57:23 0 d-s---w- c:\documents and settings\owner\UserData
2009-11-06 22:04:31 26112 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-11-06 21:49:58 43136 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2009-11-06 13:55:42 0 d-----w- c:\program files\Hawking
2009-11-06 13:49:42 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-06 13:48:47 0 d-----w- c:\program files\common files\MSSoap
2009-11-06 13:47:59 0 d--h--w- c:\program files\WindowsUpdate
2009-11-06 13:47:59 0 d-----w- c:\program files\Online Services
2009-11-06 13:47:55 0 d-----w- c:\program files\Messenger
2009-11-06 13:47:52 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-06 13:47:29 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-06 13:56:00 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-06 13:48:30 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 13:34:21.59 ===============

**sjpritch25** · 08-Nov-2009, 09:40 PM #4

tikiwolf,
You need to read our rules for our forum
http://www.techguy.org/rules.html

especially the following Here

Tag Cloud
access acer asus batch bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop lcd malware memory monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!