Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Honestly Not Sure [RESOLVED]

Started by Noble Savage , Sep 17 2007 06:39 PM

  • This topic is locked This topic is locked

#1
Noble Savage
Posted 17 September 2007 - 06:39 PM

Noble Savage

    New Member

  • Member
  • Pip
  • 9 posts
Ok, so for the last couple of months I have had a strange little problem. Whenever I am actively browsing the internet, either IE7 or firefox, I will just randomly lose my connection. The connection doesn't show that it's lost nor does repairing it work. I have to disable and then re-enable the connection to get it to work.

This only happens whenever I open a page. I can stay online for hours, download gigs of information non-stop or play online games without losing my connection, but if I open up a browser and go to a page it just randomly drops.

I've asked people I know, who are admittedly not experts, and they have no clue. I have two spyware programs and an anti-virus program, but none of them have found anything. I've googled the problem, but nothing I find matches what I have exactly.

I figure I have something on my computer that only acts up when I open a browser, and whatever it's doing is blocking me. But like I said, it's totally random. Sometimes I can browse for hours without a drop, sometimes one page will do it. I've downloaded hijack this and will post the findings if anyone is interested in going over it. I looked over it myself, and googled things I didn't know, but I decided to get expertise advice before I move on.

Just to reiterate, this is a fairly new phenomenon (past couple months). I haven't changed anything in my system, or anything on my network. The connection never registers that it has lost it's connection and repairing doesn't work I have to actively disable and re-enable. Their are two other computers on my network that don't have any problems, and it only happens when browsing.

Thanks in advance.





Anyway, here is my log.






Logfile of HijackThis v1.99.1
Scan saved at 5:39:18 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Documents and Settings\Scott\My Documents\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

Advertisements

#2
racenutalways
Posted 22 September 2007 - 10:22 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello Noble Savage and welcome to G2G. I don't see anything in that log that can give you any problems. Let's dig a little closer and see if there is anything crawling around in there that shouldn't be.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#3
Noble Savage
Posted 25 September 2007 - 02:41 PM

Noble Savage

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the reply! I turned off everything on my computer, and did a scan with the default settings. This was the report.



WinPFind3 logfile created on: 9/25/2007 1:26:00 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Scott\My Documents\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 83.14% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 76.16 Gb Free Space | 51.10% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: !
Current User Name: !
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 6:17:14 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 3:50:10 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 3562296 bytes | Modified Date = 6/21/2007 6:57:28 PM | Attr = ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 12/11/2006 4:35:02 PM | Attr = ]
tmas_oemon.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.55.0.1077 | Size = 315392 bytes | Modified Date = 10/5/2006 1:56:10 PM | Attr = ]
winpfind3u.exe -> %UserDocuments%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 1:33:40 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcCtlCom.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 1544192 bytes | Modified Date = 12/26/2006 10:12:02 PM | Attr = ]
(PcScnSrv) Trend Micro Protection Against Spyware [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcScnSrv.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 196608 bytes | Modified Date = 12/26/2006 10:13:00 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 6:17:14 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 3:50:10 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\Tmntsrv.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 503808 bytes | Modified Date = 12/26/2006 10:16:58 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\TmPfw.exe -> Trend Micro Inc. [Ver = 3.0.0.1069 | Size = 933952 bytes | Modified Date = 9/14/2006 5:31:52 AM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\tmproxy.exe -> Trend Micro Inc. [Ver = 3.0.0.1069 | Size = 561223 bytes | Modified Date = 9/14/2006 5:34:20 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 3562296 bytes | Modified Date = 6/21/2007 6:57:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> File not found
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\pccguide.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 3112960 bytes | Modified Date = 12/26/2006 10:40:04 PM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,1,3356 | Size = 5355832 bytes | Modified Date = 6/21/2007 6:57:32 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
OE -> %ProgramFiles%\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.55.0.1077 | Size = 315392 bytes | Modified Date = 10/5/2006 1:56:10 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 12/11/2006 4:35:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 219448 bytes | Modified Date = 6/21/2007 6:43:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 4:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 4:23:12 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A7F6FC32-6509-4D7F-8DF9-F192EF8777FD} -> (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{31435657-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...78f/wvc1dmo.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.ma...h/ultrashim.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files/Folders - Created Within 30 days]
Hellgate London Beta Setup -> %SystemDrive%\Hellgate London Beta Setup -> [Folder | Created Date = 9/19/2007 9:22:20 PM | Attr = ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 9/8/2007 9:39:58 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 9/8/2007 9:46:47 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 8/28/2007 10:00:37 PM | Attr = H ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 3104 bytes | Created Date = 9/3/2007 7:28:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/25/2007 7:55:23 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/25/2007 7:55:23 AM | Attr = H ]
VirtualEar -> %SystemRoot%\VirtualEar -> [Folder | Created Date = 9/3/2007 7:29:53 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> [Ver = | Size = 4958588 bytes | Created Date = 9/3/2007 7:39:23 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> [Ver = | Size = 4958588 bytes | Created Date = 9/3/2007 7:32:12 PM | Attr = ]
Audio3d.dll -> %System32%\Audio3d.dll -> Sensaura Ltd [Ver = 4.12.01.2008 | Size = 720896 bytes | Created Date = 9/3/2007 7:29:53 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
CleanUp.exe -> %System32%\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 9/3/2007 7:29:49 PM | Attr = ]
CTSVCCDA.EXE -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Created Date = 9/3/2007 7:35:42 PM | Attr = ]
CTSVCCTL.EXE -> %System32%\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Created Date = 9/3/2007 7:35:42 PM | Attr = ]
DSndUp.exe -> %System32%\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 9 | Size = 49152 bytes | Created Date = 9/3/2007 7:29:48 PM | Attr = ]
DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 11564 bytes | Created Date = 9/3/2007 7:32:00 PM | Attr = ]
e10kxwdm.ini -> %System32%\e10kxwdm.ini -> [Ver = | Size = 46593 bytes | Created Date = 9/3/2007 7:29:45 PM | Attr = R ]
nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 135089 bytes | Created Date = 9/23/2007 1:10:04 PM | Attr = ]
SET9E.tmp -> %System32%\SET9E.tmp -> [Ver = | Size = 293446 bytes | Created Date = 9/3/2007 7:31:45 PM | Attr = R ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Created Date = 9/3/2007 7:39:38 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Created Date = 9/3/2007 7:39:38 PM | Attr = ]
SMMedia.dll -> %System32%\SMMedia.dll -> Analog Devices [Ver = 1, 0, 0, 8 | Size = 1285632 bytes | Created Date = 9/3/2007 7:30:01 PM | Attr = ]
wdmioctl.dll -> %System32%\wdmioctl.dll -> Analog Devices Inc. [Ver = 2, 0, 0, 3 | Size = 30208 bytes | Created Date = 9/3/2007 7:30:02 PM | Attr = ]
aeaudio.sys -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.32 | Size = 100224 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
ianswxp.sys -> %System32%\drivers\ianswxp.sys -> Intel Corporation [Ver = 6.20.00.0000 built by: WinDDK | Size = 102400 bytes | Created Date = 9/3/2007 7:23:08 PM | Attr = R ]
MidiSyn.sys -> %System32%\drivers\MidiSyn.sys -> Analog Devices Inc [Ver = 3, 3, 7, 3 | Size = 235100 bytes | Created Date = 9/3/2007 7:30:45 PM | Attr = ]
smsens.sys -> %System32%\drivers\smsens.sys -> Analog Devices, Inc. [Ver = 5.12.01.0000 | Size = 3744 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
smwdm.sys -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3630 | Size = 578304 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Created Date = 9/19/2007 10:25:53 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = HS]
Hellgate London Beta Setup -> %SystemDrive%\Hellgate London Beta Setup -> [Folder | Modified Date = 9/18/2007 5:35:30 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 9/19/2007 10:31:04 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 9/25/2007 8:55:24 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 9/8/2007 11:41:52 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 9/8/2007 10:40:02 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 9/8/2007 10:46:54 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 8/28/2007 11:00:40 PM | Attr = H ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 3104 bytes | Modified Date = 9/3/2007 8:28:38 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/25/2007 8:19:06 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 9/23/2007 2:09:30 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 9/8/2007 11:00:20 AM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 9/8/2007 11:00:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 9/8/2007 11:01:06 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 9/23/2007 2:09:04 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 9/19/2007 10:52:08 PM | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 2145386496 bytes | Modified Date = 9/17/2007 4:31:32 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 9/25/2007 8:46:10 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 9/17/2007 4:31:36 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 9/23/2007 2:13:10 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 9/25/2007 1:25:32 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/25/2007 8:55:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 9/25/2007 8:55:24 AM | Attr = H ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1034450 bytes | Modified Date = 9/8/2007 10:34:50 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 9/3/2007 8:29:56 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 227 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 9/23/2007 2:13:10 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 9/25/2007 1:24:36 PM | Attr = ]
VirtualEar -> %SystemRoot%\VirtualEar -> [Folder | Modified Date = 9/3/2007 8:29:56 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 589 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 589 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> [Ver = | Size = 4958588 bytes | Modified Date = 9/17/2007 5:49:56 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> [Ver = | Size = 4958588 bytes | Modified Date = 9/17/2007 5:49:56 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/25/2007 8:19:08 AM | Attr = H ]
wrSpySweeper_FE67D2A14E894D4C995948D4A5F846AA.job -> %SystemRoot%\tasks\wrSpySweeper_FE67D2A14E894D4C995948D4A5F846AA.job -> [Ver = | Size = 1630 bytes | Modified Date = 9/17/2007 5:00:04 AM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Modified Date = 9/24/2007 10:31:04 PM | Attr = ]
BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Modified Date = 9/24/2007 10:31:04 PM | Attr = ]
BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Modified Date = 9/24/2007 10:31:04 PM | Attr = ]
BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Modified Date = 9/24/2007 10:31:04 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 9/8/2007 10:54:32 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 9/25/2007 9:58:44 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 9/17/2007 5:49:30 PM | Attr = ]
Data -> %System32%\Data -> [Folder | Modified Date = 9/5/2007 10:24:24 PM | Attr = ]
Defaults -> %System32%\Defaults -> [Folder | Modified Date = 9/3/2007 8:32:46 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 9/19/2007 10:52:02 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 9/15/2007 8:01:16 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 9/23/2007 2:09:12 PM | Attr = ]
DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 9/24/2007 10:31:04 PM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 135089 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 91949 bytes | Modified Date = 9/24/2007 8:35:00 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 2:10:36 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 2:10:36 AM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nwiz.exe -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Modified Date = 9/3/2007 8:32:12 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 471326 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 9/5/2007 10:39:36 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 9/5/2007 10:39:36 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13688 bytes | Modified Date = 9/25/2007 8:21:58 AM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Modified Date = 9/3/2007 8:32:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 9/25/2007 1:24:34 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Modified Date = 9/25/2007 1:23:50 PM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Modified Date = 9/25/2007 1:24:34 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (2145386496 bytes) ->
Thawte Consulting , -> %System32%\AddCat.exe -> Creative Technology Ltd. [Ver = 0.0.0.1 | Size = 48400 bytes | Modified Date = 4/9/2007 11:25:36 AM | Attr = ]
Thawte Consulting , -> %System32%\ctpxinst.exe -> Creative Technology Ltd [Ver = 1, 1, 0, 58 | Size = 58104 bytes | Modified Date = 11/14/2006 9:01:30 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.103.0 | Size = 516656 bytes | Modified Date = 2/2/2003 1:01:34 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedSco.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.104.0 | Size = 266952 bytes | Modified Date = 5/19/2003 12:37:20 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
UPX! , aspack , -> %System32%\drivers\VsapiNT.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 6/12/2007 6:52:00 PM | Attr = ]

< End of report >
  • 0

#4
racenutalways
Posted 26 September 2007 - 05:16 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Files/Folders - Created Within 30 days]
NY -> tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin
[Files/Folders - Modified Within 30 days]
NY -> tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin
NY -> tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin
>


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you also use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you also use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Panda only works if you are using Internet Explorer.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#5
Noble Savage
Posted 26 September 2007 - 06:41 PM

Noble Savage

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, I did as you suggested. I ran the fixes from the copy and paste and here is the log

[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\drivers\etc\tmvsthfud.bin moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\SYSTEM32\drivers\etc\tmvsthfss.bin moved successfully.
File C:\WINDOWS\SYSTEM32\drivers\etc\tmvsthfud.bin not found!
File not found!
< End of log >
Created on 09/26/2007 16:51:35


Then I did another default scan and here is that log

WinPFind3 logfile created on: 9/26/2007 4:58:53 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Scott\My Documents\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.46% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.36% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 76.14 Gb Free Space | 51.09% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: !
Current User Name: !
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 6:17:14 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 3:50:10 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 3562296 bytes | Modified Date = 6/21/2007 6:57:28 PM | Attr = ]
tmas_oemon.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.55.0.1077 | Size = 315392 bytes | Modified Date = 10/5/2006 1:56:10 PM | Attr = ]
winpfind3u.exe -> %UserDocuments%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 1:33:40 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcCtlCom.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 1544192 bytes | Modified Date = 12/26/2006 10:12:02 PM | Attr = ]
(PcScnSrv) Trend Micro Protection Against Spyware [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcScnSrv.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 196608 bytes | Modified Date = 12/26/2006 10:13:00 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 6:17:14 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 3:50:10 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\Tmntsrv.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 503808 bytes | Modified Date = 12/26/2006 10:16:58 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\TmPfw.exe -> Trend Micro Inc. [Ver = 3.0.0.1069 | Size = 933952 bytes | Modified Date = 9/14/2006 5:31:52 AM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\tmproxy.exe -> Trend Micro Inc. [Ver = 3.0.0.1069 | Size = 561223 bytes | Modified Date = 9/14/2006 5:34:20 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 3562296 bytes | Modified Date = 6/21/2007 6:57:28 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> File not found
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\pccguide.exe -> Trend Micro Inc. [Ver = 15.00.0.1449 | Size = 3112960 bytes | Modified Date = 12/26/2006 10:40:04 PM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,1,3356 | Size = 5355832 bytes | Modified Date = 6/21/2007 6:57:32 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
OE -> %ProgramFiles%\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.55.0.1077 | Size = 315392 bytes | Modified Date = 10/5/2006 1:56:10 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2115728 bytes | Modified Date = 12/11/2006 4:35:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,5,1,3356 | Size = 219448 bytes | Modified Date = 6/21/2007 6:43:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 4:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 4:23:12 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{A7F6FC32-6509-4D7F-8DF9-F192EF8777FD} -> (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{31435657-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...78f/wvc1dmo.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.ma...h/ultrashim.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files/Folders - Created Within 30 days]
Hellgate London Beta Setup -> %SystemDrive%\Hellgate London Beta Setup -> [Folder | Created Date = 9/19/2007 9:22:20 PM | Attr = ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 9/8/2007 9:39:58 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 9/8/2007 9:46:47 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 8/28/2007 10:00:37 PM | Attr = H ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 3104 bytes | Created Date = 9/3/2007 7:28:36 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/25/2007 7:55:23 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/25/2007 7:55:23 AM | Attr = H ]
VirtualEar -> %SystemRoot%\VirtualEar -> [Folder | Created Date = 9/3/2007 7:29:53 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> [Ver = | Size = 4958588 bytes | Created Date = 9/3/2007 7:39:23 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> [Ver = | Size = 4958588 bytes | Created Date = 9/3/2007 7:32:12 PM | Attr = ]
Audio3d.dll -> %System32%\Audio3d.dll -> Sensaura Ltd [Ver = 4.12.01.2008 | Size = 720896 bytes | Created Date = 9/3/2007 7:29:53 PM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Created Date = 9/3/2007 7:31:59 PM | Attr = ]
CleanUp.exe -> %System32%\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 9/3/2007 7:29:49 PM | Attr = ]
CTSVCCDA.EXE -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Created Date = 9/3/2007 7:35:42 PM | Attr = ]
CTSVCCTL.EXE -> %System32%\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Created Date = 9/3/2007 7:35:42 PM | Attr = ]
DSndUp.exe -> %System32%\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 9 | Size = 49152 bytes | Created Date = 9/3/2007 7:29:48 PM | Attr = ]
DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 11564 bytes | Created Date = 9/3/2007 7:32:00 PM | Attr = ]
e10kxwdm.ini -> %System32%\e10kxwdm.ini -> [Ver = | Size = 46593 bytes | Created Date = 9/3/2007 7:29:45 PM | Attr = R ]
nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 135089 bytes | Created Date = 9/23/2007 1:10:04 PM | Attr = ]
SET9E.tmp -> %System32%\SET9E.tmp -> [Ver = | Size = 293446 bytes | Created Date = 9/3/2007 7:31:45 PM | Attr = R ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Created Date = 9/3/2007 7:39:38 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Created Date = 9/3/2007 7:39:38 PM | Attr = ]
SMMedia.dll -> %System32%\SMMedia.dll -> Analog Devices [Ver = 1, 0, 0, 8 | Size = 1285632 bytes | Created Date = 9/3/2007 7:30:01 PM | Attr = ]
wdmioctl.dll -> %System32%\wdmioctl.dll -> Analog Devices Inc. [Ver = 2, 0, 0, 3 | Size = 30208 bytes | Created Date = 9/3/2007 7:30:02 PM | Attr = ]
aeaudio.sys -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.32 | Size = 100224 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
ianswxp.sys -> %System32%\drivers\ianswxp.sys -> Intel Corporation [Ver = 6.20.00.0000 built by: WinDDK | Size = 102400 bytes | Created Date = 9/3/2007 7:23:08 PM | Attr = R ]
MidiSyn.sys -> %System32%\drivers\MidiSyn.sys -> Analog Devices Inc [Ver = 3, 3, 7, 3 | Size = 235100 bytes | Created Date = 9/3/2007 7:30:45 PM | Attr = ]
smsens.sys -> %System32%\drivers\smsens.sys -> Analog Devices, Inc. [Ver = 5.12.01.0000 | Size = 3744 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
smwdm.sys -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3630 | Size = 578304 bytes | Created Date = 9/3/2007 7:10:58 PM | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Created Date = 9/26/2007 3:52:08 PM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Created Date = 9/26/2007 3:52:08 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = HS]
Hellgate London Beta Setup -> %SystemDrive%\Hellgate London Beta Setup -> [Folder | Modified Date = 9/18/2007 5:35:30 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 9/19/2007 10:31:04 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 9/25/2007 8:55:24 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 9/8/2007 11:41:52 AM | Attr = H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 9/8/2007 10:40:02 AM | Attr = H ]
$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 9/8/2007 10:46:54 AM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 8/28/2007 11:00:40 PM | Attr = H ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 3104 bytes | Modified Date = 9/3/2007 8:28:38 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/26/2007 3:33:40 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 9/23/2007 2:09:30 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 9/8/2007 11:00:20 AM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 9/8/2007 11:00:54 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 9/8/2007 11:01:06 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 9/23/2007 2:09:04 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 9/19/2007 10:52:08 PM | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 2145386496 bytes | Modified Date = 9/17/2007 4:31:32 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 9/26/2007 7:14:08 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 9/17/2007 4:31:36 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 9/23/2007 2:13:10 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 9/26/2007 4:58:18 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/25/2007 8:55:24 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 9/25/2007 8:55:24 AM | Attr = H ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1034450 bytes | Modified Date = 9/8/2007 10:34:50 AM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 9/3/2007 8:29:56 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 227 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 9/23/2007 2:13:10 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 9/26/2007 4:55:42 PM | Attr = ]
VirtualEar -> %SystemRoot%\VirtualEar -> [Folder | Modified Date = 9/3/2007 8:29:56 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 589 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 589 bytes | Modified Date = 9/17/2007 5:08:58 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.BAK -> [Ver = | Size = 4958588 bytes | Modified Date = 9/17/2007 5:49:56 PM | Attr = ]
{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> %SystemRoot%\{00000002-00000000-0000000D-00001102-00000008-10211102}.CDF -> [Ver = | Size = 4958588 bytes | Modified Date = 9/17/2007 5:49:56 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/26/2007 3:33:42 PM | Attr = H ]
wrSpySweeper_FE67D2A14E894D4C995948D4A5F846AA.job -> %SystemRoot%\tasks\wrSpySweeper_FE67D2A14E894D4C995948D4A5F846AA.job -> [Ver = | Size = 1630 bytes | Modified Date = 9/17/2007 5:00:04 AM | Attr = ]
BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXBkpCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Modified Date = 9/26/2007 7:35:18 AM | Attr = ]
BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXCtrlState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 29604 bytes | Modified Date = 9/26/2007 7:35:18 AM | Attr = ]
BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Modified Date = 9/26/2007 7:35:18 AM | Attr = ]
BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\BMXStateBkp-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 30600 bytes | Modified Date = 9/26/2007 7:35:18 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 9/8/2007 10:54:32 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 9/25/2007 9:58:44 AM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 9/17/2007 5:49:30 PM | Attr = ]
Data -> %System32%\Data -> [Folder | Modified Date = 9/5/2007 10:24:24 PM | Attr = ]
Defaults -> %System32%\Defaults -> [Folder | Modified Date = 9/3/2007 8:32:46 PM | Attr = ]
DirectX -> %System32%\DirectX -> [Folder | Modified Date = 9/19/2007 10:52:02 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 9/15/2007 8:01:16 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 9/23/2007 2:09:12 PM | Attr = ]
DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> %System32%\DVCState-{00000002-00000000-0000000D-00001102-00000008-10211102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 9/26/2007 7:35:18 AM | Attr = ]
keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 5783040 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 364544 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 135089 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 91949 bytes | Modified Date = 9/25/2007 6:47:06 PM | Attr = ]
nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36864 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 147456 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 413696 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 753664 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6344704 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.900.10 | Size = 307200 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3334144 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1478656 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 229376 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 45056 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 188416 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 1150976 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6746112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 2:10:36 AM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 9/17/2007 2:10:36 AM | Attr = ]
nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 3551232 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 2371584 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
nwiz.exe -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Modified Date = 9/3/2007 8:32:12 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 471326 bytes | Modified Date = 9/5/2007 10:11:08 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 9/5/2007 10:39:36 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 9/5/2007 10:39:36 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13688 bytes | Modified Date = 9/26/2007 3:36:14 PM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Modified Date = 9/3/2007 8:32:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 9/26/2007 4:55:42 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Modified Date = 9/26/2007 4:55:38 PM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Modified Date = 9/26/2007 4:55:42 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (2145386496 bytes) ->
Thawte Consulting , -> %System32%\AddCat.exe -> Creative Technology Ltd. [Ver = 0.0.0.1 | Size = 48400 bytes | Modified Date = 4/9/2007 11:25:36 AM | Attr = ]
Thawte Consulting , -> %System32%\ctpxinst.exe -> Creative Technology Ltd [Ver = 1, 1, 0, 58 | Size = 58104 bytes | Modified Date = 11/14/2006 9:01:30 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.103.0 | Size = 516656 bytes | Modified Date = 2/2/2003 1:01:34 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedSco.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.104.0 | Size = 266952 bytes | Modified Date = 5/19/2003 12:37:20 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2/28/2006 5:00:00 AM | Attr = ]
UPX! , aspack , -> %System32%\drivers\VsapiNT.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 6/12/2007 6:52:00 PM | Attr = ]

< End of report >



I then downloaded ATF cleaner and wiped everything. I use strictly firefox and I had it setup to basically wipe everything after I close the browser, but still ATF cleaner said it cleared 1,549.353 megabytes of stuff. Again, I greatly appreciate the help.

Edited by Noble Savage, 26 September 2007 - 06:41 PM.

  • 0

#6
racenutalways
Posted 27 September 2007 - 09:31 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hey Noble, can I see the Panda Scan report I asked for?

Win XP
To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Press the Apply button and then the OK button and shutdown My Computer.
8. Now your computer is configured to show all hidden files.

Submit Samples:

You have a file/s of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

Please download File Submitter by Grinler. I suggest you save the file where it is easy to locate i.e. the root of the drive (C:\submitter.exe).

Create a right-click option:

1. Navigate to this folder in Windows Explorer: C:\Documents and Settings\username\SendTo
2. Right-click inside the folder and select New > Shortcut.
3. Enter the location of the item: C:\submitter.exe (or wherever you saved it)
4. Name the shortcut: Submit Malware
5. The select Finish.

Configure the tool:

Note to helper - this depends on your preferences!

1. Navigate to the tool in Windows Explorer: C:\submitter.exe (or wherever you saved it)
2. Double-click the file to open it.
3. The put a check in these boxes:

Jotti
VirusTotal
Advanced
BleepingComputer.com

4. Then click Save and OK the confirmation window.
5. Then click Exit to close the tool.

Upload Samples:

1. Locate this file/s in Windows Explorer:


C:\Windows\System32\drivers\etc\tmvsthfss.bin
C:\Windows\System32\drivers\etc\tmvsthfud.bin

2. For each file you need to right-click and select Send To > Submit Malware (or whatever you named the shortcut)
3. Copy/paste the results of the scans in your next reply. You should have two results for each file scanned.

Edited by racenutalways, 27 September 2007 - 09:55 AM.

  • 0

#7
Noble Savage
Posted 30 September 2007 - 02:38 PM

Noble Savage

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, here are the results of the Panda Scan (Sorry about taking so long. I had to re-download and install Internet Explorer. Then I couldn't get it to install active-X because I'm a genius and I was using the "no-addons" shortcut of it.)

Incident Status Location

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-10.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-10.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-11.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-11.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-11.txt[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-11.txt[.xiti.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.fastclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.adtech.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.mediaplex.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-12.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-13.txt[.atdmt.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-15.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-15.txt[.ig.com.br/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-15.txt[.yadro.ru/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-15.txt[.statcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-15.txt[.paycounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-17.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-17.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-17.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-17.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-17.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-19.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-19.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-19.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-2.txt[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-20.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-21.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-22.txt[.doubleclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-22.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-22.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-22.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-22.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-23.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-23.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-23.txt[.doubleclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-3.txt[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-4.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-4.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-5.txt[statse.webtrendslive.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-5.txt[.xiti.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.doubleclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.advertising.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.statcounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.xiti.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\zqzs2kf6.default\cookies-8.txt[.tribalfusion.com/]





And here is the Virus Total for tmvsthfud

File tmvsthfud.bin received on 09.30.2007 21:49:10 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.9.29.0 2007.09.28 -
AntiVir 7.6.0.18 2007.09.30 -
Authentium 4.93.8 2007.09.29 -
Avast 4.7.1043.0 2007.09.30 -
AVG 7.5.0.488 2007.09.30 -
BitDefender 7.2 2007.09.30 -
CAT-QuickHeal 9.00 2007.09.29 -
ClamAV 0.91.2 2007.09.30 -
DrWeb 4.33 2007.09.30 -
eSafe 7.0.15.0 2007.09.30 -
eTrust-Vet 31.2.5174 2007.09.30 -
Ewido 4.0 2007.09.30 -
FileAdvisor 1 2007.09.30 -
Fortinet 3.11.0.0 2007.09.30 -
F-Prot 4.3.2.48 2007.09.29 -
F-Secure 6.70.13030.0 2007.09.29 -
Ikarus T3.1.1.12 2007.09.30 -
Kaspersky 7.0.0.125 2007.09.30 -
McAfee 5130 2007.09.28 -
Microsoft 1.2803 2007.09.30 -
NOD32v2 2560 2007.09.30 -
Norman 5.80.02 2007.09.28 -
Panda 9.0.0.4 2007.09.30 -
Prevx1 V2 2007.09.30 -
Rising 19.42.61.00 2007.09.30 -
Sophos 4.22.0 2007.09.30 -
Sunbelt 2.2.907.0 2007.09.28 -
Symantec 10 2007.09.30 -
TheHacker 6.2.6.074 2007.09.30 -
VBA32 3.12.2.4 2007.09.30 -
VirusBuster 4.3.26:9 2007.09.30 -
Webwasher-Gateway 6.0.1 2007.09.30 -

Additional information
File size: 734 bytes
MD5: de1cbfe6c3086010af115a1f00909b01
SHA1: c75d4c6e53a497c4dc1df1f50bbef08ac625a3d8


and the viruscan site

Scan taken on 30 Sep 2007 19:49:00 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing




now the tmvsthfss file

File tmvsthfss.bin received on 09.30.2007 21:58:36 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.9.29.0 2007.09.28 -
Authentium 4.93.8 2007.09.29 -
Avast 4.7.1043.0 2007.09.30 -
BitDefender 7.2 2007.09.30 -
CAT-QuickHeal 9.00 2007.09.29 -
ClamAV 0.91.2 2007.09.30 -
eSafe 7.0.15.0 2007.09.30 -
eTrust-Vet 31.2.5174 2007.09.30 -
Ewido 4.0 2007.09.30 -
FileAdvisor 1 2007.09.30 -
Fortinet 3.11.0.0 2007.09.30 -
F-Prot 4.3.2.48 2007.09.29 -
Ikarus T3.1.1.12 2007.09.30 -
Kaspersky 7.0.0.125 2007.09.30 -
Microsoft 1.2803 2007.09.30 -
Norman 5.80.02 2007.09.28 -
Panda 9.0.0.4 2007.09.30 -
Prevx1 V2 2007.09.30 -
Sophos 4.22.0 2007.09.30 -
Sunbelt 2.2.907.0 2007.09.28 -
TheHacker 6.2.6.074 2007.09.30 -
VBA32 3.12.2.4 2007.09.30 -
Webwasher-Gateway 6.0.1 2007.09.30 -

Additional information
File size: 734 bytes
MD5: de1cbfe6c3086010af115a1f00909b01
SHA1: c75d4c6e53a497c4dc1df1f50bbef08ac625a3d8




and

Scan taken on 30 Sep 2007 19:58:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


  • 0

#8
racenutalways
Posted 01 October 2007 - 09:35 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Panda only reports cookies, which you can use ATF to delete:

Double-click ATF-Cleaner.exe to run the program

Click Firefox at the top and choose Firefox Cookies and anything else you want to delete
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Let's try DSS and see if it finds anything, if not, may be a hardware issue.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
Noble Savage
Posted 02 October 2007 - 11:20 AM

Noble Savage

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Main

Deckard's System Scanner v20070905.67
Run by Scott on 2007-10-02 10:06:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
89: 2007-10-02 17:06:09 UTC - RP118 - Deckard's System Scanner Restore Point
88: 2007-10-02 16:23:42 UTC - RP117 - System Checkpoint
87: 2007-09-30 18:46:25 UTC - RP116 - Software Distribution Service 3.0
86: 2007-09-29 21:40:48 UTC - RP115 - System Checkpoint
85: 2007-09-28 02:17:32 UTC - RP114 - System Checkpoint


-- First Restore Point --
1: 2007-07-04 03:31:38 UTC - RP30 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:07:15 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scott\My Documents\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\Scott.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 tmmbd (Trend Micro MBD Driver) - c:\windows\system32\drivers\tm_mbd_c.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 BS_DEF - c:\program files\asus\asusupdate\bs_def.sys <Not Verified; AsusTek Computer Inc.; Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51
02B,M29F002T,W29C020.>
S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 3.0>
R3 PcScnSrv (Trend Micro Protection Against Spyware ) - "c:\progra~1\trendm~1\intern~1\pcscnsrv.exe" <Not Verified; Trend Micro Inc.; Trend Micro Internet Security>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-01 05:00:02 1630 --a------ C:\WINDOWS\Tasks\wrSpySweeper_FE67D2A14E894D4C995948D4A5F846AA.job


-- Files created between 2007-09-02 and 2007-10-02 -----------------------------

2007-09-30 11:54:41 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-19 22:31:03 0 d-------- C:\Program Files\Flagship Studios
2007-09-19 22:22:20 0 d-------- C:\Hellgate London Beta Setup
2007-09-19 18:11:17 0 d-------- C:\Documents and Settings\Scott\.DownloadManager
2007-09-15 08:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-03 20:37:32 183 --a------ C:\WINDOWS\setuplog
2007-09-03 20:35:42 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2007-09-03 20:35:42 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2007-09-03 20:30:02 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-09-03 20:30:01 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-09-03 20:29:53 0 d-------- C:\WINDOWS\VirtualEar
2007-09-03 20:29:49 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-09-03 20:29:49 0 d-------- C:\Program Files\Analog Devices
2007-09-03 20:29:48 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>


-- Find3M Report ---------------------------------------------------------------

2007-10-02 08:40:25 0 d-------- C:\Program Files\World of Warcraft
2007-09-30 12:28:21 0 d-------- C:\Program Files\Spyware Doctor
2007-09-30 12:09:23 0 d-------- C:\Program Files\7-Zip
2007-09-17 17:25:33 0 d-------- C:\Program Files\BitTorrent
2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-16 13:57:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-16 13:57:02 0 d-------- C:\Program Files\THQ
2007-09-03 20:35:27 0 d-------- C:\Program Files\Creative
2007-09-03 20:32:10 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-09-03 20:32:10 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-09-03 20:22:47 0 d-------- C:\Program Files\Intel
2007-08-17 14:42:10 1655 --a------ C:\WINDOWS\mozver.dat
2007-08-17 14:41:58 0 d-------- C:\Program Files\DivX
2007-08-14 18:21:23 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-08-14 15:51:32 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-13 18:12:48 0 d-------- C:\Program Files\Sony
2007-08-07 09:50:20 0 d-------- C:\Program Files\Starcraft
2007-08-07 09:39:08 34615 --a------ C:\WINDOWS\scunin.dat
2007-08-07 09:39:04 967 --a------ C:\WINDOWS\ScUnin.pif
2007-08-07 09:39:04 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-08-07 09:28:37 0 d-------- C:\Program Files\DAEMON Tools
2007-07-07 11:06:41 164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [12/26/2006 10:40 PM]
"NvCplDaemon"="RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [06/21/2007 06:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [10/05/2006 01:56 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^BOINC Manager.lnk]
backup=C:\WINDOWS\pss\BOINC Manager.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"RunDLL32.exe" NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
"C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-10-02 10:08:11 ------------


Extra

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2047.23 MiB / 1367.3 MiB
Pagefile Memory (total/avail): 3943.08 MiB / 3413.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 77.07 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JD-00HBB0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1449 (Trend Micro, Inc.) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient"
"C:\\Program Files\\Flagship Studios\\Hellgate London Beta\\Launcher.exe"="C:\\Program Files\\Flagship Studios\\Hellgate London Beta\\Launcher.exe:*:Enabled:Hellgate: London"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Scott\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UMBRA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London Beta\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Scott
LOGONSERVER=\\UMBRA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~130625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
TMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
USERDOMAIN=UMBRA
USERNAME=Scott
USERPROFILE=C:\Documents and Settings\Scott
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Scott (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ASUS Probe V2.23.03 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Call of Cthulhu DCoTE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11�\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE0EB039-3916-41A4-9F38-A1C9BC88728D}\setup.exe" -l0x9 -removeonly
Canon ScanGear Toolbox 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Dark Messiah --> C:\Program Files\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Hellgate: London Beta --> MsiExec.exe /X{DBB0C0DD-5AB5-4B2A-944C-B2E78551FEEE}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
K-Lite Codec Pack 3.1.0 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OALINST.EXE" /U /S
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Privacy Guardian 4.1 --> "C:\Program Files\Privacy Guardian\unins000.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Sound Blaster Audigy 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\SETUP.EXE" -l0x9 /remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 4.0 --> C:\Program Files\Spyware Doctor\unins000.exe
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Warhammer 40,000: Dawn Of War - Gold Edition --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2717 / Error
Event Submitted/Written: 09/30/2007 11:53:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application xpnetdiag.exe, version 5.1.2600.3012, faulting module xpnetdiag.exe, version 5.1.2600.3012, fault address 0x00000003.
Processing media-specific event for [xpnetdiag.exe!ws!]

Event Record #/Type2706 / Error
Event Submitted/Written: 09/26/2007 07:14:06 AM
Event ID/Source: 1111 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005.

Event Record #/Type2703 / Error
Event Submitted/Written: 09/25/2007 08:55:27 PM
Event ID/Source: 1111 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005.

Event Record #/Type2700 / Error
Event Submitted/Written: 09/25/2007 09:51:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Hellgate_mp_Dx9_x86.exe, version 1.0.56.3416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2699 / Error
Event Submitted/Written: 09/25/2007 08:46:08 AM
Event ID/Source: 1111 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4377 / Warning
Event Submitted/Written: 10/02/2007 08:39:42 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4353 / Error
Event Submitted/Written: 10/02/2007 08:20:33 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Personal Firewall service hung on starting.

Event Record #/Type4327 / Error
Event Submitted/Written: 10/01/2007 08:48:52 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Personal Firewall service hung on starting.

Event Record #/Type4286 / Error
Event Submitted/Written: 09/30/2007 11:12:21 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Personal Firewall service hung on starting.

Event Record #/Type4254 / Error
Event Submitted/Written: 09/29/2007 00:20:10 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Personal Firewall service hung on starting.



-- End of Deckard's System Scanner: finished at 2007-10-02 10:08:11 ------------


  • 0

#10
racenutalways
Posted 03 October 2007 - 09:38 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Looking over your logs, I don't see anything malicious that can be causing you any harm. If you are only getting disconnects when trying to surf the net while you have a Bit client running may affect it as some ISPs will throttle your bandwidth. I'm not a Techy in that field so don't take my word for it. Using P2P for file sharing is a great way to get infected, over and over. :)
You might want to post here, tell them you went through the malware removal process. Good luck!!

Update Java to Java 6 update 3.
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.

    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave CheckedApplications and Applets
    Trace and Log files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Remove all old versions of Java and J2SE in your Add\Remove Programs, they cause a security vulnerabilty.


There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox
Opera

Google Toolbar <= Get the free google toolbar to help stop pop up windows.

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

You should also have a good firewall. Here are 2 free ones available for personal use:

Kerio Personal Firewall
ZoneAlarm

To keep your operating system up to date visit monthly

Microsoft Windows Update

And to keep your system clean run these free malware scanners

AdAware SE Personal........How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
Spybot Search & Destroy............How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

And lastly, read Tony Klein's article: So how DID you get infected in the first place?
  • 0

#11
Noble Savage
Posted 05 October 2007 - 12:29 PM

Noble Savage

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, thanks very much for your help.
  • 0

#12
racenutalways
Posted 07 October 2007 - 10:45 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP