Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is my computer infected?

Started by manu08 , Mar 10 2007 04:54 AM

  • Please log in to reply

#1
manu08
Posted 10 March 2007 - 04:54 AM

manu08

    Member

  • Member
  • PipPipPip
  • 355 posts
I'm working on some problems my computer is having on this current post. I was going through the steps I should go through before posting here. I did the ATF Cleaner and it said it freed up 198MB, ran Spybot Search & Destroy and it found no spyware. I use Avast! antivirus and Comodo Personal Firewall. When trying to install the ActiveX script to do the online panda virus scan my virus scanner said there was a virus on that webpage so I had to terminate it. I did have a virus several weeks back, not sure which one it was but I believe it was cleared up. What should I do now?
Windows Update showed that I had all critical updates installed on my computer. Here are the HijackThis results:

Logfile of HijackThis v1.99.1
Scan saved at 4:21:39 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\adirss.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C61 Series" /O6 "USB001" /M "Stylus C61"
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.savvy.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manukhanna08....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsof...cure/ocarpt.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...978/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04AC67A-017C-4CC5-B145-D1517134BEF7}: NameServer = 203.115.0.1,203.115.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

And here is the uninstall list:

3DMark06
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Advanced X Video Converter
ah Screen Saver
AlienAutopsy
ArcSoft Panorama Maker 3.0
Area 51®
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AtomixMP3 v2.3 Trial
Avanquest update
avast! Antivirus
Battlefield 2™
BitComet 0.70
BitTorrent 4.0.1
Command & Conquer 3 Tiberium Wars™ Demo
Comodo Personal Firewall
CONNECT Auto Update
CONNECT Player
ConvertXtoDVD 2.1.14.223
Counter-Strike: Condition Zero
Creative Audio Console
DH Driver Cleaner Professional Edition
Doom 3
Download Accelerator Plus (DAP)
DVD Region+CSS Free 5.9.7.5
EA Link
EA SPORTS online 2005
EA SPORTS™ Cricket 07
EPSON PhotoQuicker3.2
EPSON Printer Software
ESC61 Problem Solver
EVEREST Home Edition v2.20
FairStars Audio Converter 1.55
FEAR
Google Earth
Half-Life® 2
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Intel® Active Monitor
Intel® PRO Network Adapters and Drivers
iPod Agent 1.1.2.0
iTunes
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 2.77 Full
LimeWire PRO 4.12.6
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Flash Player 8 Plugin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Phone Tools
Motorola Software Update
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
MVision
Need for Speed™ Carbon Demo
Nero 7 Ultra Edition
Nikon View 6
OpenMG Secure Module 4.3.00
PowerDVD
PowerStrip 3 (remove only)
QuickTime
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Seagate SeaTools English Online
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Skype 2.5
Sound Blaster Audigy 2
SoundFont Bank Manager
Spybot - Search & Destroy 1.4
Steam™
SWAT 4
System Requirements Lab
Update for Outlook Junk Email Filter 2007 (KB924884)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.5
WallMaster Pro
WIDCOMM Bluetooth Software
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
WorldPx 3.7.1

Thanks for any help.
  • 0

Advertisements

#2
loophole
Posted 10 March 2007 - 10:23 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please download ComboFix and save it to your desktop (important)


Now, click start >> run and copy and paste the following line into the run box and press ok

%userprofile%\desktop\combofix.exe /v a3dxq.dll

When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
manu08
Posted 10 March 2007 - 10:30 AM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
I get this error message when I try to run that.

Attached Thumbnails

  • error.JPG

  • 0

#4
loophole
Posted 10 March 2007 - 10:38 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Ok, just doubleclick combofix and follow the prompts, and post the log it produces
  • 0

#5
manu08
Posted 10 March 2007 - 10:42 AM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
Well this command prompt window flashes but no log is produced? :whistling:

Edited by manu08, 10 March 2007 - 10:42 AM.

  • 0

#6
loophole
Posted 10 March 2007 - 10:46 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Could be worse than I thought, lets go this route

Download wpf3u_new.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#7
manu08
Posted 10 March 2007 - 10:56 AM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
WinPFind3 logfile created on: 3/10/2007 10:20:12 PM
WinPFind3U by OldTimer - Version 1.0.22 Folder = C:\Documents and Settings\Manu\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1046252 Kb Total Physical Memory | 519028 Kb Available Physical Memory | 49.61% Memory free
3040324 Kb Paging File | 2575192 Kb Available in Paging File | 84.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78148160 Kb Total Space | 13302652 Kb Free Space | 17.02% Space Free
Drive D: | 80413324 Kb Total Space | 55258916 Kb Free Space | 68.72% Space Free
Drive E: | 40138368 Kb Total Space | 23396488 Kb Free Space | 58.29% Space Free
Drive F: | 180734 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
adirss.exe -> %System32%\adirss.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:22 AM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:58:58 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:58:32 PM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:58:52 PM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:57:52 PM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 8/5/2006 8:40:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 503869 bytes | Modified Date = 9/15/2003 4:23:06 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 9/15/2003 4:13:34 PM | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:36 AM | Attr = ]
clptray.exe -> %ProgramFiles%\Comodo\LaunchPad\CLPTray.exe -> COMODO [Ver = 1.1.1.7 | Size = 229448 bytes | Modified Date = 11/1/2006 12:57:30 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Personal Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 12:45:26 AM | Attr = ]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 2:56:02 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:31:00 AM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 8:48:24 AM | Attr = ]
e_s10ic2.exe -> %System32%\spool\drivers\w32x86\3\E_S10IC2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.04 | Size = 74240 bytes | Modified Date = 4/10/2002 8:34:00 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:20:00 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 109344 bytes | Modified Date = 11/15/2006 10:03:36 PM | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:30 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 7.00.2406 | Size = 69216 bytes | Modified Date = 12/6/2006 6:37:40 PM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 1:54:00 PM | Attr = ]
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10/25/2001 1:32:00 AM | Attr = ]
teks_service.exe -> %ProgramFiles%\AlienAutopsy\TEKS_Service.exe -> DynTek, Inc. [Ver = 3.22.31.0 | Size = 77824 bytes | Modified Date = 2/26/2002 4:39:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.22.0 | Size = 313344 bytes | Modified Date = 3/6/2007 5:50:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 8/5/2006 8:40:10 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/2/2007 6:34:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:58:52 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:58:32 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:57:52 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 9/15/2003 4:13:34 PM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Personal Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 12:45:26 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:31:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:26:48 PM | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10/25/2001 1:32:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:11:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 109344 bytes | Modified Date = 11/15/2006 10:03:36 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Logitech\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 101152 bytes | Modified Date = 11/15/2006 10:05:40 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 2:30:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 2:25:18 PM | Attr = ]
(ProductivITService) ProductivIT Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AlienAutopsy\TEKS_Service.exe -> DynTek, Inc. [Ver = 3.22.31.0 | Size = 77824 bytes | Modified Date = 2/26/2002 4:39:08 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 1:54:00 PM | Attr = ]
(Sony SCSI Helper Service) Sony SCSI Helper Service [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\Fsk\SonySCSIHelperService.exe -> Sony Corporation [Ver = 1, 0, 0, 08010 | Size = 79432 bytes | Modified Date = 1/16/2006 8:39:56 AM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 69718 bytes | Modified Date = 8/30/2005 2:19:34 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AlienAutopsy -> %ProgramFiles%\AlienAutopsy\Test_BS.exe -> [Ver = | Size = 98304 bytes | Modified Date = 2/26/2002 4:38:34 PM | Attr = R ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:58:58 PM | Attr = ]
Comodo Launch Pad Tray -> %ProgramFiles%\Comodo\LaunchPad\CLPTray.exe -> COMODO [Ver = 1.1.1.7 | Size = 229448 bytes | Modified Date = 11/1/2006 12:57:30 AM | Attr = ]
Comodo Personal Firewall -> %ProgramFiles%\Comodo\Personal Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2/7/2007 12:46:06 AM | Attr = ]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 2:56:02 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 8:48:24 AM | Attr = ]
CTxfiHlp -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 8/11/2006 2:56:04 PM | Attr = ]
EPSON Stylus C61 Series -> %System32%\spool\drivers\w32x86\3\E_S10IC2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.04 | Size = 74240 bytes | Modified Date = 4/10/2002 8:34:00 AM | Attr = ]
KernelFaultCheck -> -> File not found
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1.00.2405 | Size = 54832 bytes | Modified Date = 12/5/2006 10:55:32 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:20:00 AM | Attr = ]
PowerStrip -> %ProgramFiles%\powerstrip\pstrip.exe -> EnTech Taiwan [Ver = 4.10.03.73 | Size = 722176 bytes | Modified Date = 11/6/2006 6:05:26 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 7.00.2406 | Size = 69216 bytes | Modified Date = 12/6/2006 6:37:40 PM | Attr = ]
sysinter -> %System32%\adirss.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:22 AM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.70 | Size = 3394048 bytes | Modified Date = 6/23/2006 10:30:34 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 10/13/2006 5:20:08 PM | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 12:35:24 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\BTTray.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 503869 bytes | Modified Date = 9/15/2003 4:23:06 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Manu\Start Menu\Programs\Startup
%UserStartup%\ATI Tray Tools.lnk -> %ProgramFiles%\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.exe -> File not found
%UserStartup%\WallMaster Pro.lnk -> %ProgramFiles%\WallMaster\wallmast.exe -> Tropical Wares [Ver = 4.0.1.1 | Size = 467968 bytes | Modified Date = 4/22/2002 11:28:00 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 10/9/2004 2:48:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
A3dxq -> %System32%\a3dxq.dll -> [Ver = | Size = 13686 bytes | Modified Date = 2/20/2007 6:04:00 PM | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 110592 bytes | Modified Date = 2/3/2007 1:26:30 AM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
www_savvy.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} [HKLM] -> %ProgramFiles%\DAP\DAPBHO.dll [DAPHelper Class] -> Speedbit Ltd. [Ver = 8, 0, 0, 0 | Size = 122946 bytes | Modified Date = 4/5/2006 3:59:36 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] -> BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 2/8/2007 10:34:02 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:34:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 1:23:08 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 10/23/2005 12:29:16 PM | Attr = ]
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
E&xport to Microsoft Office Excel -> -> File not found
Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 1:23:12 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{200B8E6F-C250-450A-8F9A-BE33E2A1A6EB} -> () ->
{480BC411-E1AC-4C4A-A464-06500A87CBEA} -> () ->
{92014E23-AAB8-4F4E-9D79-5FE9D575D396} -> () ->
{968601EB-1437-4E6A-BEE8-D5308FC05394} -> (1394 Net Adapter) ->
{B04AC67A-017C-4CC5-B145-D1517134BEF7} -> 203.115.0.1,203.115.0.18 (Intel® PRO/1000 CT Network Connection) ->
{D4C56C8A-196B-4EF6-996E-506C78B13AB2} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/...UI.cab55579.cab ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative....026/CTSUEng.cab ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop...p/PCPitStop.CAB ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> MSN Games – Buddy Invite - CodeBase = http://zone.msn.com/...dy.cab55579.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://manukhanna08....ad/MsnPUpld.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/...at.cab55579.cab ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai...all/xscan53.cab ->
{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> McAfee Virtual Technician Control Class - CodeBase = http://us-download.m...ted/mvt/mvt.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory....ap/PhtPkMSN.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/...he.cab55579.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory....ap/DigWXMSN.cab ->
{AEF76437-F960-4EBC-97EA-7BBB4230CF38} -> OcarptMain Class - CodeBase = https://oca.microsof...cure/ocarpt.CAB ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn...ro.cab55579.cab ->
{BE833F39-1E0C-468C-BA70-25AAEE55775E} -> System Requirements Lab Class - CodeBase = http://www.systemreq...m/sysreqlab.cab ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc4.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> MSN Games – Game Communicator - CodeBase = http://zone.msn.com/...xy.cab55579.cab ->
{E36C5562-C4E0-4220-BCB2-1C671E3A5916} -> Seagate SeaTools English Online - CodeBase = http://www.seagate.c.../npseatools.cab ->
{E8F628B5-259A-4734-97EE-BA914D7BE941} -> Driver Agent ActiveX Control - CodeBase = http://driveragent.c...driveragent.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...978/mcfscan.cab ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> Creative Software AutoUpdate Support Package - CodeBase = http://www.creative....15028/CTPID.cab ->


[Files - Created Within 30 days]
BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Created Date = 2/21/2007 7:27:25 AM | Attr = ]
CTDCRES.DLL -> %SystemRoot%\CTDCRES.DLL -> Creative Technology Ltd [Ver = 5.12.01.1140-2.07.0070 | Size = 10240 bytes | Created Date = 2/18/2007 1:49:04 PM | Attr = ]
CTXFIRES.DLL -> %SystemRoot%\CTXFIRES.DLL -> [Ver = 1, 0, 2, 0 | Size = 3072 bytes | Created Date = 2/18/2007 1:49:05 PM | Attr = ]
GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Created Date = 2/21/2007 7:19:50 AM | Attr = ]
hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
Multimedia manager.INI -> %SystemRoot%\Multimedia manager.INI -> [Ver = | Size = 33 bytes | Created Date = 2/14/2007 6:48:28 PM | Attr = ]
PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 2/21/2007 7:19:08 AM | Attr = ]
TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Created Date = 2/21/2007 7:19:09 AM | Attr = ]
tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 674 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1994487 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Created Date = 2/21/2007 7:19:09 AM | Attr = ]
VPTNFILE.281 -> %SystemRoot%\VPTNFILE.281 -> [Ver = | Size = 26550437 bytes | Created Date = 2/21/2007 7:27:15 AM | Attr = ]
vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Created Date = 2/21/2007 7:27:25 AM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> [Ver = | Size = 4958588 bytes | Created Date = 2/18/2007 1:51:44 PM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4958588 bytes | Created Date = 2/18/2007 1:50:50 PM | Attr = ]
a3dxq.dll -> %System32%\a3dxq.dll -> [Ver = | Size = 13686 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = ]
adirss.exe -> %System32%\adirss.exe -> [Ver = | Size = 7218 bytes | Created Date = 2/21/2007 1:05:21 AM | Attr = ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Created Date = 3/8/2007 2:21:34 AM | Attr = ]
atinppt2.ax -> %System32%\atinppt2.ax -> ATI Technologies Inc. [Ver = 6.14.10.1078 | Size = 106496 bytes | Created Date = 3/8/2007 2:21:46 AM | Attr = ]
BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
dd.exe -> %System32%\dd.exe -> [Ver = | Size = 7218 bytes | Created Date = 2/21/2007 1:05:21 AM | Attr = ]
DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 11564 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/10/2007 4:03:20 PM | Attr = ]
instwdm.ini -> %System32%\instwdm.ini -> [Ver = | Size = 86446 bytes | Created Date = 2/18/2007 1:49:05 PM | Attr = ]
ma.exe.exe -> %System32%\ma.exe.exe -> [Ver = | Size = 58418 bytes | Created Date = 2/20/2007 6:04:10 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/10/2007 4:03:15 PM | Attr = ]
pp.exe.exe -> %System32%\pp.exe.exe -> [Ver = | Size = 36402 bytes | Created Date = 2/20/2007 6:04:14 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
sm.exe -> %System32%\sm.exe -> [Ver = | Size = 7218 bytes | Created Date = 2/21/2007 1:05:20 AM | Attr = ]
vxg4am1et2.exe -> %System32%\vxg4am1et2.exe -> [Ver = | Size = 7499 bytes | Created Date = 2/20/2007 6:03:58 PM | Attr = ]
vxga5me3.exe -> %System32%\vxga5me3.exe -> [Ver = | Size = 48876 bytes | Created Date = 2/20/2007 5:44:41 PM | Attr = ]
winsub.xml -> %System32%\winsub.xml -> [Ver = | Size = 4 bytes | Created Date = 2/20/2007 6:04:08 PM | Attr = ]
zlbw.dll -> %System32%\zlbw.dll -> [Ver = | Size = 46592 bytes | Created Date = 2/20/2007 6:04:57 PM | Attr = ]
atinavt2.sys -> %System32%\drivers\atinavt2.sys -> ATI Technologies Inc. [Ver = 6.14.10.1078 | Size = 168832 bytes | Created Date = 3/8/2007 2:21:46 AM | Attr = ]
motmodem.sys -> %System32%\drivers\motmodem.sys -> Motorola [Ver = 1.6.0.0 built by: WinDDK | Size = 20992 bytes | Created Date = 2/17/2007 5:21:08 PM | Attr = ]
motodrv.sys -> %System32%\drivers\motodrv.sys -> Motorola Inc [Ver = 2.7 | Size = 40832 bytes | Created Date = 2/17/2007 5:21:07 PM | Attr = ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %System32%\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/17/2007 5:23:25 PM | Attr = H ]
Msft_Kernel_motmodem_01005.Wdf -> %System32%\drivers\Msft_Kernel_motmodem_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/17/2007 5:23:29 PM | Attr = H ]
TVICHW32.SYS -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Created Date = 2/21/2007 5:32:55 PM | Attr = ]

[Files - Modified Within 30 days]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/10/2007 12:15:04 PM | Attr = S]
BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
DUMPa8d2.tmp -> %SystemRoot%\DUMPa8d2.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2/27/2007 6:16:56 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 68 bytes | Modified Date = 3/10/2007 4:39:16 PM | Attr = ]
GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 2/21/2007 7:19:52 AM | Attr = ]
hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 3/8/2007 3:27:20 AM | Attr = ]
Multimedia manager.INI -> %SystemRoot%\Multimedia manager.INI -> [Ver = | Size = 33 bytes | Modified Date = 2/14/2007 6:48:30 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 3/10/2007 5:32:00 PM | Attr = ]
PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
SBWIN.INI -> %SystemRoot%\SBWIN.INI -> [Ver = | Size = 136 bytes | Modified Date = 2/27/2007 1:37:26 PM | Attr = ]
TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 674 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1994487 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
VPTNFILE.281 -> %SystemRoot%\VPTNFILE.281 -> [Ver = | Size = 26550437 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 613 bytes | Modified Date = 2/14/2007 5:28:12 PM | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 110 bytes | Modified Date = 3/8/2007 2:13:28 AM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> [Ver = | Size = 4958588 bytes | Modified Date = 3/10/2007 7:55:12 AM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4958588 bytes | Modified Date = 3/10/2007 4:39:54 PM | Attr = ]
a3dxq.dll -> %System32%\a3dxq.dll -> [Ver = | Size = 13686 bytes | Modified Date = 2/20/2007 6:04:00 PM | Attr = ]
adirss.exe -> %System32%\adirss.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:22 AM | Attr = ]
BitCometRes.dll -> %System32%\BitCometRes.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 2/26/2007 12:44:16 AM | Attr = ]
BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 3/9/2007 8:39:10 PM | Attr = ]
dd.exe -> %System32%\dd.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:24 AM | Attr = ]
DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 274168 bytes | Modified Date = 3/8/2007 3:52:46 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
ma.exe.exe -> %System32%\ma.exe.exe -> [Ver = | Size = 58418 bytes | Modified Date = 2/20/2007 6:04:14 PM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Modified Date = 2/18/2007 1:50:22 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
pp.exe.exe -> %System32%\pp.exe.exe -> [Ver = | Size = 36402 bytes | Modified Date = 2/20/2007 6:04:16 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/10/2007 7:56:14 AM | Attr = ]
sm.exe -> %System32%\sm.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:22 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
vxg4am1et2.exe -> %System32%\vxg4am1et2.exe -> [Ver = | Size = 7499 bytes | Modified Date = 2/20/2007 6:04:00 PM | Attr = ]
vxga5me3.exe -> %System32%\vxga5me3.exe -> [Ver = | Size = 48876 bytes | Modified Date = 2/20/2007 5:44:50 PM | Attr = ]
winsub.xml -> %System32%\winsub.xml -> [Ver = | Size = 4 bytes | Modified Date = 2/20/2007 6:04:10 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 3/10/2007 4:18:48 PM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Modified Date = 2/18/2007 1:50:22 PM | Attr = ]
zlbw.dll -> %System32%\zlbw.dll -> [Ver = | Size = 46592 bytes | Modified Date = 2/20/2007 6:04:58 PM | Attr = ]
lvuvc.hs -> %System32%\drivers\lvuvc.hs -> [Ver = | Size = 0 bytes | Modified Date = 3/10/2007 12:14:52 PM | Attr = ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %System32%\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/17/2007 5:23:26 PM | Attr = H ]
Msft_Kernel_motmodem_01005.Wdf -> %System32%\drivers\Msft_Kernel_motmodem_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/17/2007 5:23:30 PM | Attr = H ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 2/20/2007 5:39:56 PM | Attr = ]
TVICHW32.SYS -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Modified Date = 2/21/2007 5:32:52 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.231 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 5/12/2006 6:49:02 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.252 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 7/29/2006 1:48:00 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.291 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 11/29/2006 1:59:44 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ah.scr -> Stardust Software [Ver = 4, 0, 0, 206 | Size = 564736 bytes | Modified Date = 1/7/2006 9:24:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 11:02:08 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/3/2006 11:40:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ppsys.dll -> Blumentals Software [Ver = 1.0.0.0 | Size = 186368 bytes | Modified Date = 11/7/2005 5:01:20 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 11:11:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 11:11:38 AM | Attr = ]

< End of report >
  • 0

#8
loophole
Posted 10 March 2007 - 11:36 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> adirss.exe -> %System32%\adirss.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck -> 
YN -> sysinter -> %System32%\adirss.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> A3dxq -> %System32%\a3dxq.dll
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
[Files - Created Within 30 days]
NY -> a3dxq.dll -> %System32%\a3dxq.dll
NY -> adirss.exe -> %System32%\adirss.exe
NY -> ma.exe.exe -> %System32%\ma.exe.exe
NY -> pp.exe.exe -> %System32%\pp.exe.exe
NY -> sm.exe -> %System32%\sm.exe
NY -> vxg4am1et2.exe -> %System32%\vxg4am1et2.exe
NY -> vxga5me3.exe -> %System32%\vxga5me3.exe
NY -> winsub.xml -> %System32%\winsub.xml
NY -> zlbw.dll -> %System32%\zlbw.dll
[Reboot]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the following back here:

* a new WinPFind3U report
*A new hijack log
  • 0

#9
manu08
Posted 10 March 2007 - 12:37 PM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
Well, I did that and clicked yes to restart the computer but on the reboot my computer froze so I had to push the reset button and then loaded up in safe mode first and then restarted to boot up in normal mode. This has happened for the last few times I've restarted the computer, for instance, if I uninstall a program it will say that a restart is required and when I click yes to restart my computer then the same would happen.
Anyway here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:03:56 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C61 Series" /O6 "USB001" /M "Stylus C61"
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.savvy.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manukhanna08....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsof...cure/ocarpt.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...978/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04AC67A-017C-4CC5-B145-D1517134BEF7}: NameServer = 203.115.0.1,203.115.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

And here's the uninstall list:

3DMark06
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Advanced X Video Converter
ah Screen Saver
AlienAutopsy
ArcSoft Panorama Maker 3.0
Area 51®
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AtomixMP3 v2.3 Trial
Avanquest update
avast! Antivirus
Battlefield 2™
BitComet 0.70
Command & Conquer 3 Tiberium Wars™ Demo
Comodo Personal Firewall
CONNECT Auto Update
CONNECT Player
ConvertXtoDVD 2.1.14.223
Counter-Strike: Condition Zero
Creative Audio Console
DH Driver Cleaner Professional Edition
Doom 3
Download Accelerator Plus (DAP)
DVD Region+CSS Free 5.9.7.5
EA SPORTS online 2005
EA SPORTS™ Cricket 07
EPSON Printer Software
EVEREST Home Edition v2.20
FairStars Audio Converter 1.55
FEAR
Google Earth
Half-Life® 2
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Intel® PRO Network Adapters and Drivers
iPod Agent 1.1.2.0
iTunes
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 2.77 Full
LimeWire PRO 4.12.6
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Flash Player 8 Plugin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Phone Tools
Motorola Software Update
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
MVision
Need for Speed™ Carbon Demo
Nero 7 Ultra Edition
Nikon View 6
OpenMG Secure Module 4.3.00
PowerDVD
PowerStrip 3 (remove only)
QuickTime
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Seagate SeaTools English Online
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Skype 2.5
Sound Blaster Audigy 2
SoundFont Bank Manager
Spybot - Search & Destroy 1.4
Steam™
SWAT 4
System Requirements Lab
Update for Outlook Junk Email Filter 2007 (KB924884)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.5
WallMaster Pro
WIDCOMM Bluetooth Software
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
WorldPx 3.7.1

I will add another reply in 2 minutes for the WinPFind3U report
  • 0

#10
manu08
Posted 10 March 2007 - 12:49 PM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
WinPFind3 logfile created on: 3/11/2007 12:08:38 AM
WinPFind3U by OldTimer - Version 1.0.22 Folder = C:\Documents and Settings\Manu\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1046252 Kb Total Physical Memory | 490108 Kb Available Physical Memory | 46.84% Memory free
3040324 Kb Paging File | 2555528 Kb Available in Paging File | 84.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78148160 Kb Total Space | 13303520 Kb Free Space | 17.02% Space Free
Drive D: | 80413324 Kb Total Space | 55258400 Kb Free Space | 68.72% Space Free
Drive E: | 40138368 Kb Total Space | 23396500 Kb Free Space | 58.29% Space Free
Drive F: | 180734 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:58:58 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:58:32 PM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:58:52 PM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:57:52 PM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 8/5/2006 8:40:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 503869 bytes | Modified Date = 9/15/2003 4:23:06 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 9/15/2003 4:13:34 PM | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:36 AM | Attr = ]
clptray.exe -> %ProgramFiles%\Comodo\LaunchPad\CLPTray.exe -> COMODO [Ver = 1.1.1.7 | Size = 229448 bytes | Modified Date = 11/1/2006 12:57:30 AM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Personal Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 12:45:26 AM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Personal Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2/7/2007 12:46:06 AM | Attr = ]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 2:56:02 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:31:00 AM | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 8:48:24 AM | Attr = ]
e_s10ic2.exe -> %System32%\spool\drivers\w32x86\3\E_S10IC2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.04 | Size = 74240 bytes | Modified Date = 4/10/2002 8:34:00 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:20:00 AM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 109344 bytes | Modified Date = 11/15/2006 10:03:36 PM | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 9/29/2006 9:57:30 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 7.00.2406 | Size = 69216 bytes | Modified Date = 12/6/2006 6:37:40 PM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 1:54:00 PM | Attr = ]
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10/25/2001 1:32:00 AM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 10/13/2006 5:20:08 PM | Attr = ]
teks_service.exe -> %ProgramFiles%\AlienAutopsy\TEKS_Service.exe -> DynTek, Inc. [Ver = 3.22.31.0 | Size = 77824 bytes | Modified Date = 2/26/2002 4:39:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.22.0 | Size = 313344 bytes | Modified Date = 3/6/2007 5:50:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 8/5/2006 8:40:10 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 446464 bytes | Modified Date = 2/3/2007 1:25:10 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/2/2007 6:34:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 1/15/2007 10:58:52 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 1/15/2007 10:58:32 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 1/15/2007 10:57:52 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 9/15/2003 4:13:34 PM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Personal Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 2/7/2007 12:45:26 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:31:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:26:48 PM | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10/25/2001 1:32:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:11:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 109344 bytes | Modified Date = 11/15/2006 10:03:36 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Logitech\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 101152 bytes | Modified Date = 11/15/2006 10:05:40 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 2:30:50 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 8/30/2005 2:25:18 PM | Attr = ]
(ProductivITService) ProductivIT Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AlienAutopsy\TEKS_Service.exe -> DynTek, Inc. [Ver = 3.22.31.0 | Size = 77824 bytes | Modified Date = 2/26/2002 4:39:08 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 1:54:00 PM | Attr = ]
(Sony SCSI Helper Service) Sony SCSI Helper Service [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\Fsk\SonySCSIHelperService.exe -> Sony Corporation [Ver = 1, 0, 0, 08010 | Size = 79432 bytes | Modified Date = 1/16/2006 8:39:56 AM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 69718 bytes | Modified Date = 8/30/2005 2:19:34 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AlienAutopsy -> %ProgramFiles%\AlienAutopsy\Test_BS.exe -> [Ver = | Size = 98304 bytes | Modified Date = 2/26/2002 4:38:34 PM | Attr = R ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 1/15/2007 10:58:58 PM | Attr = ]
Comodo Launch Pad Tray -> %ProgramFiles%\Comodo\LaunchPad\CLPTray.exe -> COMODO [Ver = 1.1.1.7 | Size = 229448 bytes | Modified Date = 11/1/2006 12:57:30 AM | Attr = ]
Comodo Personal Firewall -> %ProgramFiles%\Comodo\Personal Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 2/7/2007 12:46:06 AM | Attr = ]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 2:56:02 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 8:48:24 AM | Attr = ]
CTxfiHlp -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 8/11/2006 2:56:04 PM | Attr = ]
EPSON Stylus C61 Series -> %System32%\spool\drivers\w32x86\3\E_S10IC2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.04 | Size = 74240 bytes | Modified Date = 4/10/2002 8:34:00 AM | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1.00.2405 | Size = 54832 bytes | Modified Date = 12/5/2006 10:55:32 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:20:00 AM | Attr = ]
PowerStrip -> %ProgramFiles%\powerstrip\pstrip.exe -> EnTech Taiwan [Ver = 4.10.03.73 | Size = 722176 bytes | Modified Date = 11/6/2006 6:05:26 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 7.00.2406 | Size = 69216 bytes | Modified Date = 12/6/2006 6:37:40 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.70 | Size = 3394048 bytes | Modified Date = 6/23/2006 10:30:34 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 10/13/2006 5:20:08 PM | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 11/10/2006 12:35:24 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\BTTray.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 503869 bytes | Modified Date = 9/15/2003 4:23:06 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Manu\Start Menu\Programs\Startup
%UserStartup%\ATI Tray Tools.lnk -> %ProgramFiles%\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.exe -> File not found
%UserStartup%\WallMaster Pro.lnk -> %ProgramFiles%\WallMaster\wallmast.exe -> Tropical Wares [Ver = 4.0.1.1 | Size = 467968 bytes | Modified Date = 4/22/2002 11:28:00 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 10/9/2004 2:48:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
A3dxq -> %System32%\a3dxq.dll -> File not found
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4158 | Size = 110592 bytes | Modified Date = 2/3/2007 1:26:30 AM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
aol.com [ - ] -> ->
free_aol.com [ - ] -> ->
free_aol.com [http] -> ->
www_savvy.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} [HKLM] -> %ProgramFiles%\DAP\DAPBHO.dll [DAPHelper Class] -> Speedbit Ltd. [Ver = 8, 0, 0, 0 | Size = 122946 bytes | Modified Date = 4/5/2006 3:59:36 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] -> BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 2/8/2007 10:34:02 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:34:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:52:10 PM | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 1:23:08 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 10/23/2005 12:29:16 PM | Attr = ]
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
E&xport to Microsoft Office Excel -> -> File not found
Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 1:23:12 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{200B8E6F-C250-450A-8F9A-BE33E2A1A6EB} -> () ->
{480BC411-E1AC-4C4A-A464-06500A87CBEA} -> () ->
{92014E23-AAB8-4F4E-9D79-5FE9D575D396} -> () ->
{968601EB-1437-4E6A-BEE8-D5308FC05394} -> (1394 Net Adapter) ->
{B04AC67A-017C-4CC5-B145-D1517134BEF7} -> 203.115.0.1,203.115.0.18 (Intel® PRO/1000 CT Network Connection) ->
{D4C56C8A-196B-4EF6-996E-506C78B13AB2} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{05D44720-58E3-49E6-BDF6-D00330E511D3} -> StagingUI Object - CodeBase = http://zone.msn.com/...UI.cab55579.cab ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative....026/CTSUEng.cab ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase = http://www.pcpitstop...p/PCPitStop.CAB ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> MSN Games – Buddy Invite - CodeBase = http://zone.msn.com/...dy.cab55579.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://manukhanna08....ad/MsnPUpld.cab ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> ZonePAChat Object - CodeBase = http://zone.msn.com/...at.cab55579.cab ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai...all/xscan53.cab ->
{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> McAfee Virtual Technician Control Class - CodeBase = http://us-download.m...ted/mvt/mvt.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory....ap/PhtPkMSN.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} -> ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/...he.cab55579.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory....ap/DigWXMSN.cab ->
{AEF76437-F960-4EBC-97EA-7BBB4230CF38} -> OcarptMain Class - CodeBase = https://oca.microsof...cure/ocarpt.CAB ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://cdn2.zone.msn...ro.cab55579.cab ->
{BE833F39-1E0C-468C-BA70-25AAEE55775E} -> System Requirements Lab Class - CodeBase = http://www.systemreq...m/sysreqlab.cab ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc4.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> MSN Games – Game Communicator - CodeBase = http://zone.msn.com/...xy.cab55579.cab ->
{E36C5562-C4E0-4220-BCB2-1C671E3A5916} -> Seagate SeaTools English Online - CodeBase = http://www.seagate.c.../npseatools.cab ->
{E8F628B5-259A-4734-97EE-BA914D7BE941} -> Driver Agent ActiveX Control - CodeBase = http://driveragent.c...driveragent.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcaf...978/mcfscan.cab ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> Creative Software AutoUpdate Support Package - CodeBase = http://www.creative....15028/CTPID.cab ->


[Files - Created Within 30 days]
BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Created Date = 2/21/2007 7:27:25 AM | Attr = ]
CTDCRES.DLL -> %SystemRoot%\CTDCRES.DLL -> Creative Technology Ltd [Ver = 5.12.01.1140-2.07.0070 | Size = 10240 bytes | Created Date = 2/18/2007 1:49:04 PM | Attr = ]
CTXFIRES.DLL -> %SystemRoot%\CTXFIRES.DLL -> [Ver = 1, 0, 2, 0 | Size = 3072 bytes | Created Date = 2/18/2007 1:49:05 PM | Attr = ]
GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Created Date = 2/21/2007 7:19:50 AM | Attr = ]
hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
Multimedia manager.INI -> %SystemRoot%\Multimedia manager.INI -> [Ver = | Size = 33 bytes | Created Date = 2/14/2007 6:48:28 PM | Attr = ]
PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 2/21/2007 7:19:08 AM | Attr = ]
TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Created Date = 2/21/2007 7:19:09 AM | Attr = ]
tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 674 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1994487 bytes | Created Date = 2/21/2007 7:27:26 AM | Attr = ]
UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Created Date = 2/21/2007 7:19:09 AM | Attr = ]
VPTNFILE.281 -> %SystemRoot%\VPTNFILE.281 -> [Ver = | Size = 26550437 bytes | Created Date = 2/21/2007 7:27:15 AM | Attr = ]
vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Created Date = 2/21/2007 7:27:25 AM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> [Ver = | Size = 4958588 bytes | Created Date = 2/18/2007 1:51:44 PM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4958588 bytes | Created Date = 2/18/2007 1:50:50 PM | Attr = ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Created Date = 3/8/2007 2:21:34 AM | Attr = ]
atinppt2.ax -> %System32%\atinppt2.ax -> ATI Technologies Inc. [Ver = 6.14.10.1078 | Size = 106496 bytes | Created Date = 3/8/2007 2:21:46 AM | Attr = ]
BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
dd.exe -> %System32%\dd.exe -> [Ver = | Size = 7218 bytes | Created Date = 2/21/2007 1:05:21 AM | Attr = ]
DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 11564 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/10/2007 4:03:20 PM | Attr = ]
instwdm.ini -> %System32%\instwdm.ini -> [Ver = | Size = 86446 bytes | Created Date = 2/18/2007 1:49:05 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/10/2007 4:03:15 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2/18/2007 1:51:56 PM | Attr = ]
atinavt2.sys -> %System32%\drivers\atinavt2.sys -> ATI Technologies Inc. [Ver = 6.14.10.1078 | Size = 168832 bytes | Created Date = 3/8/2007 2:21:46 AM | Attr = ]
motmodem.sys -> %System32%\drivers\motmodem.sys -> Motorola [Ver = 1.6.0.0 built by: WinDDK | Size = 20992 bytes | Created Date = 2/17/2007 5:21:08 PM | Attr = ]
motodrv.sys -> %System32%\drivers\motodrv.sys -> Motorola Inc [Ver = 2.7 | Size = 40832 bytes | Created Date = 2/17/2007 5:21:07 PM | Attr = ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %System32%\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/17/2007 5:23:25 PM | Attr = H ]
Msft_Kernel_motmodem_01005.Wdf -> %System32%\drivers\Msft_Kernel_motmodem_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/17/2007 5:23:29 PM | Attr = H ]
TVICHW32.SYS -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Created Date = 2/21/2007 5:32:55 PM | Attr = ]

[Files - Modified Within 30 days]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/10/2007 11:47:12 PM | Attr = S]
BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
DUMPa8d2.tmp -> %SystemRoot%\DUMPa8d2.tmp -> [Ver = | Size = 65536 bytes | Modified Date = 2/27/2007 6:16:56 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 68 bytes | Modified Date = 3/10/2007 4:39:16 PM | Attr = ]
GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 2/21/2007 7:19:52 AM | Attr = ]
hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 3/8/2007 3:27:20 AM | Attr = ]
Multimedia manager.INI -> %SystemRoot%\Multimedia manager.INI -> [Ver = | Size = 33 bytes | Modified Date = 2/14/2007 6:48:30 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 3/10/2007 5:32:00 PM | Attr = ]
PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
SBWIN.INI -> %SystemRoot%\SBWIN.INI -> [Ver = | Size = 136 bytes | Modified Date = 2/27/2007 1:37:26 PM | Attr = ]
TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 674 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1994487 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 2/21/2007 7:19:10 AM | Attr = ]
VPTNFILE.281 -> %SystemRoot%\VPTNFILE.281 -> [Ver = | Size = 26550437 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 613 bytes | Modified Date = 2/14/2007 5:28:12 PM | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 110 bytes | Modified Date = 3/8/2007 2:13:28 AM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.BAK -> [Ver = | Size = 4958588 bytes | Modified Date = 3/10/2007 11:07:56 PM | Attr = ]
{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> %SystemRoot%\{00000003-00000000-00000003-00001102-00000004-10071102}.CDF -> [Ver = | Size = 4958588 bytes | Modified Date = 3/10/2007 11:07:56 PM | Attr = ]
BitCometRes.dll -> %System32%\BitCometRes.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 2/26/2007 12:44:16 AM | Attr = ]
BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 33120 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 3/9/2007 8:39:10 PM | Attr = ]
dd.exe -> %System32%\dd.exe -> [Ver = | Size = 7218 bytes | Modified Date = 2/21/2007 1:05:24 AM | Attr = ]
DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> %System32%\DVCState-{00000003-00000000-00000003-00001102-00000004-10071102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 274168 bytes | Modified Date = 3/8/2007 3:52:46 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
OpenAL32.dll -> %System32%\OpenAL32.dll -> Portions © Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.13 | Size = 86016 bytes | Modified Date = 2/18/2007 1:50:22 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520190 bytes | Modified Date = 3/9/2007 9:30:52 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 3/10/2007 11:08:50 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/10/2007 4:03:22 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 3/10/2007 11:48:44 PM | Attr = ]
wrap_oal.dll -> %System32%\wrap_oal.dll -> Creative Labs [Ver = 2.0.8.0 | Size = 409600 bytes | Modified Date = 2/18/2007 1:50:22 PM | Attr = ]
lvuvc.hs -> %System32%\drivers\lvuvc.hs -> [Ver = | Size = 0 bytes | Modified Date = 3/10/2007 11:47:02 PM | Attr = ]
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %System32%\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/17/2007 5:23:26 PM | Attr = H ]
Msft_Kernel_motmodem_01005.Wdf -> %System32%\drivers\Msft_Kernel_motmodem_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/17/2007 5:23:30 PM | Attr = H ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 2/20/2007 5:39:56 PM | Attr = ]
TVICHW32.SYS -> %System32%\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Modified Date = 2/21/2007 5:32:52 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.231 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 5/12/2006 6:49:02 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.252 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 7/29/2006 1:48:00 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.291 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 11/29/2006 1:59:44 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 2/21/2007 7:27:28 AM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 2/21/2007 7:27:26 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ah.scr -> Stardust Software [Ver = 4, 0, 0, 206 | Size = 564736 bytes | Modified Date = 1/7/2006 9:24:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 1/15/2007 11:02:08 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/3/2006 11:40:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ppsys.dll -> Blumentals Software [Ver = 1.0.0.0 | Size = 186368 bytes | Modified Date = 11/7/2005 5:01:20 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 5:30:00 PM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 11:11:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 11:11:38 AM | Attr = ]

< End of report >
  • 0

Advertisements

#11
loophole
Posted 10 March 2007 - 01:18 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK, good :whistling:

Are you by chance located in Sri Lanka?

We have some more work to do, but tell me if the computer is running better, and also try to run combofix again and let me know what happens.

Thanks
  • 0

#12
manu08
Posted 10 March 2007 - 01:40 PM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
Yes I am in Sri Lanka. How did you find that out? (Freaky)
I cannot comment on whether the computer is working better as the problem usually is a restart after about 48 - 72 hours of operating so I could only tell you after several days. Combofix still does not work though. Also if you don't mind could you tell me, does my computer have malware and are we trying to solve that or are we still trying to find out whether my computer is infected with malware?
Thanks a lot for the help.
  • 0

#13
loophole
Posted 10 March 2007 - 02:14 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi,

Yes your computer has malware. We are cleaning it up :whistling:
  • Download ComboScan to your Desktop (or other convenient location).
  • Close any open applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - ComboScan.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt into your post in the Malware Removal Forum.
  • A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  • Please attach Supplementary.txt to your post.
Instructions for attaching a file to your post:
  • Simply copy C:\ComboScan\Supplementary.txt into the File Attachments dialog box.
  • Next, click the Add This Attachment button.
  • The screen will refresh and you'll see the file details as shown below:
Posted Image
  • 0

#14
manu08
Posted 10 March 2007 - 02:20 PM

manu08

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts
Here you go..

ComboScan v20070306.20 run by Manu on 2007-03-11 at 01:48:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
39: 2007-03-10 20:18:09 UTC - RP704 - ComboScan Restore Point
38: 2007-03-10 19:55:18 UTC - RP703 - Installed Motorola Software Update
37: 2007-03-10 14:04:10 UTC - RP702 - Removed Windows Vista Upgrade Advisor
36: 2007-03-10 14:00:54 UTC - RP701 - Configured EA Link
35: 2007-03-10 02:24:30 UTC - RP700 - Restore Operation


-- First Restore Point --
1: 2007-02-19 09:00:11 UTC - RP666 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Manu.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:48:18 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\Manu\My Documents\My Completed Downloads\comboscan.exe
C:\HIJACK~1\Manu.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C61 Series" /O6 "USB001" /M "Stylus C61"
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.savvy.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manukhanna08....ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsof...cure/ocarpt.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...978/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04AC67A-017C-4CC5-B145-D1517134BEF7}: NameServer = 203.115.0.1,203.115.0.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S 61883 (61883 Unit Device) - C:\WINDOWS\system32\drivers\61883.sys
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R ATIAVAIW (ATI T200 Unified AVStream service) - C:\WINDOWS\system32\drivers\atinavt2.sys
1S atitray - C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys (not found)
3S Avc (AVC Device) - C:\WINDOWS\system32\drivers\avc.sys
3R BtAudio (Bluetooth Audio) - C:\WINDOWS\system32\drivers\btaudio.sys
3R BTDriver (Bluetooth Virtual Communications Driver) - C:\WINDOWS\system32\drivers\btport.sys
3S BthEnum (Bluetooth Request Block Driver) - C:\WINDOWS\system32\drivers\bthenum.sys
3S BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys
3S BTHPORT (Bluetooth Port Driver) - C:\WINDOWS\system32\drivers\bthport.sys
3S BTHUSB (Bluetooth Radio USB Driver) - C:\WINDOWS\system32\drivers\bthusb.sys
0R BTKRNL (Bluetooth Protocol Stack) - C:\WINDOWS\system32\drivers\btkrnl.sys
2R BTSERIAL (Bluetooth Serial Driver) - C:\WINDOWS\system32\drivers\btserial.sys
2R BTSLBCSP (Bluetooth Port Client Driver) - C:\WINDOWS\system32\drivers\btslbcsp.sys
3R BTWDNDIS (Bluetooth LAN Access Server) - C:\WINDOWS\system32\drivers\btwdndis.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
3S CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - C:\WINDOWS\system32\drivers\Camdrl.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
1R CmdMon (Comodo Application Engine) - C:\WINDOWS\system32\drivers\cmdmon.sys
3R ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\ctac32k.sys
3R ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys
3S ctdvda2k (Creative DVD-Audio Device Driver) - C:\WINDOWS\system32\drivers\ctdvda2k.sys
3R ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
3R ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
3R E1000 (Intel® PRO/1000 Adapter Driver) - C:\WINDOWS\system32\drivers\e1000325.sys
3R emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\emupia2k.sys
3S ENTECH - C:\WINDOWS\system32\drivers\Entech.sys
3R FilterService (UVC Filter Service) - C:\WINDOWS\system32\drivers\lvuvcflt.sys
3S FlexBios (FlexBIOS Service) - C:\WINDOWS\system32\drivers\FlexBios.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
3R hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\haP16v2k.sys
3S hap17v2k (Creative P17V HAL Driver) - C:\WINDOWS\system32\drivers\haP17v2k.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
0R Inspect (Comodo Network Engine) - C:\WINDOWS\system32\drivers\inspect.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
3S Invoker (Flash5 Invoker Service) - C:\WINDOWS\system32\drivers\Invoker.sys
3R L8042pr2 (Logitech PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042pr2.Sys
3S LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys
3R LVcKap (Logitech AEC Driver) - C:\WINDOWS\system32\drivers\Lvckap.sys
3R LVMVDrv (Logitech Machine Vision Engine Loader) - C:\WINDOWS\system32\drivers\LVMVdrv.sys
3R lvpopflt (Logitech POP Suppression Filter) - C:\WINDOWS\system32\drivers\lvpopflt.sys
3R LVPr2Mon (Logitech LVPr2Mon Driver) - C:\WINDOWS\system32\drivers\LVPr2Mon.sys
3R LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
3R LVUVC (Logitech QuickCam Fusion(UVC)) - C:\WINDOWS\system32\drivers\lvuvc.sys
3S MotDev (Motorola Inc. USB Device) - C:\WINDOWS\system32\drivers\motodrv.sys
3S motmodem (Motorola USB CDC ACM Driver) - C:\WINDOWS\system32\drivers\motmodem.sys
3S MotoSwitchService (MotoSwitch Service) - C:\WINDOWS\system32\DRIVERS\motswch.sys (not found)
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE Filter) - C:\WINDOWS\system32\drivers\mpe.sys
3S MSDV (Microsoft DV Camera and VCR) - C:\WINDOWS\system32\drivers\msdv.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
3S P2k (Motorola USB Device) - C:\WINDOWS\system32\drivers\P2k.sys
3R Pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3S PhilCam8116 (Logitech QuickCam Pro 3000(PID_08B0)) - C:\WINDOWS\system32\drivers\CamDrL21.sys
3S pnicml - C:\DOCUME~1\Manu\LOCALS~1\Temp\pnicml.sys (not found)
2R PStrip - C:\WINDOWS\system32\drivers\pstrip.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\WINDOWS\system32\drivers\rfcomm.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
0R sbp2port (SBP-2 Transport/Protocol Bus Driver) - C:\WINDOWS\system32\drivers\sbp2port.sys
3S sfcure01 (StarForce Cure Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfcure01.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3R SMBios (Intel ® System Management BIOS Service) - C:\WINDOWS\system32\drivers\SMBios.sys
3S smbusp (Intel® SMBus 2.0 Driver) - C:\WINDOWS\system32\drivers\intelsmb.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S ssm_bus (SAMSUNG Mobile USB Device II 1.0 driver (WDM)) - C:\WINDOWS\system32\drivers\ssm_bus.sys
3S ssm_mdfl (SAMSUNG Mobile USB Modem II 1.0 Filter) - C:\WINDOWS\system32\drivers\ssm_mdfl.sys
3S ssm_mdm (SAMSUNG Mobile USB Modem II 1.0 Drivers) - C:\WINDOWS\system32\drivers\ssm_mdm.sys
1R StarOpen - C:\WINDOWS\system32\drivers\StarOpen.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
1R TeksKernel - C:\WINDOWS\system32\drivers\TeksKernel.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S TVICHW32 - C:\WINDOWS\system32\drivers\TVICHW32.SYS
3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\system32\drivers\usbser.sys
3S usbsermpt (Motorola USB Modem Driver for MPT) - C:\WINDOWS\system32\drivers\usbsermpt.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S Wdf01000 - C:\WINDOWS\system32\drivers\wdf01000.sys
2S wincom32 - C:\WINDOWS\system32\wincom32.sys (not found)
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
2R {95808DC4-FA4A-4c74-92FE-5B863F82066B} - C:\Program Files\CyberLink\PowerDVD0.fcl


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
2R btwdins (Bluetooth Service) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CmdAgent (Comodo Application Agent) - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
2R EPSONStatusAgent2 (EPSON Printer Status Agent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R LVPrcSrv (Process Monitor) - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
2S LVSrvLauncher - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
3S Microsoft Office Groove Audit Service - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
3S MSCSPTISRV - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3S PACSPTISVR - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
2R ProductivITService (ProductivIT Service) - C:\Program Files\AlienAutopsy\TEKS_Service.exe
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3S Sony SCSI Helper Service - "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe"
3S SPTISRV (Sony SPTI Service) - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
3R usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe


-- Files created between 2007-02-11 and 2007-03-11 -----------------------------

2007-03-10 16:19:59 0 d-------- C:\HijackThis<HIJACK~1>
2007-03-10 16:03:10 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-10 01:28:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-10 01:26:39 0 d-------- C:\WINDOWS\AU_Backup<AU_BAC~1>
2007-03-10 01:13:22 12320768 --a------ C:\Documents and Settings\Manu\ntuser.dat
2007-03-08 03:29:05 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-08 03:28:19 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-08 03:27:30 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-08 02:21:46 168832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-03-08 02:21:34 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-08 02:21:02 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-08 01:39:01 0 d-------- C:\Program Files\AlienAutopsy<ALIENA~1>
2007-03-08 01:21:58 0 d-------- C:\Program Files\PowerStrip<POWERS~1>
2007-03-08 01:16:44 0 d-------- C:\WINDOWS\McAfee.com
2007-03-03 12:25:17 0 d-------- C:\Documents and Settings\Manu\Application Data\Command & Conquer 3 Tiberium Wars Demo<COMMAN~1>
2007-03-01 01:34:00 0 d-------- C:\ProgramData<PROGRA~2>
2007-02-28 01:04:19 0 d-------- C:\Program Files\XVideoConverter<XVIDEO~2>
2007-02-21 17:32:55 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-02-21 07:27:26 229957 --a------ C:\WINDOWS\tsc.exe
2007-02-21 07:27:26 71749 --a------ C:\WINDOWS\hcextoutput.dll<HCEXTO~1.DLL>
2007-02-21 07:27:25 1101904 --a------ C:\WINDOWS\vsapi32.dll
2007-02-21 07:27:25 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-02-21 07:19:47 0 d-------- C:\WINDOWS\AU_Temp
2007-02-21 07:19:46 0 d-------- C:\WINDOWS\AU_Log
2007-02-21 07:19:09 69689 --a------ C:\WINDOWS\UNZIP.DLL
2007-02-21 07:19:09 507904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-02-21 07:19:08 286720 --a------ C:\WINDOWS\PATCH.EXE
2007-02-21 01:05:21 7218 --a------ C:\WINDOWS\system32\dd.exe
2007-02-20 17:44:11 0 --a------ C:\Documents and Settings\Manu\Application Data\Install.dat
2007-02-20 17:39:51 47360 --a------ C:\Documents and Settings\Manu\Application Data\pcouffin.sys
2007-02-20 17:39:51 87608 --a------ C:\Documents and Settings\Manu\Application Data\ezpinst.exe
2007-02-18 13:49:05 3072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-02-18 13:49:04 10240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-02-17 17:21:08 1419232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll<WDFCOI~1.DLL>
2007-02-17 17:21:08 20992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-02-17 17:21:07 40832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-02-14 17:23:33 32592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-02-14 17:20:09 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
2007-02-14 17:19:51 0 d-------- C:\Program Files\MSBuild
2007-02-14 17:17:33 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-14 17:10:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~3>
2007-02-14 01:17:05 0 d-------- C:\Documents and Settings\Manu\Application Data\OfficeUpdate12<OFFICE~1>
2007-02-13 22:34:38 5936 --a------ C:\Documents and Settings\Manu\mqdmwhnt.sys
2007-02-13 22:34:38 79328 --a------ C:\Documents and Settings\Manu\mqdmserd.sys
2007-02-13 22:34:38 92064 --a------ C:\Documents and Settings\Manu\mqdmmdm.sys
2007-02-13 22:34:38 9232 --a------ C:\Documents and Settings\Manu\mqdmmdfl.sys
2007-02-13 22:34:38 4048 --a------ C:\Documents and Settings\Manu\mqdmcr.sys
2007-02-13 22:34:38 6208 --a------ C:\Documents and Settings\Manu\mqdmcmnt.sys
2007-02-13 22:34:38 66656 --a------ C:\Documents and Settings\Manu\mqdmbus.sys
2007-02-13 22:11:31 0 d-------- C:\Documents and Settings\Manu\Application Data\InstallShield<INSTAL~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-11 01:47:40 0 d-------- C:\Documents and Settings\Manu\Application Data\Skype
2007-03-11 01:44:16 0 d-------- C:\Program Files\Intel
2007-03-11 01:43:14 0 d-------- C:\Program Files\EA GAMES<EAGAME~1>
2007-03-10 19:33:00 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-10 19:32:16 0 d-------- C:\Program Files\EPSON
2007-03-10 19:31:14 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-03-10 07:55:28 0 d-------- C:\Program Files\Seagate
2007-03-10 01:30:28 0 d-------- C:\Documents and Settings\Manu\Application Data\ATI
2007-03-10 01:26:44 0 d-------- C:\Program Files\BitComet
2007-03-10 01:17:11 0 d-------- C:\Program Files\EA Sports<EASPOR~1>
2007-03-09 20:39:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-02 20:39:27 0 d-------- C:\Documents and Settings\Manu\Application Data\LimeWire
2007-02-27 13:26:35 0 d-------- C:\Program Files\WorldPx
2007-02-26 00:44:15 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-20 17:43:58 0 d-------- C:\Documents and Settings\Manu\Application Data\Vso
2007-02-20 17:40:15 34 --a------ C:\Documents and Settings\Manu\Application Data\pcouffin.log
2007-02-20 17:39:54 1144 --a------ C:\Documents and Settings\Manu\Application Data\pcouffin.inf
2007-02-20 17:39:54 1074 --a------ C:\Documents and Settings\Manu\Application Data\pcouffin.cat
2007-02-18 13:51:34 0 d-------- C:\Program Files\Creative
2007-02-18 13:50:21 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-02-18 13:50:21 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-02-18 13:50:11 0 d-------- C:\Documents and Settings\Manu\Application Data\Creative
2007-02-14 23:45:36 0 d---s---- C:\Documents and Settings\Manu\Application Data\Microsoft<MICROS~1>
2007-02-13 22:35:05 0 d-------- C:\Program Files\Motorola Phone Tools<MOTORO~1>
2007-02-13 22:11:33 0 d-------- C:\Program Files\LiveUpdate<LIVEUP~1>
2007-02-09 13:27:37 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-03 01:47:00 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-03 01:34:44 307200 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-02-03 01:33:43 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-03 01:27:08 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-03 01:26:56 110592 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-02-03 01:26:48 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-02-03 01:26:41 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-03 01:26:29 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-03 01:25:08 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-03 01:24:20 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-02-03 01:16:45 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-03 01:10:29 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-03 01:10:11 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-02-03 00:57:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-03 00:55:54 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-03 00:50:28 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-03 00:49:49 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-01-30 21:51:34 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-01-29 14:28:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 00:51:10 0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-01-24 15:27:30 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-18 01:24:14 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-16 02:08:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-16 02:02:50 0 d-------- C:\Documents and Settings\Manu\Application Data\AdobeUM
2007-01-15 23:02:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 22:53:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-14 14:15:13 0 d-------- C:\Program Files\Microsoft IntelliType Pro<MICROS~2>
2007-01-14 02:45:47 0 d-------- C:\Program Files\Common Files\Logitech
2007-01-14 02:44:08 0 d-------- C:\Program Files\Common Files\Logishrd
2007-01-14 02:44:05 0 d-------- C:\Program Files\Logitech
2007-01-13 15:40:54 0 d-------- C:\Program Files\LimeWire
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-12 01:19:18 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-08 15:30:42 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2006-12-20 03:22:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 23:46:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"EPSON Stylus C61 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C61 Series\" /O6 \"USB001\" /M \"Stylus C61\""
"Comodo Personal Firewall"="C:\\Program Files\\Comodo\\Personal Firewall\\CPF.exe sysrestart"
"Comodo Launch Pad Tray"="C:\\Program Files\\Comodo\\LaunchPad\\CLPTray.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"AlienAutopsy"="\"C:\\Program Files\\AlienAutopsy\\Test_BS.exe\" -h"
"PowerStrip"="c:\\program files\\powerstrip\\pstrip.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkvMon.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="itype"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Communications_Helper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickCam10"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N2PDialr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="N2PDialr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\NET2PH~1\\N2PDialr.exe -auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SBDrvDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Media Connect 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMCCFG"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft�

Attached Files


  • 0

#15
loophole
Posted 10 March 2007 - 03:44 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi manu

`Your log was cut off.

Just copy and paste the rest starting from this line

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

or you can just rerun it and it will produce a little shorter log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP