Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan issues my Logfile of Trend Micro HijackThis v2.0.2 [CLOSED]

Started by dired , Jan 27 2008 01:27 PM

  • This topic is locked This topic is locked

#1
dired
Posted 27 January 2008 - 01:27 PM

dired

    New Member

  • Member
  • Pip
  • 9 posts
Been trying to use some of the previous posts to fix this but very effectively. Here is my Hijackthis log, any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:05 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-299502267-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'adge')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe

--
End of file - 6492 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 27 January 2008 - 03:34 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
dired
Posted 27 January 2008 - 07:20 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Sun 01/27/2008 19:47:10.03

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 19:47:14
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:cc,a6,34,3d,c8,e8,52,68,9e,67,5f,90,65,a9,97,90,bf,35,6f,65,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,29,fb,71,e3,d7,1f,94,5d,f1,f3,50,cf,28,0d,04,aa,83,8c,da,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,39,70,ec,d4,21,23,9b,40,c7,51,8e,36,da,f6,16,57,78,56,89,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
IPC error: 2 The system cannot find the file specified.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:29,bd,b5,5b,2d,b3,02,e3,ae,bf,73,e7,df,7c,f3,6b,4e,1f,01,bb,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,29,fb,71,e3,d7,1f,94,5d,f1,f3,50,cf,28,0d,04,aa,83,8c,da,64,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:55,00,bc,17,06,71,b7,71,45,f1,4f,a6,85,61,db,40,34,f3,c6,7b,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5e,7e,b0,57,18,31,d8,8b,c5,86,3b,83,92,79,a9,05,16,91,82,e3,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,27,bd,bf,4b,bd,dd,61,46,11,04,a1,f2,7d,bb,13,44,..
"khjeh"=hex:29,bd,b5,5b,2d,b3,02,e3,ae,bf,73,e7,df,7c,f3,6b,4e,1f,01,bb,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:20,a0,96,9c,3c,49,86,e7,d6,61,0e,6b,2e,a4,b0,cd,89,e3,69,66,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:8f,83,dd,b6,99,ac,c6,a6,9f,49,73,08,84,7b,41,93,7f,c4,f8,04,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:42,7e,5b,2b,6a,d7,3a,58,62,3f,76,3a,21,79,e6,15,06,59,6c,24,75,..

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0


Deckard's System Scanner v20071014.68
Run by alex on 2008-01-27 19:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 17.88 GiB (less than 15%) free.


-- HijackThis (run as alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:52 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-299502267-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'adge')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Reporting Agents (Reporting) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe

--
End of file - 6448 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-27 13:54:55 0 d-------- C:\Program Files\SAV
2008-01-27 13:48:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-27 13:48:31 0 d-------- C:\Program Files\Symantec
2008-01-27 01:50:00 0 d-------- C:\Program Files\Trend Micro
2008-01-27 00:59:45 0 d-------- C:\Program Files\Common Files\Java
2008-01-22 22:54:00 0 d-------- C:\Documents and Settings\alex\.housecall6.6
2008-01-22 22:53:46 0 d-------- C:\Documents and Settings\alex\Application Data\Sun
2008-01-22 17:01:26 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-18 23:29:52 0 d-------- C:\Program Files\iPod
2008-01-18 23:29:47 0 d-------- C:\Program Files\iTunes
2008-01-16 17:41:13 0 d-------- C:\Program Files\LG Drivers
2008-01-15 09:45:08 0 d-------- C:\WINDOWS\Sun
2008-01-15 09:45:08 0 d-------- C:\Documents and Settings\adge\Application Data\Sun
2008-01-15 09:41:34 0 d-------- C:\Program Files\Java
2008-01-15 05:57:58 0 d-------- C:\Program Files\Microsoft Research
2008-01-09 16:58:44 0 d-------- C:\Program Files\Rockstar Games
2008-01-06 10:13:12 0 d-------- C:\Program Files\Sierra Entertainment
2008-01-06 09:20:52 0 dr-h----- C:\Documents and Settings\alex\Recent
2008-01-02 18:40:11 0 d-------- C:\Program Files\Pure Networks
2008-01-02 18:38:56 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-01-02 18:13:25 0 d-------- C:\Program Files\Pidgin
2008-01-02 11:41:21 0 d-------- C:\Program Files\PowerISO
2008-01-01 18:03:07 0 d-------- C:\Program Files\America's Army
2008-01-01 15:23:11 0 d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2008-01-01 15:22:26 0 d-------- C:\Program Files\Common Files\Apple
2008-01-01 12:11:37 0 d-------- C:\Documents and Settings\alex\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2008-01-27 19:33:44 0 d-------- C:\Documents and Settings\alex\Application Data\Azureus
2008-01-27 19:33:38 0 d-------- C:\Program Files\PeerGuardian2
2008-01-27 19:33:32 0 d-------- C:\Documents and Settings\alex\Application Data\.purple
2008-01-27 19:33:15 0 d-------- C:\Program Files\mIRC
2008-01-27 18:26:37 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-27 13:48:57 0 d-------- C:\Program Files\Common Files
2008-01-18 23:29:03 0 d-------- C:\Program Files\QuickTime
2008-01-09 16:58:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 09:23:20 0 d-------- C:\Program Files\MagicISO
2008-01-06 09:19:31 0 d-------- C:\Program Files\Winamp
2007-12-26 22:43:08 0 d-------- C:\Documents and Settings\alex\Application Data\Adobe
2007-12-26 22:36:16 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-26 22:34:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-26 22:28:44 0 d-------- C:\Documents and Settings\alex\Application Data\ACD Systems
2007-12-26 20:19:57 0 d-------- C:\Program Files\DFX
2007-12-25 20:10:40 0 d-------- C:\Program Files\TVersity Codec Pack
2007-12-25 20:10:38 0 d-------- C:\Program Files\ffdshow
2007-12-25 20:09:39 0 d-------- C:\Program Files\TVersity
2007-12-24 18:23:33 0 d-------- C:\Program Files\DIFX
2007-12-23 11:36:04 0 d-------- C:\Documents and Settings\alex\Application Data\Flickr
2007-12-23 02:11:47 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2007-12-23 02:10:49 0 d-------- C:\Program Files\Futuremark
2007-12-22 18:50:51 0 d-------- C:\Program Files\Azureus
2007-12-20 21:16:04 0 d-------- C:\Program Files\Valvesoftware
2007-12-18 22:42:36 0 dr------- C:\Documents and Settings\alex\Application Data\Brother
2007-12-17 19:35:02 0 d-------- C:\Documents and Settings\alex\Application Data\BSplayer PRO
2007-12-15 15:04:15 0 d-------- C:\Documents and Settings\alex\Application Data\Dr Glitter
2007-12-15 14:26:18 0 d-------- C:\Program Files\Microsoft Bootvis
2007-12-15 13:02:47 0 d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-14 22:25:52 0 d-------- C:\Documents and Settings\alex\Application Data\mIRC
2007-12-13 22:57:22 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-12-13 22:57:13 0 d-------- C:\Program Files\ACD Systems
2007-12-13 22:39:56 0 d-------- C:\Program Files\CCleaner
2007-12-13 22:39:51 0 d-------- C:\Program Files\Yahoo!
2007-12-13 22:12:15 0 d-------- C:\Documents and Settings\alex\Application Data\Thinstall
2007-12-13 22:01:31 0 d-------- C:\Program Files\Apple Software Update
2007-12-13 21:52:12 0 d-------- C:\Program Files\Ahead
2007-12-13 21:52:10 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-11 17:02:59 0 d-------- C:\Program Files\Activision
2007-12-10 23:59:35 0 d-------- C:\Program Files\DAEMON Tools
2007-12-10 23:25:47 0 d-------- C:\Program Files\Webteh
2007-12-10 23:20:03 34 --a------ C:\WINDOWS\system32\BD2070N.DAT
2007-12-10 23:18:18 0 d-------- C:\Program Files\Brownie
2007-12-10 23:18:13 0 d-------- C:\Program Files\Brother
2007-12-10 23:18:07 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-10 23:14:22 0 d-------- C:\Documents and Settings\alex\Application Data\Macromedia
2007-12-10 23:13:07 0 d-------- C:\Program Files\Intel
2007-12-10 23:10:40 0 d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-12-10 23:09:42 0 d-------- C:\Program Files\Realtek
2007-12-10 23:09:37 0 d-------- C:\Documents and Settings\alex\Application Data\InstallShield
2007-12-10 23:08:53 0 d-------- C:\Program Files\Creative
2007-12-10 23:08:18 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-12-10 23:08:17 0 d-------- C:\Documents and Settings\alex\Application Data\Creative
2007-12-10 23:07:21 0 d-------- C:\Program Files\NVIDIA Corporation
2007-12-10 23:06:57 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2007-12-10 23:06:17 0 d-------- C:\Program Files\WinAce
2007-12-10 23:05:12 0 d-------- C:\Program Files\Flickr Uploadr
2007-12-10 23:05:02 0 d-------- C:\Program Files\Common Files\GTK
2007-12-10 22:58:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 22:58:39 0 d-------- C:\Documents and Settings\alex\Application Data\Mozilla
2007-12-10 22:55:40 0 d-------- C:\Documents and Settings\alex\Application Data\Help
2007-12-10 22:46:05 0 d-------- C:\Program Files\Alwil Software
2007-12-10 22:40:42 0 d-------- C:\Documents and Settings\alex\Application Data\Identities
2007-12-10 22:37:05 0 d-------- C:\Program Files\microsoft frontpage
2007-12-10 22:36:49 0 -rahs---- C:\MSDOS.SYS
2007-12-10 22:36:49 0 -rahs---- C:\IO.SYS
2007-12-10 22:36:49 0 --a------ C:\CONFIG.SYS
2007-12-10 22:36:49 0 --a------ C:\AUTOEXEC.BAT
2007-12-10 22:35:37 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-10 22:34:57 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-10 22:34:51 0 d-------- C:\Program Files\Movie Maker
2007-12-10 22:34:06 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-10 22:33:48 0 d-------- C:\Program Files\Online Services
2007-12-10 22:33:39 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-10 22:33:36 0 d-------- C:\Program Files\Messenger
2007-12-10 22:33:32 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-10 22:33:26 0 d-------- C:\Program Files\Windows NT
2007-12-10 17:19:02 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-10 17:19:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-10 17:18:43 62 --ahs---- C:\Documents and Settings\alex\Application Data\desktop.ini
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [10/01/2007 08:08 PM]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [10/29/2007 10:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/06/2007 07:06 AM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 07:25 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\alex\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Program Files\AdVantage\AdVantage.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

*Newly Created Service* - NSCTOP
*Newly Created Service* - REPORTING



-- End of Deckard's System Scanner: finished at 2008-01-27 19:34:11 ------------

KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 8:19:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/01/2008
Kaspersky Anti-Virus database records: 534290
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\alex\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 11946
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:05:08

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_618.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_718.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000004-00001102-00000004-20021102}.CDF Object is locked skipped
C:\DOCUME~1\alex\LOCALS~1\Temp\etilqs_7NdiBaBbRNtcq8L Object is locked skipped
C:\DOCUME~1\alex\LOCALS~1\Temp\~DF5309.tmp Object is locked skipped
Scan process completed.
  • 0

#4
Rorschach112
Posted 27 January 2008 - 07:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How is your PC running ? Any problems ?
  • 0

#5
dired
Posted 27 January 2008 - 07:24 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

How is your PC running ? Any problems ?


avast is constantly detecting viruses, froze several times today...
  • 0

#6
Rorschach112
Posted 27 January 2008 - 07:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hmm are you sure cause Kaspersky found nothing

Can you run Avast and save a logfile and paste it here for me


Also are you having any visible problems ?
  • 0

#7
dired
Posted 27 January 2008 - 08:23 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hmm are you sure cause Kaspersky found nothing

Can you run Avast and save a logfile and paste it here for me


Also are you having any visible problems ?


i'm constantly freezing now, heres avast's log:

12/15/2007 12:02:34 PM SYSTEM 1232 Sign of "JS:Feebs family" has been found in "http://morezzz.info/...l"&btnG=Search" file.
12/26/2007 10:23:53 PM alex 1360 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: M:\DCIM\100CANON\IMG_0056.JPG (M:\DCIM\100CANON\IMG_0056.JPG) returning error, 0000A420.
1/2/2008 4:16:46 PM SYSTEM 1348 AAVM - scanning warning: x_AavmCheckFileDirectEx: http://rs212tl2.rapi..._config_1.3.zip (C:\WINDOWS\TEMP\_avast4_\unp63905180.tmp) returning error, 0000001E.
1/15/2008 3:37:02 PM SYSTEM 1376 Sign of "Win32:Adware-gen [Adw]" has been found in "http://dl.cdn-downlo...gblinksetup.exe\[Embedded#06140]\$0\blink.exe" file.
1/20/2008 8:21:09 AM SYSTEM 1376 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 000004C8.
1/20/2008 8:21:09 AM SYSTEM 1376 An error has occured while attempting to update. Please check the logs.
1/22/2008 6:07:06 PM SYSTEM 1784 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkhe.dll" file.
1/22/2008 7:49:25 PM alex 640 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhfd.dll" file.
1/22/2008 8:49:27 PM alex 640 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.
1/22/2008 9:49:28 PM alex 640 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqr.dll" file.
1/22/2008 10:49:28 PM alex 640 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geebc.dll" file.
1/23/2008 6:49:37 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqq.dll" file.
1/23/2008 8:18:38 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyx.dll" file.
1/23/2008 10:39:59 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.
1/23/2008 11:39:55 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.
1/23/2008 12:39:32 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhf.dll" file.
1/23/2008 1:52:13 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkhe.dll" file.
1/23/2008 2:50:45 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkji.dll" file.
1/24/2008 9:08:52 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttr.dll" file.
1/24/2008 9:09:31 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttu.dll" file.
1/24/2008 10:10:17 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtutr.dll" file.
1/24/2008 3:45:25 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnnl.dll" file.
1/25/2008 11:46:01 AM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljgg.dll" file.
1/25/2008 3:18:09 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnli.dll" file.
1/25/2008 3:18:25 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geedc.dll" file.
1/25/2008 4:18:26 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjj.dll" file.
1/26/2008 9:58:20 AM SYSTEM 288 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso (C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso) returning error, 0000A413.
1/26/2008 1:02:55 PM SYSTEM 288 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso (C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso) returning error, 0000A413.
1/26/2008 1:17:18 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkklj.dll" file.
1/26/2008 1:17:46 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccy.dll" file.
1/26/2008 2:01:38 PM SYSTEM 288 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso (C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso) returning error, 0000A413.
1/26/2008 2:17:36 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqrp.dll" file.
1/26/2008 3:57:21 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaby.dll" file.
1/26/2008 4:06:56 PM SYSTEM 288 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso (C:\Documents and Settings\alex\My Documents\Azureus Downloads\NBA.2K8.PAL.MULTI5.XBOX360.[www.SpaTorrent.com]\image.iso) returning error, 0000A413.
1/26/2008 4:46:20 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaby.dll" file.
1/26/2008 4:57:38 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmn.dll" file.
1/26/2008 5:57:39 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.
1/26/2008 6:57:39 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmk.dll" file.
1/26/2008 7:14:58 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccd.dll" file.
1/26/2008 8:14:58 PM SYSTEM 288 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayv.dll" file.
1/26/2008 9:42:23 PM alex 1884 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
1/26/2008 9:42:29 PM alex 1884 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
1/26/2008 11:30:38 PM SYSTEM 1104 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqr.dll" file.
1/27/2008 12:51:59 AM SYSTEM 1104 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqro.dll" file.
1/27/2008 1:23:21 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqr.dll" file.
1/27/2008 1:23:25 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.
1/27/2008 1:23:25 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaby.dll" file.
1/27/2008 1:23:26 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayv.dll" file.
1/27/2008 1:23:26 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
1/27/2008 1:23:27 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccd.dll" file.
1/27/2008 1:23:27 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccy.dll" file.
1/27/2008 1:23:28 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyx.dll" file.
1/27/2008 1:23:28 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.
1/27/2008 1:23:29 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geebc.dll" file.
1/27/2008 1:23:29 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geedc.dll" file.
1/27/2008 1:23:29 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhf.dll" file.
1/27/2008 1:23:30 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkji.dll" file.
1/27/2008 1:23:30 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjj.dll" file.
1/27/2008 1:23:31 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkklj.dll" file.
1/27/2008 1:23:31 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljgg.dll" file.
1/27/2008 1:23:32 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.
1/27/2008 1:23:32 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmk.dll" file.
1/27/2008 1:23:34 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmn.dll" file.
1/27/2008 1:23:34 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkhe.dll" file.
1/27/2008 1:23:35 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnli.dll" file.
1/27/2008 1:23:35 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnnl.dll" file.
1/27/2008 1:23:35 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqro.dll" file.
1/27/2008 1:23:37 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqrp.dll" file.
1/27/2008 1:23:37 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.
1/27/2008 1:23:37 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqr.dll" file.
1/27/2008 1:23:38 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttr.dll" file.
1/27/2008 1:23:38 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttu.dll" file.
1/27/2008 1:23:38 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqq.dll" file.
1/27/2008 1:23:40 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtutr.dll" file.
1/27/2008 1:23:40 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\awtqr.dll.vir" file.
1/27/2008 1:23:41 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\awvvu.dll.vir" file.
1/27/2008 1:23:41 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddaby.dll.vir" file.
1/27/2008 1:23:41 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddayv.dll.vir" file.
1/27/2008 1:23:42 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddayx.dll.vir" file.
1/27/2008 1:23:42 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.dll.vir" file.
1/27/2008 1:23:43 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.dll.vir" file.
1/27/2008 1:23:43 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyx.dll.vir" file.
1/27/2008 1:23:44 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\gebcc.dll.vir" file.
1/27/2008 1:23:44 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\geebc.dll.vir" file.
1/27/2008 1:23:45 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\geedc.dll.vir" file.
1/27/2008 1:23:45 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.dll.vir" file.
1/27/2008 1:23:46 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir" file.
1/27/2008 1:23:46 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjj.dll.vir" file.
1/27/2008 1:23:46 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\jkklj.dll.vir" file.
1/27/2008 1:23:47 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\mljgg.dll.vir" file.
1/27/2008 1:23:47 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\mllmj.dll.vir" file.
1/27/2008 1:23:48 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\mllmk.dll.vir" file.
1/27/2008 1:23:48 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir" file.
1/27/2008 1:23:49 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhe.dll.vir" file.
1/27/2008 1:23:49 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\pmnli.dll.vir" file.
1/27/2008 1:23:49 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnl.dll.vir" file.
1/27/2008 1:23:50 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ssqro.dll.vir" file.
1/27/2008 1:23:50 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrp.dll.vir" file.
1/27/2008 1:23:54 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir" file.
1/27/2008 1:23:55 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\sstqr.dll.vir" file.
1/27/2008 1:23:56 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ssttr.dll.vir" file.
1/27/2008 1:23:56 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\ssttu.dll.vir" file.
1/27/2008 1:23:56 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqq.dll.vir" file.
1/27/2008 1:23:57 PM alex 1800 Sign of "Win32:TratBHO [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\vtutr.dll.vir" file.
1/27/2008 2:05:18 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awtqr.dll" file.
1/27/2008 2:21:03 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\awvvu.dll" file.
1/27/2008 2:21:05 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddaby.dll" file.
1/27/2008 2:21:06 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayv.dll" file.
1/27/2008 2:21:07 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddayx.dll" file.
1/27/2008 2:21:08 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccd.dll" file.
1/27/2008 2:21:09 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddccy.dll" file.
1/27/2008 2:21:10 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ddcyx.dll" file.
1/27/2008 2:21:11 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\gebcc.dll" file.
1/27/2008 2:21:12 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geebc.dll" file.
1/27/2008 2:21:12 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\geedc.dll" file.
1/27/2008 2:21:14 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkhhf.dll" file.
1/27/2008 2:21:15 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkji.dll" file.
1/27/2008 2:21:16 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkkjj.dll" file.
1/27/2008 2:21:17 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\jkklj.dll" file.
1/27/2008 2:21:17 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mljgg.dll" file.
1/27/2008 2:21:18 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmj.dll" file.
1/27/2008 2:21:19 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmk.dll" file.
1/27/2008 2:21:19 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\mllmn.dll" file.
1/27/2008 2:21:24 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmkhe.dll" file.
1/27/2008 2:21:26 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnli.dll" file.
1/27/2008 2:21:27 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\pmnnl.dll" file.
1/27/2008 2:21:28 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqro.dll" file.
1/27/2008 2:21:29 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssqrp.dll" file.
1/27/2008 2:21:30 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqn.dll" file.
1/27/2008 2:21:31 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\sstqr.dll" file.
1/27/2008 2:21:36 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttr.dll" file.
1/27/2008 2:21:38 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ssttu.dll" file.
1/27/2008 2:21:39 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtsqq.dll" file.
1/27/2008 2:21:39 PM alex 1816 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\vtutr.dll" file.
1/27/2008 7:47:10 PM alex 1816 Sign of "Win32:Inject-EV [Trj]" has been found in "C:\DOCUME~1\alex\LOCALS~1\Temp\pliytkxq28F8D24.dll" file.
1/27/2008 7:47:14 PM alex 1816 Sign of "Win32:Inject-EV [Trj]" has been found in "C:\DOCUME~1\alex\LOCALS~1\Temp\pliytkxq28F8D24.dll" file.
1/27/2008 7:47:22 PM alex 1816 Sign of "Win32:Inject-EV [Trj]" has been found in "C:\DOCUME~1\alex\LOCALS~1\Temp\pliytkxq28F8D24.dll" file.
1/27/2008 7:47:23 PM alex 1816 Sign of "Win32:Inject-EV [Trj]" has been found in "C:\DOCUME~1\alex\LOCALS~1\Temp\pliytkxq28F8D24.dll" file.
1/27/2008 8:41:35 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\A0006895.dll" file.
1/27/2008 8:44:44 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP83\A0006895.dll" file.
1/27/2008 8:44:49 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP84\A0006913.dll" file.
1/27/2008 8:44:50 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP84\A0006914.dll" file.
1/27/2008 8:44:51 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP86\A0006952.dll" file.
1/27/2008 8:45:07 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013449.dll" file.
1/27/2008 8:45:18 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013450.dll" file.
1/27/2008 8:45:19 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013451.dll" file.
1/27/2008 8:45:19 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013452.dll" file.
1/27/2008 8:45:20 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013453.dll" file.
1/27/2008 8:45:21 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013454.dll" file.
1/27/2008 8:45:21 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013455.dll" file.
1/27/2008 8:45:22 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013456.dll" file.
1/27/2008 8:45:22 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013457.dll" file.
1/27/2008 8:45:23 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013458.dll" file.
1/27/2008 8:45:23 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013459.dll" file.
1/27/2008 8:45:24 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013460.dll" file.
1/27/2008 8:45:24 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013461.dll" file.
1/27/2008 8:45:25 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013462.dll" file.
1/27/2008 8:45:25 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013463.dll" file.
1/27/2008 8:45:26 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013464.dll" file.
1/27/2008 8:45:26 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013465.dll" file.
1/27/2008 8:45:27 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013466.dll" file.
1/27/2008 8:45:27 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013467.dll" file.
1/27/2008 8:45:28 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013468.dll" file.
1/27/2008 8:45:28 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013469.dll" file.
1/27/2008 8:45:29 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013470.dll" file.
1/27/2008 8:45:29 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013471.dll" file.
1/27/2008 8:45:29 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013472.dll" file.
1/27/2008 8:45:30 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013473.dll" file.
1/27/2008 8:45:30 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013474.dll" file.
1/27/2008 8:45:31 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013475.dll" file.
1/27/2008 8:45:32 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013476.dll" file.
1/27/2008 8:45:32 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013477.dll" file.
1/27/2008 8:45:32 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013478.dll" file.
1/27/2008 8:45:33 PM alex 3220 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{5FF79685-F1AE-4FBE-9501-CBFCC579A69D}\RP93\A0013493.dll" file.
  • 0

#8
Rorschach112
Posted 27 January 2008 - 10:10 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Strange

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Under Files Created Within and Files Modified Within change it to 90 days
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#9
dired
Posted 28 January 2008 - 06:01 AM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
[code=auto:0]WinPFind35 logfile created on: 1/28/2008 6:56:46 AM
WinPFind35U Version Beta39 Folder = C:\Documents and Settings\alex\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 17.48 Gb Free Space | 6.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.04 Gb Total Space | 14.97 Gb Free Space | 99.58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded

Computer Name: AP-1578028F8D24
Current User Name: alex
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
nsctop.exe -> %ProgramFiles%\Symantec\Symantec System Center\NscTop.exe -> Symantec Corporation [Ver = 10.1.5.5002 | Size = 939200 bytes | Modified Date = 11/16/2006 4:54:32 PM | Attr = ]
ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.54 | Size = 131072 bytes | Modified Date = 9/4/2007 7:25:44 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
reportersvc.exe -> %CommonProgramFiles%\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -> Symantec Corporation [Ver = 1.0.207.0 | Size = 1324808 bytes | Modified Date = 9/27/2006 2:17:54 PM | Attr = ]
nmsrvc.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 10/1/2007 8:08:18 PM | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ]
nmctxth.exe -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 10/1/2007 8:08:18 PM | Attr = ]
nmapp.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.5.7228.0 | Size = 451896 bytes | Modified Date = 10/29/2007 10:04:44 PM | Attr = ]
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 167368 bytes | Modified Date = 12/6/2007 7:06:29 AM | Attr = ]
pg2.exe -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 6:40:42 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox 3 Beta 2\firefox.exe -> Mozilla Corporation [Ver = 1.9b2 | Size = 89600 bytes | Modified Date = 12/12/2007 4:09:56 AM | Attr = ]
mirc.exe -> %ProgramFiles%\mIRC\mirc.exe -> mIRC Co. Ltd. [Ver = 6.17 | Size = 2023424 bytes | Modified Date = 12/10/2007 10:54:22 PM | Attr = ]
pidgin.exe -> %ProgramFiles%\Pidgin\pidgin.exe -> The Pidgin developer community [Ver = 2.3.1 | Size = 44658 bytes | Modified Date = 12/7/2007 1:53:28 PM | Attr = ]
azureus.exe -> %ProgramFiles%\Azureus\Azureus.exe -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 12/3/2007 7:28:42 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 1/28/2008 12:03:42 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/26/2007 10:34:47 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 6:56:50 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 10/29/2007 10:03:06 PM | Attr = ]
(nmservice) Pure Networks Platform Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 10/1/2007 8:08:18 PM | Attr = ]
(NSCTOP) Symantec System Center Discovery Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Symantec System Center\NscTop.exe -> Symantec Corporation [Ver = 10.1.5.5002 | Size = 939200 bytes | Modified Date = 11/16/2006 4:54:32 PM | Attr = ]
(nTuneService) nTune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.54 | Size = 131072 bytes | Modified Date = 9/4/2007 7:25:44 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
(Reporting) Reporting Agents [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe -> Symantec Corporation [Ver = 1.0.207.0 | Size = 1324808 bytes | Modified Date = 9/27/2006 2:17:54 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
nmapp -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.5.7228.0 | Size = 451896 bytes | Modified Date = 10/29/2007 10:04:44 PM | Attr = ]
nmctxth -> %CommonProgramFiles%\Pure Networks Shared\Platform\nmctxth.exe -> Pure Networks, Inc. [Ver = 4.5.7274.0 | Size = 451896 bytes | Modified Date = 10/1/2007 8:08:18 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 167368 bytes | Modified Date = 12/6/2007 7:06:29 AM | Attr = ]
NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe -> NVIDIA [Ver = 5.05.54 | Size = 81920 bytes | Modified Date = 9/4/2007 7:25:38 PM | Attr = ]
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 6:40:42 PM | Attr = ]
< alex Startup Folder > -> C:\Documents and Settings\alex\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.daemonsearch.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4139 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4138 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{044E7349-2BE5-439C-9C93-9662038F02F7} -> (3Com 3C905TX-based Ethernet Adapter (Generic)) ->
{213445BA-F902-4839-990D-F34554CD4656} -> (1394 Net Adapter) ->
{D81CAD7A-3724-431A-909F-98B450D6D4BD} -> (1394 Net Adapter) ->
{DD941EEE-E7E6-43C3-8396-FCD85FA334B0} -> (Intel(R) 82566DC-2 Gigabit Network Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Pure Networks Shared\Platform\puresp3.dll[CPureGoProtoInfo Object] -> Pure Networks, Inc. [Ver = 4.5.7324.0 | Size = 140600 bytes | Modified Date = 11/20/2007 2:18:32 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^alex^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
AdVantage hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AdVantage\AdVantage.exe -> File not found
Comrade.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\GameSpy\Comrade\Comrade.exe -> File not found
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]


[Files/Folders - Created Within 90 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 10:36:49 PM | Attr = ]
Backup -> %SystemDrive%\Backup -> [Folder | Created Date = 12/14/2007 10:58:33 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 12/10/2007 5:17:26 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 10:36:49 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/27/2008 7:33:43 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 12/10/2007 5:17:59 PM | Attr = ]
Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 12/10/2007 11:11:17 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 10:36:49 PM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 12/10/2007 10:36:49 PM | Attr = RHS]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 12/23/2007 11:26:53 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 12/10/2007 5:19:00 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 12/12/2007 11:26:50 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 12/10/2007 5:17:59 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 12/10/2007 5:14:17 PM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 12/10/2007 10:37:23 PM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 12/10/2007 10:37:23 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 12/10/2007 10:37:28 PM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 12/10/2007 10:37:30 PM | Attr = ]
c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 12/10/2007 10:37:23 PM | Attr = ]
c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 12/10/2007 10:37:23 PM | Attr = ]
c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_10006.nls -> %System32%\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:55 PM | Attr = ]
c_10007.nls -> %System32%\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:56 PM | Attr = ]
c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_10010.nls -> %System32%\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:53 PM | Attr = ]
c_10017.nls -> %System32%\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:56 PM | Attr = ]
c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_10029.nls -> %System32%\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:53 PM | Attr = ]
c_10081.nls -> %System32%\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:58 PM | Attr = ]
c_10082.nls -> %System32%\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:53 PM | Attr = ]
c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:24 PM | Attr = ]
c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:25 PM | Attr = ]
c_20127.nls -> %System32%\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:51 PM | Attr = ]
c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:26 PM | Attr = ]
c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_28594.nls -> %System32%\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:54 PM | Attr = ]
c_28595.nls -> %System32%\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:56 PM | Attr = ]
c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_28597.nls -> %System32%\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:55 PM | Attr = ]
c_28599.nls -> %System32%\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:58 PM | Attr = ]
c_28603.nls -> %System32%\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:59 PM | Attr = ]
c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_737.nls -> %System32%\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:55 PM | Attr = ]
c_852.nls -> %System32%\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:53 PM | Attr = ]
c_855.nls -> %System32%\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:54 PM | Attr = ]
c_857.nls -> %System32%\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:58 PM | Attr = ]
c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_866.nls -> %System32%\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:54 PM | Attr = ]
c_869.nls -> %System32%\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/10/2007 5:18:55 PM | Attr = ]
c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 10:37:27 PM | Attr = ]
c_875.nls -> %System32%\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/10/2007 5:18:55 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 12/10/2007 5:18:51 PM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 12/10/2007 5:18:51 PM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 12/10/2007 5:18:51 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 12/10/2007 10:37:34 PM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 12/10/2007 10:37:35 PM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 12/10/2007 10:37:35 PM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 12/10/2007 10:37:36 PM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 12/10/2007 10:37:39 PM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 12/10/2007 10:33:26 PM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 12/10/2007 10:37:42 PM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 12/10/2007 10:37:49 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 12/10/2007 10:37:50 PM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 12/10/2007 10:37:51 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 12/10/2007 10:34:43 PM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 12/10/2007 10:37:56 PM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 12/10/2007 10:37:56 PM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 12/10/2007 5:19:00 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 12/10/2007 10:34:53 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 12/10/2007 10:34:45 PM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
msn7.cat -> %System32%\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
msn9.cat -> %System32%\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
netfx.cat -> %System32%\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 12/10/2007 10:35:28 PM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 7435392 bytes | Created Date = 11/6/2007 8:30:00 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 12/10/2007 10:33:07 PM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 12/10/2007 10:38:05 PM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 10:38:06 PM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/10/2007 10:38:06 PM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 12/10/2007 5:19:00 PM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 12/10/2007 10:38:09 PM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 10:38:09 PM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/10/2007 10:38:09 PM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 12/10/2007 5:19:01 PM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 12/10/2007 5:19:01 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/10/2007 5:18:51 PM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 12/10/2007 10:35:02 PM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 12/10/2007 5:18:33 PM | Attr = ]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 12/10/2007 5:18:32 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 12/10/2007 10:38:25 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 12/10/2007 10:46:14 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 12/10/2007 10:46:13 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 12/10/2007 10:46:13 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 12/10/2007 10:46:15 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 12/10/2007 10:46:15 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 12/13/2007 10:43:00 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 12/13/2007 10:43:00 PM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 12/10/2007 5:14:17 PM | Attr = ]
el90xnd5.sys -> %System32%\drivers\el90xnd5.sys -> 3Com Corporation [Ver = 3.60.50.008 | Size = 153631 bytes | Created Date = 12/10/2007 5:20:52 PM | Attr = ]
Entech.sys -> %System32%\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 27672 bytes | Created Date = 12/23/2007 2:11:24 AM | Attr = ]
Entech.vxd -> %System32%\drivers\Entech.vxd -> [Ver = | Size = 6173 bytes | Created Date = 12/23/2007 2:11:24 AM | Attr = ]
Entech64.sys -> %System32%\drivers\Entech64.sys -> EnTech Taiwan [Ver = 1.0 | Size = 12744 bytes | Created Date = 12/23/2007 2:11:24 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 12/10/2007 5:14:17 PM | Attr = ]
hosts.20071221-211305.backup -> %System32%\drivers\etc\hosts.20071221-211305.backup -> [Ver = | Size = 734 bytes | Created Date = 12/21/2007 9:13:05 PM | Attr = ]
hosts.20071221-211319.backup -> %System32%\drivers\etc\hosts.20071221-211319.backup -> [Ver = | Size = 221589 bytes | Created Date = 12/21/2007 9:13:19 PM | Attr = R ]
imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 5504 bytes | Created Date = 12/13/2007 9:52:23 PM | Attr = ]
imagesrv.sys -> %System32%\drivers\imagesrv.sys -> Ahead Software AG [Ver = 2.27.0.0 built by: WinDDK | Size = 125184 bytes | Created Date = 12/13/2007 9:52:23 PM | Attr = ]
lgusbbus.sys -> %System32%\drivers\lgusbbus.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 21344 bytes | Created Date = 1/16/2008 5:41:14 PM | Attr = ]
lgusbdiag.sys -> %System32%\drivers\lgusbdiag.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 38144 bytes | Created Date = 1/16/2008 5:41:14 PM | Attr = ]
lgusbmodem.sys -> %System32%\drivers\lgusbmodem.sys -> LG Electronics Inc. [Ver = Ver 4.6 | Size = 39036 bytes | Created Date = 1/16/2008 5:41:15 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 7435392 bytes | Created Date = 11/6/2007 8:30:00 PM | Attr = ]
PciBus.sys -> %System32%\drive
  • 0

#10
Rorschach112
Posted 28 January 2008 - 07:37 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the report instead of posting it please as it is too long
  • 0

Advertisements

#11
dired
Posted 28 January 2008 - 03:46 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Can you attach the report instead of posting it please as it is too long


sure
  • 0

#12
dired
Posted 28 January 2008 - 03:48 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Can you attach the report instead of posting it please as it is too long


sure

Attached Files


  • 0

#13
dired
Posted 28 January 2008 - 11:28 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Rorschach112 any ideas?
  • 0

#14
Rorschach112
Posted 29 January 2008 - 08:18 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AdVantage hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AdVantage\AdVantage.exe
YN -> Comrade.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\GameSpy\Comrade\Comrade.exe
[Files/Folders - Created Within 90 days]
YN -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 1028 -> %System32%\1028
YY -> 1031 -> %System32%\1031
YY -> 1033 -> %System32%\1033
YY -> 1037 -> %System32%\1037
YY -> 1041 -> %System32%\1041
YY -> 1042 -> %System32%\1042
YY -> 1054 -> %System32%\1054
YY -> 2052 -> %System32%\2052
YY -> 3076 -> %System32%\3076
YN -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
YN -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YN -> 10 C:\Documents and Settings\alex\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\alex\Local Settings\Temp\*.tmp
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.



Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#15
dired
Posted 29 January 2008 - 03:56 PM

dired

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AdVantage hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AdVantage\AdVantage.exe
YN -> Comrade.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\GameSpy\Comrade\Comrade.exe
[Files/Folders - Created Within 90 days]
YN -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 1028 -> %System32%\1028
YY -> 1031 -> %System32%\1031
YY -> 1033 -> %System32%\1033
YY -> 1037 -> %System32%\1037
YY -> 1041 -> %System32%\1041
YY -> 1042 -> %System32%\1042
YY -> 1054 -> %System32%\1054
YY -> 2052 -> %System32%\2052
YY -> 3076 -> %System32%\3076
YN -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
YN -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YN -> 10 C:\Documents and Settings\alex\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\alex\Local Settings\Temp\*.tmp
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.



Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


WinPFind35U asks me to reboot to complete the process. No log window opens up upon completion without reboot.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP