Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Figure Out What Virus


  • Please log in to reply
5 replies to this topic

#1 mirellia

mirellia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 January 2007 - 08:45 PM

Hi, i have no idea how to use this file, but my comp have this msabc.exe folder and it lags my comp and uses 99% of cpu usauge whenever i use internet explorer. Beside that, i think my comp is infected with trojan. Can anyone of u help me check if there is anything wrong with my comp? thanks alot! :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 10:40:45 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\ntsutil.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Republic Poly\UTClient\UTAgent.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\61146\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp2.myrp.edu.sg/default.aspx
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\nijka.exe
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MsnSearchPo Class - {3D5A5EBE-0690-444B-8CA7-5B9036887F1C} - C:\Program Files\Common Files\System\msadc\msadpup.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BHOObject Class - {C2476E25-E64F-47DE-B306-68322E057286} - C:\Program Files\NetMeeting\mscom.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\Common~1\System\direct.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UTAgent 3.0.lnk = C:\Program Files\Republic Poly\UTClient\UTAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?d16c85e5effe4a308fa3a5a9835b915d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?d16c85e5effe4a308fa3a5a9835b915d
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\61146\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140428259073
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus2.rp.edu.sg/webinst.cab
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D74A20E-D242-4406-BFCC-66E5A7C1CBEF}: NameServer = 165.21.83.88 165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:46 PM

Posted 13 January 2007 - 10:32 AM

Hello mirellia and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mirellia

mirellia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 17 January 2007 - 08:10 PM

Thanks alot! :thumbsup:


WinPFind3 logfile created on: 1/18/2007 8:56:42 AM
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\61146\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1047980 Kb Total Physical Memory | 557300 Kb Available Physical Memory | 53.18% Memory free
2519324 Kb Paging File | 2081696 Kb Available in Paging File | 82.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49287416 Kb Total Space | 10072548 Kb Free Space | 20.44% Space Free
Drive D: | 20972856 Kb Total Space | 1862176 Kb Free Space | 8.88% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51.4 2.1.51.4 04/15/2005 11:45:07 | Size = 88202 bytes | Modified Date = 4/15/2005 11:45:10 AM | Attr = ]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Broadcom Corporation [Ver = 3.100.46.0 | Size = 827499 bytes | Modified Date = 12/22/2004 2:32:46 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.2304 | Size = 577597 bytes | Modified Date = 8/16/2005 2:06:22 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2304 | Size = 258103 bytes | Modified Date = 8/16/2005 2:00:14 PM | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 9/17/2006 11:40:38 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 9:01:00 AM | Attr = ]
epm-dm.exe -> %SystemDrive%\Acer\ePM\EPM-DM.exe -> Acer Inc [Ver = 2.60 | Size = 188416 bytes | Modified Date = 4/21/2005 10:13:22 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
lmanager.exe -> %ProgramFiles%\Launch Manager\LManager.exe -> Dritek System Inc. [Ver = 1, 0, 9, 828 | Size = 483328 bytes | Modified Date = 4/28/2005 10:51:52 AM | Attr = ]
monitor.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 3, 7, 6 | Size = 397312 bytes | Modified Date = 11/16/2005 5:00:50 PM | Attr = ]
notifyphonebook.exe -> %System32%\NotifyPhoneBook.exe -> [Ver = | Size = 81920 bytes | Modified Date = 5/8/2002 10:58:04 AM | Attr = ]
ntsutil.exe -> %System32%\ntsutil.exe -> [Ver = | Size = 19968 bytes | Modified Date = 12/29/2006 3:37:22 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7271 | Size = 127042 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 8:24:46 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 12:31:32 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 9/28/2006 1:30:08 PM | Attr = ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5.1.0.33 | Size = 77824 bytes | Modified Date = 12/1/2004 3:54:22 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.13 07Jan05 | Size = 692315 bytes | Modified Date = 1/8/2005 8:16:04 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.13 07Jan05 | Size = 102491 bytes | Modified Date = 1/8/2005 8:17:16 AM | Attr = ]
utagent.exe -> %ProgramFiles%\Republic Poly\UTClient\UTAgent.exe -> Republic Polytechnic [Ver = 1.0.0.0 | Size = 479232 bytes | Modified Date = 10/11/2006 3:33:12 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 1/12/2007 4:20:26 PM | Attr = ]
wltray.exe -> %System32%\WLTRAY.EXE -> Broadcom Corporation [Ver = 3.100.46.0 | Size = 647272 bytes | Modified Date = 12/22/2004 2:32:46 AM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 65536 bytes | Modified Date = 12/22/2004 2:32:48 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 7/12/2006 3:22:40 PM | Attr = ]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.6.9 | Size = 1273344 bytes | Modified Date = 6/6/2005 7:08:58 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2304 | Size = 258103 bytes | Modified Date = 8/16/2005 2:00:14 PM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 9/17/2006 11:40:38 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 9:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 8/10/2006 5:51:48 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7271 | Size = 127042 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %System32%\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51.4 2.1.51.4 04/15/2005 11:45:07 | Size = 88202 bytes | Modified Date = 4/15/2005 11:45:10 AM | Attr = ]
AME_CSA -> %System32%\AmeCSA.cpl -> Alcatel Microelectronics [Ver = 3, 0, 0, 9 | Size = 757760 bytes | Modified Date = 1/30/2003 10:56:10 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Broadcom Corporation [Ver = 3.100.46.0 | Size = 647272 bytes | Modified Date = 12/22/2004 2:32:46 AM | Attr = ]
EPM-DM -> %SystemDrive%\Acer\ePM\EPM-DM.exe -> Acer Inc [Ver = 2.60 | Size = 188416 bytes | Modified Date = 4/21/2005 10:13:22 AM | Attr = ]
ePowerManagement -> %SystemDrive%\Acer\ePM\ePM.exe -> Acer Value Labs, Taiwan [Ver = 1.5.6.0 | Size = 2893824 bytes | Modified Date = 3/15/2005 10:03:06 AM | Attr = ]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 3, 7, 6 | Size = 397312 bytes | Modified Date = 11/16/2005 5:00:50 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm.exe -> File not found
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
LManager -> %ProgramFiles%\Launch Manager\LManager.exe -> Dritek System Inc. [Ver = 1, 0, 9, 828 | Size = 483328 bytes | Modified Date = 4/28/2005 10:51:52 AM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
ntiMUI -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe -> [Ver = | Size = 45056 bytes | Modified Date = 5/11/2005 6:15:08 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7271 | Size = 5566464 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7271 | Size = 86016 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10038 | Size = 1495040 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 12:31:32 PM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 8:24:46 PM | Attr = ]
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5.1.0.33 | Size = 77824 bytes | Modified Date = 12/1/2004 3:54:22 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.13 07Jan05 | Size = 692315 bytes | Modified Date = 1/8/2005 8:16:04 AM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.13 07Jan05 | Size = 102491 bytes | Modified Date = 1/8/2005 8:17:16 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 9/28/2006 1:30:08 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/24/2005 2:05:26 PM | Attr = ]
%AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.2304 | Size = 577597 bytes | Modified Date = 8/16/2005 2:06:22 PM | Attr = ]
%AllUsersStartup%\Post-itŪ Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 6/2/2004 1:04:58 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\61146\Start Menu\Programs\Startup
%UserStartup%\UTAgent 3.0.lnk -> %ProgramFiles%\Republic Poly\UTClient\UTAgent.exe -> Republic Polytechnic [Ver = 1.0.0.0 | Size = 479232 bytes | Modified Date = 10/11/2006 3:33:12 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
RavAV -> %SystemRoot%\RavMonE.exe -> File not found
start -> %CommonProgramFiles%\System\msadc\msabc.exe -> [Ver = | Size = 305210 bytes | Modified Date = 1/12/2007 5:04:58 PM | Attr = ]
WDSHOOK -> %SystemDrive%\WINNT\XXXStarter.exe -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Documents -> -> File not found
and -> -> File not found
Settings\All -> -> File not found
Users\Application -> -> File not found
Data\Microsoft\Crypto\nijka.exe -> Data\Microsoft\Crypto\nijka.exe -> File not found
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\hx-1 -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
65.54.239.80 dp.msnmessenger.akadns.net -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://myrp2.myrp.edu.sg/default.aspx ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/24/2005 12:12:08 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{999ADFA2-8AD1-47ff-97FC-69FB847458F4} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{C2476E25-E64F-47DE-B306-68322E057286} [HKLM] -> %ProgramFiles%\NetMeeting\mscom.dll [BHOObject Class] -> TODO: <???> [Ver = 1.0.0.1 | Size = 217088 bytes | Modified Date = 1/10/2007 5:02:46 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{0062C9BD-B349-40DE-91A0-755F37ACD559} -> 8200 - Reg Data - Value does not exist ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8197 - Sun Java Console ->
{685ec120-f786-4498-a8f0-794d47916161} -> 8192 - @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8202 - Uninstall BitDefender Online Scanner v8 ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> 8194 - Reg Data - Value does not exist ->
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} -> 8199 - Reg Data - Key not found ->
{aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -> 8195 - @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 ->
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} -> 8201 - Reg Data - Key not found ->
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> 8196 - @btrez.dll,-4017 ->
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> 8198 - Reg Data - Value does not exist ->
NextId -> 8203 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{9455301C-CF6B-11D3-A266-00C04F689C50} -> Reg Data - Value does not exist [ButtonText: Researcher] -> File not found
{aede78a6-42b6-4c3c-96eb-5ae6dbec4859} -> Reg Data - Value does not exist [ButtonText: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 1:53:08 PM | Attr = ]
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\61146\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&MSN Search -> %ProgramFiles%\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll\search.htm -> File not found
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Open in new background tab -> -> File not found
Open in new foreground tab -> -> File not found
Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 1:53:12 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} [HKLM] -> %System32%\Epm-Po.dll [EPM-PO Shell Extension] -> Acer Labs USA [Ver = 0.01 | Size = 221258 bytes | Modified Date = 9/1/2004 11:57:00 PM | Attr = ]
{6af09ec9-b429-11d4-a1fb-0090960218cb} [HKLM] -> %System32%\btneighborhood.dll [My Bluetooth Places] -> Broadcom Corporation. [Ver = 4.0.1.2304 | Size = 1019981 bytes | Modified Date = 8/16/2005 2:02:28 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2453 | Size = 54736 bytes | Modified Date = 9/28/2006 1:30:12 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> NVIDIA Corporation [Ver = 6.14.10.10038 | Size = 466944 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.7271 | Size = 5566464 bytes | Modified Date = 3/25/2005 12:22:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 12/2/2006 1:52:10 PM | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{03D6E118-6CB1-481A-848C-6AA6ECE659E4} -> (Broadcom 440x 10/100 Integrated Controller) ->
{07F89793-CA9D-454B-A693-9B21C71E397E} -> () ->
{26B967E3-F8C2-477F-8E51-260C3F14E02A} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{5F3D0CC4-CBD2-49CB-BAB8-7111101B1095} -> (1394 Net Adapter) ->
{AA408EE9-0CF8-4551-876F-4C3033A00830} -> (1394 Net Adapter) ->
{AEC395C3-25CF-441F-BD51-42898B6057DD} -> (Intel® PRO/Wireless 2915ABG Network Connection) ->
{BA097DD8-ED65-47AA-826F-99DA03F1FCA9} -> (DSL500U ADSL USB Modem (Native ATM Mode)) ->
{D108C222-6DE4-47E8-933E-18DE3BDDD627} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/vnd-viewer -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shock...director/sw.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->
{55027008-315F-4F45-BBC3-8BE119764741} -> Slide Image Uploader Control - CodeBase = http://www.slide.com/uploader/SlideImageUploader.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->
{6BEA1C48-1850-486C-8F58-C7354BA3165E} -> Install Class - CodeBase = http://updates.lifescapeinc.com/installers...ll/pinstall.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1140428259073 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab ->
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -> - CodeBase = http://www.trendmicro.com/spyware-scan/as4web.cab ->
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> TricksterActiveX Control - CodeBase = http://www.tricksteronline.com/control/tricksterActiveX.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} -> WebBasedClientInstall Class - CodeBase = http://antivirus2.rp.edu.sg/webinst.cab ->
{F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} -> chkInstallation.checkSoftware - CodeBase = http://projector.rp.edu.sg/WPGClientCheck.CAB ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab ->


[Files - Created Wihin 30 days]
Flash.dll -> %CommonProgramFiles%\System\msadc\Flash.dll -> TODO: <???> [Ver = 1.0.0.1 | Size = 372736 bytes | Created Date = 1/3/2007 8:14:24 AM | Attr = ]
HFliter.dll -> %CommonProgramFiles%\System\msadc\HFliter.dll -> TODO: <???> [Ver = 1.0.0.1 | Size = 372736 bytes | Created Date = 1/3/2007 8:14:26 AM | Attr = ]
msabc.exe -> %CommonProgramFiles%\System\msadc\msabc.exe -> [Ver = | Size = 305210 bytes | Created Date = 1/3/2007 8:14:27 AM | Attr = ]
nru.dll -> %CommonProgramFiles%\System\msadc\nru.dll -> [Ver = | Size = 5954 bytes | Created Date = 1/3/2007 8:14:25 AM | Attr = ]
Guid.Conf -> %System32%\Guid.Conf -> [Ver = | Size = 87 bytes | Created Date = 1/3/2007 1:02:24 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 1/9/2007 9:20:52 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 1/9/2007 9:20:52 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 1/9/2007 9:20:52 AM | Attr = ]
jsdemo.dll -> %System32%\jsdemo.dll -> [Ver = | Size = 35328 bytes | Created Date = 1/3/2007 1:02:24 PM | Attr = ]
ntsutil.exe -> %System32%\ntsutil.exe -> [Ver = | Size = 19968 bytes | Created Date = 1/3/2007 1:02:24 PM | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/11/2007 2:09:02 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073201152 bytes | Modified Date = 1/18/2007 8:16:00 AM | Attr = HS]
mdm.exe.config -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\mdm.exe.config -> [Ver = | Size = 0 bytes | Modified Date = 1/18/2007 8:16:28 AM | Attr = ]
Flash.dll -> %CommonProgramFiles%\System\msadc\Flash.dll -> TODO: <???> [Ver = 1.0.0.1 | Size = 372736 bytes | Modified Date = 1/3/2007 8:14:26 AM | Attr = ]
HFliter.dll -> %CommonProgramFiles%\System\msadc\HFliter.dll -> TODO: <???> [Ver = 1.0.0.1 | Size = 372736 bytes | Modified Date = 1/12/2007 5:04:44 PM | Attr = ]
msabc.exe -> %CommonProgramFiles%\System\msadc\msabc.exe -> [Ver = | Size = 305210 bytes | Modified Date = 1/12/2007 5:04:58 PM | Attr = ]
nru.dll -> %CommonProgramFiles%\System\msadc\nru.dll -> [Ver = | Size = 5954 bytes | Modified Date = 1/11/2007 2:15:44 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/18/2007 8:16:10 AM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 449 bytes | Modified Date = 1/9/2007 10:31:00 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/17/2007 8:39:20 PM | Attr = H ]
SMSCFG.ini -> %SystemRoot%\SMSCFG.ini -> [Ver = | Size = 515 bytes | Modified Date = 1/18/2007 8:17:54 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/11/2007 2:09:02 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 712 bytes | Modified Date = 1/11/2007 2:09:02 PM | Attr = ]
eRLog.ini -> %System32%\eRLog.ini -> [Ver = | Size = 449 bytes | Modified Date = 1/18/2007 8:18:22 AM | Attr = ]
Guid.Conf -> %System32%\Guid.Conf -> [Ver = | Size = 87 bytes | Modified Date = 1/3/2007 1:02:26 PM | Attr = ]
jsdemo.dll -> %System32%\jsdemo.dll -> [Ver = | Size = 35328 bytes | Modified Date = 12/25/2006 5:20:28 PM | Attr = ]
ntsutil.exe -> %System32%\ntsutil.exe -> [Ver = | Size = 19968 bytes | Modified Date = 12/29/2006 3:37:22 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 21917 bytes | Modified Date = 1/18/2007 8:17:06 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 98634 bytes | Modified Date = 1/10/2007 1:20:48 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 501682 bytes | Modified Date = 1/10/2007 1:20:48 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 608662 bytes | Modified Date = 1/10/2007 1:20:48 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/18/2007 8:16:50 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 1/11/2007 10:20:44 AM | Attr = ]
diskud.sys -> %System32%\drivers\diskud.sys -> [Ver = | Size = 88 bytes | Modified Date = 1/12/2007 5:05:04 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %CommonProgramFiles%\Business Objects\2.7\Bin\undomanager.dll -> Business Objects [Ver = 10.2.0.1093 | Size = 175224 bytes | Modified Date = 9/23/2005 7:56:40 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 11/10/2005 1:38:40 PM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 1/12/1999 11:29:28 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 9/28/2006 1:30:26 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 131, 0 | Size = 583696 bytes | Modified Date = 9/28/2006 1:30:24 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 9/28/2006 1:30:08 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe -> RealNetworks, Inc. [Ver = 7.0.0.3070 | Size = 58800 bytes | Modified Date = 9/28/2006 1:30:08 PM | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 11/22/2002 1:27:36 AM | Attr = ]
aspack , -> %SystemRoot%\TravelMate Series.scr -> [Ver = | Size = 187392 bytes | Modified Date = 6/10/2004 5:17:12 PM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.37 | Size = 16166912 bytes | Modified Date = 12/1/2004 3:53:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 10/3/2006 3:04:40 AM | Attr = ]
UPX! , UPX0 , -> %System32%\jsdemo.dll -> [Ver = | Size = 35328 bytes | Modified Date = 12/25/2006 5:20:28 PM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 9/28/2006 1:30:20 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.103.0 | Size = 516656 bytes | Modified Date = 2/2/2003 12:01:34 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedSco.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.104.0 | Size = 266952 bytes | Modified Date = 5/19/2003 11:37:20 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 12/2/2006 1:52:12 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:46 PM

Posted 17 January 2007 - 10:19 PM

Hi mirellia. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> ntsutil.exe -> %System32%\ntsutil.exe
[Registry - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> RavAV -> %SystemRoot%\RavMonE.exe
YY -> WDSHOOK -> %SystemDrive%\WINNT\XXXStarter.exe
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
YN -> C:\Documents ->
YN -> and ->
YN -> Settings\All ->
YN -> Users\Application ->
YN -> Data\Microsoft\Crypto\nijka.exe -> Data\Microsoft\Crypto\nijka.exe
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\hx-1 -> 1
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {999ADFA2-8AD1-47ff-97FC-69FB847458F4} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> {C2476E25-E64F-47DE-B306-68322E057286} [HKLM] -> %ProgramFiles%\NetMeeting\mscom.dll [BHOObject Class]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
YN -> [HKLM] -> Reg Data - Key not found []
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
YY -> {d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\61146\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU]
[Files - Created Wihin 30 days]
NY -> Flash.dll -> %CommonProgramFiles%\System\msadc\Flash.dll
NY -> HFliter.dll -> %CommonProgramFiles%\System\msadc\HFliter.dll
NY -> msabc.exe -> %CommonProgramFiles%\System\msadc\msabc.exe
NY -> nru.dll -> %CommonProgramFiles%\System\msadc\nru.dll
NY -> Guid.Conf -> %System32%\Guid.Conf
NY -> jsdemo.dll -> %System32%\jsdemo.dll
NY -> ntsutil.exe -> %System32%\ntsutil.exe
[Files - Modified Wihin 30 days]
NY -> Flash.dll -> %CommonProgramFiles%\System\msadc\Flash.dll
NY -> HFliter.dll -> %CommonProgramFiles%\System\msadc\HFliter.dll
NY -> msabc.exe -> %CommonProgramFiles%\System\msadc\msabc.exe
NY -> nru.dll -> %CommonProgramFiles%\System\msadc\nru.dll
NY -> Guid.Conf -> %System32%\Guid.Conf
NY -> diskud.sys -> %System32%\drivers\diskud.sys
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\jsdemo.dll
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 mirellia

mirellia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 18 January 2007 - 06:20 AM

er if i reformat my comp, do u think it will recover from whatever my comp was infected with?

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:46 PM

Posted 18 January 2007 - 04:11 PM

Well, reformatting is the ultimate fix. It completely wipes EVERYTHING off from the hard drive and starts with a fresh system. Just make sure you have all of the drivers for your hardware before you do it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users