Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • Please log in to reply
4 replies to this topic

#1 Learner87

Learner87

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 27 May 2007 - 05:35 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:28:59 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RVHOST.exe
C:\Documents and Settings\user\My Documents\Fix\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Posted Image

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:41 AM

Posted 27 May 2007 - 01:01 PM

Hello Learner87 and welcome to the BC HijackThis forum. Yes, you do seem to be infected. Let's use a different scanner and see what else is in there.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 29 May 2007 - 01:07 AM

WinPFind3 logfile created on: 5/29/2007 1:50:43 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\user\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.11 Mb Total Physical Memory | 274.50 Mb Available Physical Memory | 53.81% Memory free
1.44 Gb Paging File | 1.01 Gb Available in Paging File | 69.84% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 19.18 Gb Free Space | 39.29% Space Free
Drive D: | 25.69 Gb Total Space | 4.46 Gb Free Space | 17.38% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ME
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/18/2006 8:08:02 PM | Attr = ]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.1.4 | Size = 1286144 bytes | Modified Date = 7/5/2004 5:51:04 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/7/2007 5:16:20 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/26/2006 7:47:20 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1200 | Size = 266295 bytes | Modified Date = 12/2/2005 2:22:04 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
hotkeyapp.exe -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 4 | Size = 69632 bytes | Modified Date = 1/10/2006 6:06:56 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
launchap.exe -> %ProgramFiles%\Launch Manager\LaunchAp.exe -> [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr = ]
launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 6/15/2006 12:36:18 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr = ]
nclbthandler.exe -> %CommonProgramFiles%\PCSuite\Services\NclBTHandler.exe -> Nokia [Ver = 6, 81, 3, 0 | Size = 77824 bytes | Modified Date = 6/15/2006 11:23:02 AM | Attr = ]
osdctrl.exe -> %ProgramFiles%\Launch Manager\OSDCtrl.exe -> [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr = ]
powerkey.exe -> %ProgramFiles%\Launch Manager\Powerkey.exe -> [Ver = 1, 4, 4, 0 | Size = 94208 bytes | Modified Date = 8/30/2002 3:02:48 PM | Attr = ]
raysat_3dsmax8server.exe -> %ProgramFiles%\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/21/2005 2:13:44 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/13/2006 2:19:54 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.7.3 | Size = 16248320 bytes | Modified Date = 6/28/2006 2:54:52 PM | Attr = ]
rtkbtmnt.exe -> %LocalSettings%\Temp\RtkBtMnt.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.5 | Size = 507904 bytes | Modified Date = 1/15/2007 4:16:00 AM | Attr = ]
rvhost.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
rvhost.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
servicelayer.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 6/5/2006 1:59:18 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 11:32:58 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
wbutton.exe -> %ProgramFiles%\Launch Manager\WButton.exe -> [Ver = 1, 0, 6, 9 | Size = 81920 bytes | Modified Date = 11/8/2005 10:19:28 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/20/2006 11:09:20 AM | Attr = ]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.1.4 | Size = 1286144 bytes | Modified Date = 7/5/2004 5:51:04 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 9/15/2004 9:10:00 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/18/2006 8:08:02 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/26/2006 7:47:20 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1200 | Size = 266295 bytes | Modified Date = 12/2/2005 2:22:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr = ]
(mi-raysat_3dsmax8) RaySat_3dsmax8 Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/21/2005 2:13:44 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 6/5/2006 1:59:18 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/7/2007 5:16:20 AM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
AtiPTA -> %System32%\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Modified Date = 2/22/2006 9:05:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
AzMixerSel -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 12 | Size = 53248 bytes | Modified Date = 1/25/2006 6:45:50 PM | Attr = ]
CtrlVol -> %ProgramFiles%\Launch Manager\CtrlVol.exe -> Wistron [Ver = 1, 0, 0, 7 | Size = 20480 bytes | Modified Date = 9/16/2003 2:28:26 PM | Attr = ]
KernelFaultCheck -> -> File not found
LaunchAp -> %ProgramFiles%\Launch Manager\LaunchAp.exe -> [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr = ]
LManager -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 4 | Size = 69632 bytes | Modified Date = 1/10/2006 6:06:56 PM | Attr = ]
LMgrOSD -> %ProgramFiles%\Launch Manager\OSDCtrl.exe -> [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 6/15/2006 12:36:18 PM | Attr = ]
PowerKey -> %ProgramFiles%\Launch Manager\Powerkey.exe -> [Ver = 1, 4, 4, 0 | Size = 94208 bytes | Modified Date = 8/30/2002 3:02:48 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.7.3 | Size = 16248320 bytes | Modified Date = 6/28/2006 2:54:52 PM | Attr = ]
SkyTel -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 6:04:26 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 11:32:58 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/13/2006 2:19:54 PM | Attr = ]
Wbutton -> %ProgramFiles%\Launch Manager\WButton.exe -> [Ver = 1, 0, 6, 9 | Size = 81920 bytes | Modified Date = 11/8/2005 10:19:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
Yahoo Messengger -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 9:27:44 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [UPnPMonitor] -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
RVHOST.exe -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 61440 bytes | Modified Date = 5/4/2006 12:44:56 AM | Attr = ]
WBSrv -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\WbSrv.dll -> Stardock [Ver = 5, 0, 0, 1 | Size = 176128 bytes | Modified Date = 12/6/2005 9:16:30 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NofolderOptions -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
< HOSTS File > (685 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 1 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> %ProgramFiles%\FlashGet\Jccatch.dll [IeCatch5 Class] -> FlashGet [Ver = 1, 1, 5, 0 | Size = 81920 bytes | Modified Date = 5/16/2006 3:19:42 PM | Attr = ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> %ProgramFiles%\FlashGet\getflash.dll [gFlash Class] -> [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 9/12/2006 10:50:56 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\fgiebar.dll [FlashGet Bar] -> Amaze Soft [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 6/7/2005 11:06:10 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
WebBrowser\\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 12:53:08 PM | Attr = ]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> FlashGet.com [Ver = 1, 7, 3, 0 | Size = 1400832 bytes | Modified Date = 9/11/2006 5:01:40 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
使用网际快车下载 -> %ProgramFiles%\FlashGet\jc_link.htm -> [Ver = | Size = 1898 bytes | Modified Date = 10/27/2006 11:43:18 AM | Attr = ]
使用网际快车下载全部链接 -> %ProgramFiles%\FlashGet\jc_all.htm -> [Ver = | Size = 575 bytes | Modified Date = 2/6/2000 11:06:06 AM | Attr = ]
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 12:53:12 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2CCBC482-D586-4AEE-884A-21DA92D90DFA} -> () ->
{84F8D24F-07F3-407D-AD4B-C940874E1D83} -> (1394 Net Adapter) ->
{957BFBDC-3855-46CE-84F7-1454A28CD49F} -> () ->
{C1FAAA36-C70C-46F9-999B-1716B87A8CE7} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{F3D1267E-D594-4201-9846-9016E25434AC} -> (Broadcom NetLink ™ Gigabit Ethernet) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ic32pp -> %SystemRoot%\wc98pp.dll -> [Ver = | Size = 51712 bytes | Modified Date = 10/27/2006 12:32:06 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 11/1/2006 3:21:20 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games.com.my/com/EGamesPlugin.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
disney.ini -> %SystemRoot%\disney.ini -> [Ver = | Size = 35 bytes | Created Date = 5/28/2007 12:53:41 AM | Attr = ]
First Encounter Assault Recon Extraction Point -> %SystemRoot%\First Encounter Assault Recon Extraction Point -> [Folder | Created Date = 5/28/2007 12:44:55 AM | Attr = ]
RVHOST.exe -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Created Date = 5/3/2007 12:39:57 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 5/23/2007 5:58:54 PM | Attr = H ]
RVHOST.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Created Date = 5/3/2007 12:39:57 PM | Attr = RHS]
setting.ini -> %System32%\setting.ini -> [Ver = | Size = 228 bytes | Created Date = 5/3/2007 12:40:05 PM | Attr = RHS]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 5/3/2007 7:28:04 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/12/2007 12:35:28 AM | Attr = H ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 5/9/2007 10:36:48 AM | Attr = ]
Incomplete -> %SystemDrive%\Incomplete -> [Folder | Modified Date = 5/28/2007 11:31:26 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 5/28/2007 11:19:18 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/28/2007 8:20:30 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/29/2007 1:50:28 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/29/2007 1:25:54 PM | Attr = S]
disney.ini -> %SystemRoot%\disney.ini -> [Ver = | Size = 35 bytes | Modified Date = 5/28/2007 12:57:26 AM | Attr = ]
First Encounter Assault Recon Extraction Point -> %SystemRoot%\First Encounter Assault Recon Extraction Point -> [Folder | Modified Date = 5/28/2007 12:44:56 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/28/2007 8:17:20 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/12/2007 12:35:28 AM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/19/2007 10:33:12 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/22/2007 4:16:24 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/23/2007 5:58:56 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/29/2007 1:26:16 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/29/2007 1:26:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1168 bytes | Modified Date = 5/3/2007 5:44:54 AM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 346 bytes | Modified Date = 5/29/2007 1:26:16 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/29/2007 1:25:58 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/28/2007 8:13:28 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/28/2007 10:12:54 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 5/23/2007 5:58:56 PM | Attr = H ]
setting.ini -> %System32%\setting.ini -> [Ver = | Size = 228 bytes | Modified Date = 5/3/2007 12:40:06 PM | Attr = RHS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/21/2007 2:04:32 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.252 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 11/8/2006 10:46:40 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/29/2005 12:44:12 AM | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 1, 0, 642 | Size = 167936 bytes | Modified Date = 7/9/2004 4:47:04 PM | Attr = RHS]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 10/3/2006 3:04:40 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 1/7/2005 8:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/29/2007 7:01:40 PM | Attr = ]

< End of report >
Posted Image

#4 Learner87

Learner87
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 29 May 2007 - 01:09 AM

WinPFind3 logfile created on: 5/29/2007 1:50:43 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\user\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

510.11 Mb Total Physical Memory | 274.50 Mb Available Physical Memory | 53.81% Memory free
1.44 Gb Paging File | 1.01 Gb Available in Paging File | 69.84% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 19.18 Gb Free Space | 39.29% Space Free
Drive D: | 25.69 Gb Total Space | 4.46 Gb Free Space | 17.38% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ME
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/18/2006 8:08:02 PM | Attr = ]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.1.4 | Size = 1286144 bytes | Modified Date = 7/5/2004 5:51:04 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/7/2007 5:16:20 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/26/2006 7:47:20 PM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1200 | Size = 266295 bytes | Modified Date = 12/2/2005 2:22:04 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
hotkeyapp.exe -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 4 | Size = 69632 bytes | Modified Date = 1/10/2006 6:06:56 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
launchap.exe -> %ProgramFiles%\Launch Manager\LaunchAp.exe -> [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr = ]
launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 6/15/2006 12:36:18 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr = ]
nclbthandler.exe -> %CommonProgramFiles%\PCSuite\Services\NclBTHandler.exe -> Nokia [Ver = 6, 81, 3, 0 | Size = 77824 bytes | Modified Date = 6/15/2006 11:23:02 AM | Attr = ]
osdctrl.exe -> %ProgramFiles%\Launch Manager\OSDCtrl.exe -> [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr = ]
powerkey.exe -> %ProgramFiles%\Launch Manager\Powerkey.exe -> [Ver = 1, 4, 4, 0 | Size = 94208 bytes | Modified Date = 8/30/2002 3:02:48 PM | Attr = ]
raysat_3dsmax8server.exe -> %ProgramFiles%\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/21/2005 2:13:44 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/13/2006 2:19:54 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.7.3 | Size = 16248320 bytes | Modified Date = 6/28/2006 2:54:52 PM | Attr = ]
rtkbtmnt.exe -> %LocalSettings%\Temp\RtkBtMnt.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.5 | Size = 507904 bytes | Modified Date = 1/15/2007 4:16:00 AM | Attr = ]
rvhost.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
rvhost.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
servicelayer.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 6/5/2006 1:59:18 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 11:32:58 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
wbutton.exe -> %ProgramFiles%\Launch Manager\WButton.exe -> [Ver = 1, 0, 6, 9 | Size = 81920 bytes | Modified Date = 11/8/2005 10:19:28 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/20/2006 11:09:20 AM | Attr = ]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.1.4 | Size = 1286144 bytes | Modified Date = 7/5/2004 5:51:04 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 5/4/2006 12:43:46 AM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 9/15/2004 9:10:00 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 3/18/2006 8:08:02 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 10/26/2006 7:47:20 PM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.1200 | Size = 266295 bytes | Modified Date = 12/2/2005 2:22:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 323584 bytes | Modified Date = 6/14/2006 4:23:58 PM | Attr = ]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech [Ver = 9.4.4.1082 | Size = 86016 bytes | Modified Date = 6/23/2006 10:40:58 AM | Attr = ]
(mi-raysat_3dsmax8) RaySat_3dsmax8 Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -> [Ver = | Size = 65536 bytes | Modified Date = 9/21/2005 2:13:44 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 6/5/2006 1:59:18 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 1/7/2007 5:16:20 AM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 5:41:22 PM | Attr = ]
AtiPTA -> %System32%\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Modified Date = 2/22/2006 9:05:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 4/23/2007 11:13:42 PM | Attr = ]
AzMixerSel -> %ProgramFiles%\Realtek\InstallShield\AzMixerSel.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 12 | Size = 53248 bytes | Modified Date = 1/25/2006 6:45:50 PM | Attr = ]
CtrlVol -> %ProgramFiles%\Launch Manager\CtrlVol.exe -> Wistron [Ver = 1, 0, 0, 7 | Size = 20480 bytes | Modified Date = 9/16/2003 2:28:26 PM | Attr = ]
KernelFaultCheck -> -> File not found
LaunchAp -> %ProgramFiles%\Launch Manager\LaunchAp.exe -> [Ver = 1, 0, 1, 0 | Size = 32768 bytes | Modified Date = 7/25/2005 1:36:40 PM | Attr = ]
LManager -> %ProgramFiles%\Launch Manager\HotkeyApp.exe -> Wistron [Ver = 1, 0, 7, 4 | Size = 69632 bytes | Modified Date = 1/10/2006 6:06:56 PM | Attr = ]
LMgrOSD -> %ProgramFiles%\Launch Manager\OSDCtrl.exe -> [Ver = 1, 0, 1, 2 | Size = 241664 bytes | Modified Date = 7/25/2005 10:45:00 AM | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 6/15/2006 12:36:18 PM | Attr = ]
PowerKey -> %ProgramFiles%\Launch Manager\Powerkey.exe -> [Ver = 1, 4, 4, 0 | Size = 94208 bytes | Modified Date = 8/30/2002 3:02:48 PM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.7.3 | Size = 16248320 bytes | Modified Date = 6/28/2006 2:54:52 PM | Attr = ]
SkyTel -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 6:04:26 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 12/16/2005 11:32:58 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/13/2006 2:19:54 PM | Attr = ]
Wbutton -> %ProgramFiles%\Launch Manager\WButton.exe -> [Ver = 1, 0, 6, 9 | Size = 81920 bytes | Modified Date = 11/8/2005 10:19:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
Yahoo Messengger -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 9:27:44 PM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [UPnPMonitor] -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
RVHOST.exe -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 61440 bytes | Modified Date = 5/4/2006 12:44:56 AM | Attr = ]
WBSrv -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\WbSrv.dll -> Stardock [Ver = 5, 0, 0, 1 | Size = 176128 bytes | Modified Date = 12/6/2005 9:16:30 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NofolderOptions -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
< HOSTS File > (685 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 1 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> %ProgramFiles%\FlashGet\Jccatch.dll [IeCatch5 Class] -> FlashGet [Ver = 1, 1, 5, 0 | Size = 81920 bytes | Modified Date = 5/16/2006 3:19:42 PM | Attr = ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> %ProgramFiles%\FlashGet\getflash.dll [gFlash Class] -> [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 9/12/2006 10:50:56 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\fgiebar.dll [FlashGet Bar] -> Amaze Soft [Ver = 1, 2, 0, 0 | Size = 86016 bytes | Modified Date = 6/7/2005 11:06:10 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MegaUpload [Ver = 5.0.25 | Size = 1803720 bytes | Modified Date = 10/31/2006 2:55:40 PM | Attr = ]
WebBrowser\\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 12:53:08 PM | Attr = ]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> %ProgramFiles%\FlashGet\flashget.exe [ButtonText: FlashGet] -> FlashGet.com [Ver = 1, 7, 3, 0 | Size = 1400832 bytes | Modified Date = 9/11/2006 5:01:40 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
使用网际快车下载 -> %ProgramFiles%\FlashGet\jc_link.htm -> [Ver = | Size = 1898 bytes | Modified Date = 10/27/2006 11:43:18 AM | Attr = ]
使用网际快车下载全部链接 -> %ProgramFiles%\FlashGet\jc_all.htm -> [Ver = | Size = 575 bytes | Modified Date = 2/6/2000 11:06:06 AM | Attr = ]
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 12:53:12 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2CCBC482-D586-4AEE-884A-21DA92D90DFA} -> () ->
{84F8D24F-07F3-407D-AD4B-C940874E1D83} -> (1394 Net Adapter) ->
{957BFBDC-3855-46CE-84F7-1454A28CD49F} -> () ->
{C1FAAA36-C70C-46F9-999B-1716B87A8CE7} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{F3D1267E-D594-4201-9846-9016E25434AC} -> (Broadcom NetLink ™ Gigabit Ethernet) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ic32pp -> %SystemRoot%\wc98pp.dll -> [Ver = | Size = 51712 bytes | Modified Date = 10/27/2006 12:32:06 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 11/1/2006 3:21:20 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games.com.my/com/EGamesPlugin.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->


[Files/Folders - Created Within 30 days]
disney.ini -> %SystemRoot%\disney.ini -> [Ver = | Size = 35 bytes | Created Date = 5/28/2007 12:53:41 AM | Attr = ]
First Encounter Assault Recon Extraction Point -> %SystemRoot%\First Encounter Assault Recon Extraction Point -> [Folder | Created Date = 5/28/2007 12:44:55 AM | Attr = ]
RVHOST.exe -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Created Date = 5/3/2007 12:39:57 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 5/23/2007 5:58:54 PM | Attr = H ]
RVHOST.exe -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Created Date = 5/3/2007 12:39:57 PM | Attr = RHS]
setting.ini -> %System32%\setting.ini -> [Ver = | Size = 228 bytes | Created Date = 5/3/2007 12:40:05 PM | Attr = RHS]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 5/3/2007 7:28:04 PM | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/12/2007 12:35:28 AM | Attr = H ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 5/9/2007 10:36:48 AM | Attr = ]
Incomplete -> %SystemDrive%\Incomplete -> [Folder | Modified Date = 5/28/2007 11:31:26 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 5/28/2007 11:19:18 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/28/2007 8:20:30 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/29/2007 1:50:28 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/29/2007 1:25:54 PM | Attr = S]
disney.ini -> %SystemRoot%\disney.ini -> [Ver = | Size = 35 bytes | Modified Date = 5/28/2007 12:57:26 AM | Attr = ]
First Encounter Assault Recon Extraction Point -> %SystemRoot%\First Encounter Assault Recon Extraction Point -> [Folder | Modified Date = 5/28/2007 12:44:56 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/28/2007 8:17:20 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/12/2007 12:35:28 AM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 5/19/2007 10:33:12 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/22/2007 4:16:24 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/23/2007 5:58:56 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/29/2007 1:26:16 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/29/2007 1:26:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1168 bytes | Modified Date = 5/3/2007 5:44:54 AM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 346 bytes | Modified Date = 5/29/2007 1:26:16 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/29/2007 1:25:58 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 5/28/2007 8:13:28 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/28/2007 10:12:54 PM | Attr = ]
GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 5/23/2007 5:58:56 PM | Attr = H ]
setting.ini -> %System32%\setting.ini -> [Ver = | Size = 228 bytes | Modified Date = 5/3/2007 12:40:06 PM | Attr = RHS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/21/2007 2:04:32 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\Radeon Omega Drivers v3.8.252 Uninstall.exe -> [Ver = 7.0.1.0 | Size = 451072 bytes | Modified Date = 11/8/2006 10:46:40 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/29/2005 12:44:12 AM | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 1, 0, 642 | Size = 167936 bytes | Modified Date = 7/9/2004 4:47:04 PM | Attr = RHS]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 10/3/2006 3:04:40 AM | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 11:47:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\RVHOST.exe -> [Ver = 3, 2, 0, 1 | Size = 268216 bytes | Modified Date = 11/22/2006 10:04:48 PM | Attr = RHS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 1/7/2005 8:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 4/29/2007 7:01:40 PM | Attr = ]

< End of report >
Posted Image

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:41 AM

Posted 29 May 2007 - 06:03 AM

Hi Learner87. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Update AVG anti-spyware by doing the following:
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> rvhost.exe -> %System32%\RVHOST.exe
YY -> rvhost.exe -> %System32%\RVHOST.exe
YN -> teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe
[Registry - Non-Microsoft Only]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Yahoo Messengger -> %System32%\RVHOST.exe
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> Reg Data - Key not found [UPnPMonitor]
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> RVHOST.exe -> %SystemRoot%\RVHOST.exe
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NofolderOptions -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YY -> ic32pp -> %SystemRoot%\wc98pp.dll
[Files/Folders - Created Within 30 days]
NY -> RVHOST.exe -> %SystemRoot%\RVHOST.exe
NY -> RVHOST.exe -> %System32%\RVHOST.exe
NY -> setting.ini -> %System32%\setting.ini
[Files/Folders - Modified Within 30 days]
NY -> setting.ini -> %System32%\setting.ini
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %SystemRoot%\RVHOST.exe
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users