Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware


  • Please log in to reply
23 replies to this topic

#1 Alhambra

Alhambra

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 29 May 2007 - 01:02 PM

Hi everybody,

As you may know, there is an automatic research function in Firefox URL bar, so if you type just "google" you will be redirected to Google.com.
It doesn't work anymore, as it redirects me to a porn site like my-finder.net or hotproductz.com
It does the same thing on IE.
There is a topic that seems to deal with the same thing, which has been resolved : http://www.bleepingcomputer.com/forums/t/82243/firefox-redirects-to-a-porn-site-when-url-not-found/

Thank you for your help, I join my Hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 20:01:00, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\jmd\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2061210
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be/hws/sb/dell-row-rel/e...html?channel=be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2061210
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.be/ig/dell?hl=en&cli...amp;ibd=2061210
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Thalys International
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {F81FB289-0FB6-4FE0-A488-101447EE1ED3} (HD View Control) - http://research.microsoft.com/ivm/HDView/HDViewXP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thalys.com
O17 - HKLM\Software\..\Telephony: DomainName = thalys.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AD2471A-8F23-454E-BB88-25AA86BC2965}: NameServer = 85.255.116.42,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{968A1E4D-A52A-4D26-8505-82F06D32B0A6}: NameServer = 85.255.116.42,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thalys.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AD2471A-8F23-454E-BB88-25AA86BC2965}: NameServer = 85.255.116.42,85.255.112.135
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wxvault.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by Alhambra, 29 May 2007 - 01:03 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 30 May 2007 - 04:31 PM

Hello Alhambra and welcome to the BC HijackThis forum. It looks like there is something called a Wareout infection on this machine. Let's see if anything else is hiding in there.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 31 May 2007 - 07:29 AM

Thank you for your help :

WinPFind3 logfile created on: 31/05/2007 14:22:06
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\jmd\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014,05 Mb Total Physical Memory | 446,92 Mb Available Physical Memory | 44,07% Memory free
2,38 Gb Paging File | 1,85 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,42 Gb Total Space | 32,06 Gb Free Space | 43,09% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: PORT-JMD
Current User Name: JMD
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.22 | Size = 45056 bytes | Modified Date = 27/07/2005 23:41:08 | Attr = R ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 7/10/2005 21:13:38 | Attr = R ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
autoupdate.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe -> Wave Systems Corp. [Ver = 05.02.00.000 | Size = 192512 bytes | Modified Date = 30/01/2006 19:11:48 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 11/04/2007 10:44:38 | Attr = ]
dataserver.exe -> %ProgramFiles%\Wave Systems Corp\common\DataServer.exe -> Wave Systems Corp. [Ver = 2.7.1.24 | Size = 315392 bytes | Modified Date = 15/05/2006 21:19:00 | Attr = ]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 4:06:00 | Attr = ]
docmgr.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe -> Wave Systems Corp. [Ver = 05.03.00.015 | Size = 102400 bytes | Modified Date = 16/05/2006 14:35:08 | Attr = ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 18/10/2006 17:53:24 | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 23:57:12 | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 9/12/2005 22:29:52 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 18:05:18 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 10/03/2007 19:31:58 | Attr = ]
hidfind.exe -> %ProgramFiles%\Apoint\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 1.1.0.23 | Size = 45056 bytes | Modified Date = 29/06/2004 6:56:12 | Attr = R ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 14/12/2005 1:41:08 | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 9:38:42 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 5:19:24 | Attr = ]
hpwuschd.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 4/08/2003 17:28:18 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/01/2004 11:44:28 | Attr = R ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 17:58:16 | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 14/12/2005 1:45:00 | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 14/12/2005 1:41:00 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 15:03:52 | Attr = ]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 10/09/2003 4:24:00 | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 376832 bytes | Modified Date = 29/06/2006 14:12:34 | Attr = ]
nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 29/11/2006 17:48:22 | Attr = ]
ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 540672 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
ofcdog.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcDog.exe -> [Ver = | Size = 135168 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 458752 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 10, 0 | Size = 1032192 bytes | Modified Date = 29/06/2006 14:13:32 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 24/03/2007 14:48:20 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 17:49:52 | Attr = ]
rpcnet.exe -> %System32%\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 22/12/2006 12:57:00 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 17:56:52 | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 25/03/2006 1:30:44 | Attr = ]
tcsd_win32.exe -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 12/06/2006 12:01:14 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [Ver = | Size = 282710 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
tosbtmng1.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 49152 bytes | Modified Date = 16/06/2005 13:11:42 | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 21/11/2006 19:38:22 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 18:01:34 | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 18:04:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
(Bluetooth Hid Switch Service) Bluetooth Hid Switch Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\BlueTooth\HidSwitchService\HidSw.exe -> Cambridge Silicon Radio [Ver = 1.0.0.24 | Size = 188416 bytes | Modified Date = 30/08/2005 19:36:00 | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 11/04/2007 10:44:38 | Attr = ]
(DataSvr2) DataSvr2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Wave Systems Corp\common\DataServer.exe -> Wave Systems Corp. [Ver = 2.7.1.24 | Size = 315392 bytes | Modified Date = 15/05/2006 21:19:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 18:05:18 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 1:41:10 | Attr = ]
(iPod Service) Service de l'iPod [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 376832 bytes | Modified Date = 29/06/2006 14:12:34 | Attr = ]
(ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 540672 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/01/2004 11:44:28 | Attr = R ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 17:49:52 | Attr = ]
(Rpcnet) Remote Procedure Call (RPC) Net [Win32_Own | Auto | Running] -> %System32%\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 22/12/2006 12:57:00 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 17:56:52 | Attr = ]
(tcsd_win32.exe) NTRU Hybrid TSS v2.0.25 TCS [Win32_Own | Auto | Running] -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 12/06/2006 12:01:14 | Attr = ]
(tmlisten) OfficeScanNT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [Ver = | Size = 282710 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 18:01:34 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 7/10/2005 21:13:38 | Attr = R ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 10, 0 | Size = 1032192 bytes | Modified Date = 29/06/2006 14:13:32 | Attr = ]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
Document Manager -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe -> Wave Systems Corp. [Ver = 05.03.00.015 | Size = 102400 bytes | Modified Date = 16/05/2006 14:35:08 | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 9/12/2005 22:29:52 | Attr = ]
DXDllRegExe -> dxdllreg.exe -> File not found
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 9:38:42 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 4/08/2003 17:28:18 | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 14/12/2005 1:41:08 | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 14/12/2005 1:45:00 | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 14/12/2005 1:44:18 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 17:58:16 | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 18:04:28 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
OfficeScanNT Monitor -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 458752 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 25/03/2006 1:30:44 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 15:03:52 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 24/03/2007 14:48:20 | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 21/11/2006 19:38:22 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 23:57:12 | Attr = ]
ModemOnHold -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 10/09/2003 4:24:00 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 10/03/2007 19:31:58 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 4/11/1999 15:06:48 | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 49152 bytes | Modified Date = 16/06/2005 13:11:42 | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 4:06:00 | Attr = ]
%AllUsersStartup%\EMBASSY Trust Suite Secure Update.lnk -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe -> Wave Systems Corp. [Ver = 05.02.00.000 | Size = 192512 bytes | Modified Date = 30/01/2006 19:11:48 | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 5:19:24 | Attr = ]
%AllUsersStartup%\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 29/11/2006 17:48:22 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wxvault.dll -> %System32%\wxvault.dll -> [Ver = 05.03.00.015 | Size = 286720 bytes | Modified Date = 16/05/2006 14:34:22 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
kdysm.exe -> kdysm.exe -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 14/12/2005 1:40:12 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2061210 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.be/hws/sb/dell-row-rel/e...html?channel=be ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0AD2471A-8F23-454E-BB88-25AA86BC2965} -> 85.255.116.42,85.255.112.135 (Intel® PRO/Wireless 3945ABG Network Connection) ->
{968A1E4D-A52A-4D26-8505-82F06D32B0A6} -> 85.255.116.42,85.255.112.135 (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 22/12/2003 9:38:40 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by126w.bay126.mail.live.com/mail/re...es/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{F81FB289-0FB6-4FE0-A488-101447EE1ED3} -> HD View Control - CodeBase = http://research.microsoft.com/ivm/HDView/HDViewXP.cab ->


[Files/Folders - Created Within 30 days]
output.wav -> %SystemDrive%\output.wav -> [Ver = | Size = 10585044 bytes | Created Date = 28/05/2007 11:36:08 | Attr = ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Created Date = 15/05/2007 18:14:31 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Created Date = 15/05/2007 18:14:31 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 21/05/2007 22:02:06 | Attr = H ]
pccntmon.INI -> %SystemRoot%\pccntmon.INI -> [Ver = | Size = 24 bytes | Created Date = 28/05/2007 23:05:33 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 31/05/2007 11:07:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 31/05/2007 11:07:32 | Attr = H ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 28/05/2007 21:25:33 | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 28/05/2007 21:25:33 | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 28/05/2007 21:25:42 | Attr = ]
instw32.exe -> %System32%\instw32.exe -> Absolute Software Corp. [Ver = 0, 0, 0, 0 | Size = 36864 bytes | Created Date = 17/05/2007 20:38:40 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 28/05/2007 23:18:31 | Attr = ]
lfpsd13n.dll -> %System32%\lfpsd13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 55808 bytes | Created Date = 26/05/2007 14:56:41 | Attr = ]
RICHTX.DEP -> %System32%\RICHTX.DEP -> [Ver = | Size = 2 bytes | Created Date = 28/05/2007 11:13:07 | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 28/05/2007 21:25:44 | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 28/05/2007 21:25:40 | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 28/05/2007 21:25:40 | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 28/05/2007 21:25:46 | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 28/05/2007 21:25:45 | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 26/05/2007 17:52:00 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063378944 bytes | Modified Date = 31/05/2007 10:16:20 | Attr = HS]
output.wav -> %SystemDrive%\output.wav -> [Ver = | Size = 10585044 bytes | Modified Date = 28/05/2007 12:36:10 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/05/2007 22:25:30 | Attr = R ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 15/05/2007 19:14:32 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 15/05/2007 19:14:32 | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 31/05/2007 12:07:34 | Attr = ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 21/05/2007 23:02:08 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 31/05/2007 10:16:20 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29/05/2007 0:18:34 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 26/05/2007 15:09:00 | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29/05/2007 0:18:32 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 26/05/2007 17:48:32 | Attr = HS]
pccntmon.INI -> %SystemRoot%\pccntmon.INI -> [Ver = | Size = 24 bytes | Modified Date = 29/05/2007 0:10:46 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 31/05/2007 14:22:12 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 31/05/2007 12:07:34 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 31/05/2007 12:07:34 | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 31/05/2007 10:20:46 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 31/05/2007 14:17:38 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 25/05/2007 22:03:04 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 31/05/2007 10:16:28 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 31/05/2007 10:16:42 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 29/05/2007 7:21:18 | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 28/05/2007 22:25:46 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 31/05/2007 10:16:48 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 28/05/2007 22:25:48 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 257456 bytes | Modified Date = 26/05/2007 17:52:02 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 28/05/2007 17:24:48 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 29/05/2007 0:18:32 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64262 bytes | Modified Date = 31/05/2007 10:20:46 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405878 bytes | Modified Date = 31/05/2007 10:20:46 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 477404 bytes | Modified Date = 31/05/2007 10:20:46 | Attr = ]
RICHTX.DEP -> %System32%\RICHTX.DEP -> [Ver = | Size = 2 bytes | Modified Date = 29/05/2007 12:38:44 | Attr = ]
rpcnet.dll -> %System32%\rpcnet.dll -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 31/05/2007 10:16:42 | Attr = ]
rpcnetp.dll -> %System32%\rpcnetp.dll -> [Ver = | Size = 17408 bytes | Modified Date = 28/05/2007 10:42:50 | Attr = ]
rpcnetp.exe -> %System32%\rpcnetp.exe -> [Ver = | Size = 17408 bytes | Modified Date = 31/05/2007 10:16:44 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 20/05/2007 0:09:06 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 30/04/2007 17:46:10 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\diagdll.dll -> Absolute Software Inc. [Ver = 101, 0, 0, 0 | Size = 14336 bytes | Modified Date = 8/11/2004 21:02:34 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 23/02/2007 6:25:20 | Attr = ]
UPX! , UPX0 , -> %System32%\identprv.dll -> Absolute Software Corporation [Ver = 8.0.853.0 | Size = 30720 bytes | Modified Date = 27/03/2007 23:10:24 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 24/03/2007 14:48:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\wceprv.dll -> [Ver = | Size = 3584 bytes | Modified Date = 17/01/2002 23:52:00 | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 31 May 2007 - 11:29 AM

Hi Alhambra. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> DXDllRegExe -> dxdllreg.exe
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
YN -> kdysm.exe -> kdysm.exe
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {0AD2471A-8F23-454E-BB88-25AA86BC2965} -> 85.255.116.42,85.255.112.135 (Intel® PRO/Wireless 3945ABG Network Connection)
YN -> {968A1E4D-A52A-4D26-8505-82F06D32B0A6} -> 85.255.116.42,85.255.112.135 (Broadcom NetXtreme 57xx Gigabit Controller)
[Files/Folders - Modified Within 30 days]
NY -> AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job
NY -> rpcnetp.dll -> %System32%\rpcnetp.dll
NY -> rpcnetp.exe -> %System32%\rpcnetp.exe
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 01 June 2007 - 11:18 AM

Hi OT,

So I ran the fix you gave me, but I couldn't reboot in safe mode. When I was asked the password I couldn't log on because I'm not logging on this computer (I may not be clear, there is a menu where it's asked "log on" under password). Anyway, I rebooted in normal mode and AVG just told me that it found a "downloader.small". I Put it into quarantine, but I'm running a scan as the problem is remaining, even if it disappeared once.

Edited by Alhambra, 01 June 2007 - 11:21 AM.


#6 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 01 June 2007 - 12:46 PM

Here is the AVG report (it's in french, nettoyé means cleaned):

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:44:14 1/06/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP20\A0001728.exe -> Adware.Casino : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP20\A0001738.exe -> Adware.Casino : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP31\A0002345.exe -> Adware.Casino : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP31\A0002354.exe -> Adware.Casino : Nettoyé.
C:\Documents and Settings\jmd\Desktop\Anti-Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\rpcnetp.dll -> Downloader.Small : Nettoyé.
C:\Documents and Settings\jmd\Desktop\Anti-Virus\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\rpcnetp.exe -> Downloader.Small : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP94\A0006259.dll -> Downloader.Small : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP98\A0006674.dll -> Downloader.Small : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP98\A0006689.dll -> Downloader.Small : Nettoyé.
C:\Documents and Settings\jmd\Desktop\Benoît\Photos ben\Autres\Msn\MsgPlus-301.exe/Sponsor.exe -> Downloader.Swizzor.bt : Nettoyé.
C:\Documents and Settings\jmd\Desktop\François\MsgPlus-301.exe/Sponsor.exe -> Downloader.Swizzor.bt : Nettoyé.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP79\A0004930.dll -> Hijacker.Small : Nettoyé.
:mozilla.234:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.235:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.236:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.237:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.238:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.239:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.240:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.241:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.243:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.259:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.354:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@microsoftgamestudio.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@netgear.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.33:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.34:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.130:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.131:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.132:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.133:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.134:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.48:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.86:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.137:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.138:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.139:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.140:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.141:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.142:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.143:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.144:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.145:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.327:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.328:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.329:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.330:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.493:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyé.
:mozilla.342:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.127:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.128:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.129:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.249:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.250:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.251:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.252:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.71:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.28:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.108:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.109:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.110:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.111:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.123:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.182:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.303:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.498:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.112:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.114:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.478:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.479:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.480:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.35:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.91:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.481:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
:mozilla.482:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Onestat : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.20:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.415:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.279:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.466:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.72:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.73:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.74:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.75:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.76:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.77:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.11:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.12:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.15:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@specificclick[2].txt -> TrackingCookie.Specificclick : Nettoyé.
:mozilla.435:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.436:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.437:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.438:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.136:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.406:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.451:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.80:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.81:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.82:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\jmd\Cookies\jmd@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.253:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.254:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.255:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.256:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.257:C:\Documents and Settings\jmd\Application Data\Mozilla\Firefox\Profiles\3ql03fzr.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

#7 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 01 June 2007 - 12:54 PM

WinPFind3 logfile created on: 1/06/2007 19:46:40
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\jmd\Desktop\Anti-Virus\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1014,05 Mb Total Physical Memory | 562,03 Mb Available Physical Memory | 55,42% Memory free
2,38 Gb Paging File | 1,77 Gb Available in Paging File | 74,06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,42 Gb Total Space | 33,46 Gb Free Space | 44,96% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: PORT-JMD
Current User Name: JMD
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.22 | Size = 45056 bytes | Modified Date = 27/07/2005 23:41:08 | Attr = R ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 7/10/2005 21:13:38 | Attr = R ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
autoupdate.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe -> Wave Systems Corp. [Ver = 05.02.00.000 | Size = 192512 bytes | Modified Date = 30/01/2006 19:11:48 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7/10/2006 14:20:00 | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 11/04/2007 10:44:38 | Attr = ]
dataserver.exe -> %ProgramFiles%\Wave Systems Corp\common\DataServer.exe -> Wave Systems Corp. [Ver = 2.7.1.24 | Size = 315392 bytes | Modified Date = 15/05/2006 21:19:00 | Attr = ]
dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 4:06:00 | Attr = ]
docmgr.exe -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe -> Wave Systems Corp. [Ver = 05.03.00.015 | Size = 102400 bytes | Modified Date = 16/05/2006 14:35:08 | Attr = ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 18/10/2006 17:53:24 | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 23:57:12 | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 9/12/2005 22:29:52 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 18:05:18 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.4: 2007051502 | Size = 7637104 bytes | Modified Date = 1/06/2007 6:58:38 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 10/03/2007 19:31:58 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ]
hidfind.exe -> %ProgramFiles%\Apoint\hidfind.exe -> Alps Electric Co., Ltd. [Ver = 1.1.0.23 | Size = 45056 bytes | Modified Date = 29/06/2004 6:56:12 | Attr = R ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 14/12/2005 1:41:08 | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 9:38:42 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 5:19:24 | Attr = ]
hpwuschd.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 4/08/2003 17:28:18 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/01/2004 11:44:28 | Attr = R ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 17:58:16 | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 14/12/2005 1:45:00 | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 14/12/2005 1:41:00 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 15:03:52 | Attr = ]
netwaiting.exe -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 10/09/2003 4:24:00 | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 376832 bytes | Modified Date = 29/06/2006 14:12:34 | Attr = ]
nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 29/11/2006 17:48:22 | Attr = ]
ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 540672 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
ofcdog.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcDog.exe -> [Ver = | Size = 135168 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 458752 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 10, 0 | Size = 1032192 bytes | Modified Date = 29/06/2006 14:13:32 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 24/03/2007 14:48:20 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 17:49:52 | Attr = ]
rpcnet.exe -> %System32%\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 22/12/2006 12:57:00 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 17:56:52 | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 25/03/2006 1:30:44 | Attr = ]
tcsd_win32.exe -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 12/06/2006 12:01:14 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [Ver = | Size = 282710 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
tosbtmng1.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 49152 bytes | Modified Date = 16/06/2005 13:11:42 | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 21/11/2006 19:38:22 | Attr = ]
winpfind3u.exe -> %UserDesktop%\Anti-Virus\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 18:01:34 | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 18:04:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ]
(Bluetooth Hid Switch Service) Bluetooth Hid Switch Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\BlueTooth\HidSwitchService\HidSw.exe -> Cambridge Silicon Radio [Ver = 1.0.0.24 | Size = 188416 bytes | Modified Date = 30/08/2005 19:36:00 | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.0 | Size = 54784 bytes | Modified Date = 11/04/2007 10:44:38 | Attr = ]
(DataSvr2) DataSvr2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Wave Systems Corp\common\DataServer.exe -> Wave Systems Corp. [Ver = 2.7.1.24 | Size = 315392 bytes | Modified Date = 15/05/2006 21:19:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 18/10/2006 18:05:18 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 1:41:10 | Attr = ]
(iPod Service) Service de l'iPod [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 376832 bytes | Modified Date = 29/06/2006 14:12:34 | Attr = ]
(ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\ntrtscan.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 540672 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/01/2004 11:44:28 | Attr = R ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 18/10/2006 17:49:52 | Attr = ]
(Rpcnet) Remote Procedure Call (RPC) Net [Win32_Own | Auto | Running] -> %System32%\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 22/12/2006 12:57:00 | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 18/10/2006 17:56:52 | Attr = ]
(tcsd_win32.exe) NTRU Hybrid TSS v2.0.25 TCS [Win32_Own | Auto | Running] -> %ProgramFiles%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -> [Ver = | Size = 180224 bytes | Modified Date = 12/06/2006 12:01:14 | Attr = ]
(tmlisten) OfficeScanNT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\tmlisten.exe -> [Ver = | Size = 282710 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 18/10/2006 18:01:34 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7/10/2006 14:20:00 | Attr = ]
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.155 | Size = 176128 bytes | Modified Date = 7/10/2005 21:13:38 | Attr = R ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 10, 0 | Size = 1032192 bytes | Modified Date = 29/06/2006 14:13:32 | Attr = ]
DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
Document Manager -> %ProgramFiles%\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe -> Wave Systems Corp. [Ver = 05.03.00.015 | Size = 102400 bytes | Modified Date = 16/05/2006 14:35:08 | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 9/12/2005 22:29:52 | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 9:38:42 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 4/08/2003 17:28:18 | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 14/12/2005 1:41:08 | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 14/12/2005 1:45:00 | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 14/12/2005 1:44:18 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 18/10/2006 17:58:16 | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 18/10/2006 18:04:28 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
OfficeScanNT Monitor -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 5.5.0.2008 | Size = 458752 bytes | Modified Date = 27/07/2004 10:43:58 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 25/03/2006 1:30:44 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 15:03:52 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 185784 bytes | Modified Date = 24/03/2007 14:48:20 | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 21/11/2006 19:38:22 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 28/08/2006 23:57:12 | Attr = ]
ModemOnHold -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 10/09/2003 4:24:00 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 10/03/2007 19:31:58 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 4/11/1999 15:06:48 | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 49152 bytes | Modified Date = 16/06/2005 13:11:42 | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 4:06:00 | Attr = ]
%AllUsersStartup%\EMBASSY Trust Suite Secure Update.lnk -> %ProgramFiles%\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe -> Wave Systems Corp. [Ver = 05.02.00.000 | Size = 192512 bytes | Modified Date = 30/01/2006 19:11:48 | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 5:19:24 | Attr = ]
%AllUsersStartup%\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 7, 5, 3000 | Size = 118784 bytes | Modified Date = 29/11/2006 17:48:22 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
wxvault.dll -> %System32%\wxvault.dll -> [Ver = 05.03.00.015 | Size = 286720 bytes | Modified Date = 16/05/2006 14:34:22 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 16:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
kdysm.exe -> kdysm.exe -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 14/12/2005 1:40:12 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=2061210 ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.be/hws/sb/dell-row-rel/e...html?channel=be ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 8/09/2005 7:20:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 10/03/2007 19:31:56 | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 15:22:12 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0AD2471A-8F23-454E-BB88-25AA86BC2965} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{968A1E4D-A52A-4D26-8505-82F06D32B0A6} -> (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 22/12/2003 9:38:40 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by126w.bay126.mail.live.com/mail/re...es/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{F81FB289-0FB6-4FE0-A488-101447EE1ED3} -> HD View Control - CodeBase = http://research.microsoft.com/ivm/HDView/HDViewXP.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063378944 bytes | Created Date = 2/01/1601 23:00:00 | Attr = HS]
output.wav -> %SystemDrive%\output.wav -> [Ver = | Size = 10585044 bytes | Created Date = 28/05/2007 11:36:08 | Attr = ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Created Date = 15/05/2007 18:14:31 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Created Date = 15/05/2007 18:14:31 | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 21/05/2007 22:02:06 | Attr = H ]
pccntmon.INI -> %SystemRoot%\pccntmon.INI -> [Ver = | Size = 24 bytes | Created Date = 28/05/2007 23:05:33 | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 28/05/2007 21:25:33 | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 28/05/2007 21:25:33 | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 28/05/2007 21:25:42 | Attr = ]
instw32.exe -> %System32%\instw32.exe -> Absolute Software Corp. [Ver = 0, 0, 0, 0 | Size = 36864 bytes | Created Date = 17/05/2007 20:38:40 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 28/05/2007 23:18:31 | Attr = ]
lfpsd13n.dll -> %System32%\lfpsd13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 55808 bytes | Created Date = 26/05/2007 14:56:41 | Attr = ]
RICHTX.DEP -> %System32%\RICHTX.DEP -> [Ver = | Size = 2 bytes | Created Date = 28/05/2007 11:13:07 | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 28/05/2007 21:25:44 | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 28/05/2007 21:25:40 | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 28/05/2007 21:25:40 | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 28/05/2007 21:25:46 | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 28/05/2007 21:25:45 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 31/05/2007 21:02:16 | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 26/05/2007 17:52:00 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063378944 bytes | Modified Date = 1/06/2007 18:05:16 | Attr = HS]
output.wav -> %SystemDrive%\output.wav -> [Ver = | Size = 10585044 bytes | Modified Date = 28/05/2007 12:36:10 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 31/05/2007 22:02:08 | Attr = R ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 15/05/2007 19:14:32 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 15/05/2007 19:14:32 | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/06/2007 18:08:24 | Attr = ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 21/05/2007 23:02:08 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/06/2007 18:05:22 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 29/05/2007 0:18:34 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 26/05/2007 15:09:00 | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29/05/2007 0:18:32 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 26/05/2007 17:48:32 | Attr = HS]
pccntmon.INI -> %SystemRoot%\pccntmon.INI -> [Ver = | Size = 24 bytes | Modified Date = 29/05/2007 0:10:46 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/06/2007 18:07:24 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/06/2007 18:10:16 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/06/2007 17:51:58 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/06/2007 18:07:08 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/06/2007 18:05:38 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/06/2007 18:06:06 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 29/05/2007 7:21:18 | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 28/05/2007 22:25:46 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/06/2007 18:06:28 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 31/05/2007 22:02:18 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 257456 bytes | Modified Date = 26/05/2007 17:52:02 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 28/05/2007 17:24:48 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 29/05/2007 0:18:32 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64262 bytes | Modified Date = 1/06/2007 18:10:16 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405878 bytes | Modified Date = 1/06/2007 18:10:16 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 477404 bytes | Modified Date = 1/06/2007 18:10:16 | Attr = ]
RICHTX.DEP -> %System32%\RICHTX.DEP -> [Ver = | Size = 2 bytes | Modified Date = 29/05/2007 12:38:44 | Attr = ]
rpcnet.dll -> %System32%\rpcnet.dll -> Absolute Software Corp. [Ver = 8.0.847.0 | Size = 35840 bytes | Modified Date = 1/06/2007 18:06:02 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 20/05/2007 0:09:06 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 30/04/2007 17:46:10 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\diagdll.dll -> Absolute Software Inc. [Ver = 101, 0, 0, 0 | Size = 14336 bytes | Modified Date = 8/11/2004 21:02:34 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 23/02/2007 6:25:20 | Attr = ]
UPX! , UPX0 , -> %System32%\identprv.dll -> Absolute Software Corporation [Ver = 8.0.853.0 | Size = 30720 bytes | Modified Date = 27/03/2007 23:10:24 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 24/03/2007 14:48:28 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 4/08/2004 7:00:00 | Attr = ]
UPX! , UPX0 , -> %System32%\wceprv.dll -> [Ver = | Size = 3584 bytes | Modified Date = 17/01/2002 23:52:00 | Attr = ]

< End of report >


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System written successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} not found.
DNS NameServer information removed successfully for adapter: Intel® PRO/Wireless 3945ABG Network Connection
DNS NameServer information removed successfully for adapter: Broadcom NetXtreme 57xx Gigabit Controller
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\tasks\AppleSoftwareUpdate.job not found!
File C:\WINDOWS\SYSTEM32\rpcnetp.dll not found!
File C:\WINDOWS\SYSTEM32\rpcnetp.exe not found!
[Empty Temp Folders]
C:\DOCUME~1\jmd\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\jmd\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/01/2007 17:55:17

#8 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 01 June 2007 - 02:53 PM

My computer is running damnly slow, and is often freezing. Also at every boot of the computer, AVG is always telling me that it blocked "downloader.small".

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 01 June 2007 - 03:14 PM

Hi Alhambra. The log is clean. I don't see any more signs of viruses or malware in it.

It does appear that there are multiple anti-virus applications running on this computer (TrendMicro and Avast). Running more than 1 anti-virus application at the same time can cause file access issues and if there is an infection the multiple programs can block each other from dealing with the infected file. I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems.

What is the exact message that AVG is giving? Does it give a file name and location?

The HijackThis forum deals exclusively with virus and malware issues. This forum does not have the capability to analyze performance, hardware or application issues. For these types of issues I would suggest posting to the The techs in that forum specialize in matters pertaining to the operating system, performance and applications. Let them know that you have been to this forum and that no malware was found.

When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 02 June 2007 - 01:59 AM

Ok, actually it seems that the original problem disapeared, but I can't even run the computer for one hour before it freezes, and I can't run a Avast scan entierely.

Here is the AVG window :

Posted Image



Anyway thank you for your help, my browser is clean now.

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 02 June 2007 - 07:23 AM

Hi Alhambra. Is the AVG scan from a current scan after the last fix or before it? Do a search for the following files:

Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.rpcnetp.dll
rpcnetp.exe

These should have been moved during the last fix. If they are still present in the system32 folder then we will need to deal with them again.

Also do a search for this file:kdysm.exe
Let me know what you find on those.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 02 June 2007 - 08:03 AM

This is a new AVG spyware, from after the fix.
For the search, the 2 first files are still in system32 folder, but the 3rd one doesn't exist.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 02 June 2007 - 09:44 AM

Hi Alhambra. After discussing this with AVG I think that the rpcnetp files are legitimate. AVG will be removing them from their scan results in their next update. Even though no company name is included with the files, if the Absolute software is installed (which it is on this machine) then those 2 files are components of that. Absolute software is used to track stolen PC equipment and deleting the files will result in them being replaced by the Absolute software at the next bootup.

If the kdysm.exe file was not found then we can remove the reference to that in the registry.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
YN -> kdysm.exe -> kdysm.exe


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will review it when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 Alhambra

Alhambra
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 02 June 2007 - 11:34 AM

Here we go :

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System written successfully.
< End of log >
Created on 06/02/2007 18:33:17

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:06 AM

Posted 02 June 2007 - 11:48 AM

Hi Alhambra. That looks good. If you are still having performance issues then XP forum should be able to assist with those.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users