Hi there,
Recently, AVAST antivirus software has detected a virus(Malware,effected in 1.reg) in my computer. I had followed the recommendation which was to move to chest. However, whenever I restart my computer, AVAST will still detect the same virus. The problem of this virus/malware was that I couldn’t log into the internet from time to time.
What should I do?
Please look at the picture below.
Thank you.
Jonathan
http://i109.photobucket.com/albums/n53/jonathanlkm/virus.jpg
Firstly a .reg file is a strange thing to detect as it is a text file containing entries to change your registry, which can be very harmful. It could also be that the file type has been changed and the actual file type is different, hence the VBS:malware name.
Secondly there must be something undetected or hidden restoring or downloading this file, what is your firewall ?
I would also suggest you clear out your Temp folder in case there might be something else in there.
In your image you also seem to have some strange font/character effects in the Path the backslash \ character is displayed as a W with a line through it (W), is this normal for your system ?
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
Hi there…
Thanks for the reply…for your information, i am using korean version of windows OS, thus you could see () is displayed as (W) with a line through it. It’s normal in my OS.
I did the AVG scan, but the software found nothing in my computer. Any ideas?
Thanks again.
Try the next tool as malware signature databases are different from one to another anti-spyware.
There are also a couple of on-line anti-spyware scans you could try.
http://www.spywareinfo.com/xscan.php
http://www.pestscan.com/
There is a possibility that what is responsible is hidden by a rootkit. Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
Thanks for the links.
It seems that Spyware Terminator and SUPERAntiSpyware did the job! The malware is gone now.
Thanks a lot! 
If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with the antirootkit tools posted by David. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
No problem, glad we could help.
Welcome to the forums.
You didn’t mention what your firewall is, it is an essential part of your system security ?
As something, what ever was detected by ST or SAS, you didn’t say what it was they detected (we don’t like loose ends ;D ) ?
This was possibly downloading this file and your firewall should have been part of your defence.
Well…I think my computer is not clean yet :'(. I still encounter some problem with my computer. Eg: no internet connection/IE or Moz Firefox cannot access to the internet.
By the way, I remember my problem is caused by some paypal website (virus??) some exe file that I downloaded.
Anyway…hope this log file can help. Thanks
HijackThis log file
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\npkcmsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\conime.exe
E:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\RhVOc.exe
C:\Documents and Settings\Jonathan\Desktop\HiJackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mizane.com - {B0C6B366-C1F1-4B91-ACBD-558E76B354ED} - C:\PROGRA~1\mizane\mizane1.dll (file missing)
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Start WingMan Profiler] “C:\Program Files\Logitech\Profiler\lwemon.exe” /noui
O4 - HKCU..\Run: [BitComet] “E:\Program Files\BitComet\BitComet.exe” /tray
O4 - HKCU..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer{AC76BA86-1033-F400-7760-000000000003}_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
End of file
As something, what ever was detected by ST or SAS, you didn't say what it was they detected (we don't like loose ends ) ?
SuperAntiSpyware detected : Adware tracking cookies, Trojan.net_SCVHOST32 & unidentified Browser Helper Object. :o
You didn't mention what your firewall is, it is an essential part of your system security ?
I am using a router. I guess firewall is not essential part of my system security.
This is part of a Korean trojan
Win-Adware/BHO.Mizane.242688 is Adware that is installed without the user’s agreement. It registered as BHO monitors the user’s keyword and system.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]
O2 - BHO: mizane.com - {B0C6B366-C1F1-4B91-ACBD-558E76B354ED} - C:\PROGRA~1\mizane\mizane1.dll (file missing)
[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\PROGRA~1\mizane
Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
There is probably a hidden file somewhere on your system triggering this so we could go on a hunt…
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:
Reg - Approved Shell Extensions
Reg - File Associations
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
I hate to say it but yes you do, unless your router includes a firewall that also protects against unauthorised outbound connection. Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
Without a firewall cleaning your system is likely to take longer as quick as some stuff is removed there is other malware taking its place, so you need to lock down your system so it can be cleaned effectively.
WinPFind3 logfile created on: 10/8/2007 6:40:59 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Jonathan\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
511.47 Mb Total Physical Memory | 212.44 Mb Available Physical Memory | 41.53% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.89% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.43 Gb Total Space | 1.27 Gb Free Space | 10.23% Space Free
Drive D: | 12.43 Gb Total Space | 0.34 Gb Free Space | 2.73% Space Free
Drive E: | 12.41 Gb Total Space | 1.58 Gb Free Space | 12.71% Space Free
F: Drive not present or media not loaded
Computer Name: CAPTLIM
Current User Name: Jonathan
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
acrobat_sl.exe → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 46200 bytes | Modified Date = 10/23/2006 1:40:14 AM | Attr = ]
acrotray.exe → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe → Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr = ]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 7:06:10 PM | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 7:05:42 PM | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 7:06:04 PM | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 7:04:44 PM | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 6:54:58 PM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 2:26:56 PM | Attr = ]
ati2evxx.exe → %System32%\ati2evxx.exe → [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 2:26:56 PM | Attr = ]
cthelper.exe → %System32%\CTHELPER.EXE → Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 7/2/2002 5:56:00 PM | Attr = ]
devldr32.exe → %System32%\devldr32.exe → Creative Technology Ltd. [Ver = 1, 0, 0, 17 | Size = 24064 bytes | Modified Date = 8/18/2001 7:36:42 AM | Attr = ]
fnplicensingservice.exe → %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe → Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 5/14/2007 5:52:52 PM | Attr = ]
guard.exe → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 9:31:10 PM | Attr = ]
hijackthis.exe → %UserDesktop%\HiJackThis.exe → Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 10/7/2007 8:31:48 PM | Attr = ]
hpzipm12.exe → %System32%\HPZipm12.exe → HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
jusched.exe → %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
npkcmsvc.exe → %System32%\npkcmsvc.exe → INCA Internet Co., Ltd. [Ver = 2006, 11, 6, 1 | Size = 61523 bytes | Modified Date = 5/17/2007 5:04:00 PM | Attr = ]
realsched.exe → %CommonProgramFiles%\Real\Update_OB\realsched.exe → RealNetworks, Inc. [Ver = 0.1.0.3959 | Size = 185896 bytes | Modified Date = 5/24/2007 12:08:42 PM | Attr = ]
ulcdrsvr.exe → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 12/13/2004 4:34:32 AM | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe → Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/28/2007 2:44:28 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 9/6/2007 6:54:58 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] → %System32%\ati2evxx.exe → [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 2:26:56 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] → %System32%\ati2sgag.exe → [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 9/6/2007 7:06:04 PM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 9/6/2007 7:05:42 PM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 9/6/2007 7:04:44 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 9:31:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] → %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe → Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 5/14/2007 5:52:52 PM | Attr = ]
(npkcmsvc) npkcmsvc [Win32_Own | Auto | Running] → %System32%\npkcmsvc.exe → INCA Internet Co., Ltd. [Ver = 2006, 11, 6, 1 | Size = 61523 bytes | Modified Date = 5/17/2007 5:04:00 PM | Attr = ]
(PhidgetWebservice21) Phidget Webservice 21 [Win32_Own | On_Demand | Stopped] → %ProgramFiles%\Phidgets\PhidgetWindowsService21.exe → Phidgets Inc. [Ver = 1.0.0.0 | Size = 24576 bytes | Modified Date = 8/22/2007 2:35:42 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] → %System32%\HPZipm12.exe → HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] → %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe → Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 12/13/2004 4:34:32 AM | Attr = ]
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
!SASWinLogon → %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll → SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
AtiExtEvent → %System32%\ati2evxx.dll → [Ver = | Size = 86016 bytes | Modified Date = 8/25/2004 2:27:00 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives → 0 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoViewOnDrive → 0 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
< HOSTS File > (734 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKLM: Main\Default_Search_URL → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Start Page → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm →
HKLM: SearchAssistant → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm →
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch →
HKCU: Start Page → http://www.google.com/ →
HKCU: ProxyEnable → 0 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] → Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] → E:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll [BitComet Helper] → BitComet [Ver = 20070830 | Size = 513336 bytes | Modified Date = 8/30/2007 5:11:34 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] → %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] → Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr = ]
< Internet Explorer Bars [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr = ]
< Internet Explorer Bars [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ →
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer ToolBars [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ →
ShellBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr = ]
WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] → Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ →
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] → %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} → Reg Data - Value does not exist [ButtonText: BitComet Search] → File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} → Reg Data - Value does not exist [ButtonText: Research] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ →
&D&ownload &with BitComet → E:\Program Files\BitComet\BitComet.exe\AddLink.htm → File not found
&D&ownload all video with BitComet → E:\Program Files\BitComet\BitComet.exe\AddVideo.htm → File not found
&D&ownload all with BitComet → E:\Program Files\BitComet\BitComet.exe\AddAllLink.htm → File not found
Append to existing PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm → File not found
Convert link target to Adobe PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm → File not found
Convert link target to existing PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm → File not found
Convert selected links to Adobe PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm → File not found
Convert selected links to existing PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm → File not found
Convert selection to Adobe PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm → File not found
Convert selection to existing PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm → File not found
Convert to Adobe PDF → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm → File not found
E&xport to Microsoft Excel → → File not found
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ →
{4736237D-6678-4AC0-8B4A-5B4C8C1BD8F4} → () →
{F2F94BB5-FCD6-4AB5-A066-68A8816CA58C} → (Realtek RTL8139 Family PCI Fast Ethernet NIC) →
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ →
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
skype4com → %CommonProgramFiles%\Skype\Skype4COM.dll → Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 8/31/2007 6:33:52 PM | Attr = R ]
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ →
{057E566C-74EE-495E-81D9-7A17AA835070} → MMServer Control - CodeBase = http://www.mnet.com/Ver2/App/totalApp/maxmemo/MaxMemo.cab →
{091CDD73-1401-4643-9B9C-65B091C88685} → MyLinker Control - CodeBase = http://onlinetour.contents.mylinker.co.kr/module/MyLinker.cab →
{286A75C3-11FB-4FB4-AC4A-4DD1B0750050} → INISAFEWeb6 V6 Class - CodeBase = http://download.banktown.com/keb/initech/plugin/down/INIS60.cab →
{33564D57-0000-0010-8000-00AA00389B71} → - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB →
{39FC0CF9-86F3-4502-B773-D16706EDEC83} → SCSK Control - CodeBase = http://img.shinhan.com/rib/common/keyStroke/SoftCamp/40854/scsk4.cab →
{3EFC2239-B769-469F-A5E6-38693AE0B9DE} → Sysinfo2 Control - CodeBase = http://speed.nia.or.kr/login/sysinfo2.cab →
{47BF3491-5FEB-44C7-9A9E-C02F2FB027D8} → PhotomonImageUploader Control - CodeBase = http://www.photomon.com/printing/NewActiveX/PhotomonImageUploader.cab →
{4C68DACE-E6BC-4650-9C7E-D036720CA729} → Nps Control - CodeBase = http://update.nprotect.net/npscan2006/kor/nps.cab →
{54B52E52-8000-4413-BD67-FC7FE24B59F2} → EARTPatchX Class - CodeBase = http://simcity.ea.com/update/EARTPX.cab →
{556DDE35-E955-11D0-A707-000000521957} → - CodeBase = http://www.xblock.com/download/xclean_micro.exe →
{6A2E758A-028B-46BB-A11D-0608AB5A4ED3} → DaumBGMCtrl Class - CodeBase = http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab →
{6CE20149-ABE3-462E-A1B4-5B549971AA38} → XecureCKKB Class - CodeBase = http://ck.softforum.co.kr/CKKeyPro/yescard/CKKeyPro.cab →
{7E9FDB80-5316-11D4-B02C-00C04F0CD404} → XecureWeb 4.0 Client Control - CodeBase = http://download.softforum.co.kr/Published/XecureWeb/v7.0.5.0/xw_install.cab →
{8068959B-E424-45AD-B62B-A3FA45B1FBAF} → Report Designer 4.0 Control - CodeBase = http://ezhub.hanyang.ac.kr/haksa/hus/rdviewer40.cab →
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab →
{938527D1-CDB7-4147-998A-B20FCA5CC976} → Cdmcco Class - CodeBase = http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 →
{9A829609-D923-48AC-83D9-4E82DD874DA4} → PhotoCtrl Class - CodeBase = http://www.47dc.com/InnoPhotoNew/InnoPhotoNew.cab →
{9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} → SG_CAppAtx Control - CodeBase = http://download.signgate.com/download/common/ews/release/ewsinstaller.cab →
{A9F090E5-FC80-4772-AFEE-D102AB6E77D6} → IssacWebProCMS Class - CodeBase = http://pgdownload.dacom.net/dacom/IssacWebProCMS_3_1_0_1.cab →
{B8C4B31D-6DCE-4DF0-BF73-44686849F67D} → PDRInst1 Class - CodeBase = http://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab →
{B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} → Daum ActiveX manager Class - CodeBase = http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 →
{BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} → EwsLoader Class - CodeBase = →
{C193DE20-29F4-4B4F-963B-EB20CB3186C0} → SpeedTest Control - CodeBase = http://speed.nia.or.kr/speedtest/SpeedTest.cab →
{C36661D7-3590-45B1-80B5-520839E94DAD} → MaxisSimCity4PatcherX Control - CodeBase = http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab →
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} → Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab →
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} → Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab →
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} → Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab →
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab →
{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} → NPKCX Control - CodeBase = http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab →
{DC4207CE-C03E-4449-ACB1-032CA4137053} → Npz Control - CodeBase = http://update.nprotect.net/nprotect2006/yescard/npz.cab →
{E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} → Payplus Client Control - CodeBase = http://pay.kcp.co.kr/plugin/file/payplus.cab →
[Registry - Additional Scans - Non-Microsoft Only]
< Approved Shell Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved →
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] → Reg Data - Key not found [Taskbar and Start Menu] → File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] → Reg Data - Key not found [Media Band] → File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] → deskpan.dll [Display Panning CPL Extension] → File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] → %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 75128 bytes | Modified Date = 9/6/2007 6:59:56 PM | Attr = ]
{4EB37360-49E8-11D3-95B5-004033382980} [HKLM] → %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip 4.0 Context Menu Shell Extension] → ESTsoft [Ver = 6.11.27.111 | Size = 168960 bytes | Modified Date = 12/5/2006 10:02:06 PM | Attr = ]
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] → %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Catalyst Context Menu extension] → File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] → Reg Data - Key not found [Shell extensions for file compression] → File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] → Reg Data - Key not found [User Accounts] → File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] → Reg Data - Key not found [Encryption Context Menu] → File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] → %System32%\hticons.dll [HyperTerminal Icon Ext] → Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 9:00:00 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] → %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] → [Ver = | Size = 129024 bytes | Modified Date = 9/20/2007 6:34:58 PM | Attr = ]
{BD88A479-9623-4897-8546-BC62B9628F44} [HKLM] → %ProgramFiles%\Spyware Terminator\sptcontmenu.dll [SPTHandler] → Crawler.com [Ver = 1.1.0.14 | Size = 141312 bytes | Modified Date = 10/6/2007 8:00:28 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] → Adobe Systems Inc. [Ver = 8.0.5.2006102200\0 | Size = 677504 bytes | Modified Date = 10/22/2006 11:44:38 PM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] → %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] → RealNetworks, Inc. [Ver = 1.0.1.2684 | Size = 54848 bytes | Modified Date = 5/24/2007 12:08:50 PM | Attr = ]
< File Associations - Select to Repair > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>\ →
.bat [@ = batfile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.chm [@ = chm.file] → PersistentHandler = Reg Data - Key not found →
.cmd [@ = cmdfile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.com [@ = comfile] → PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} →
.cpl [@ = cplfile] → PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} →
.exe [@ = exefile] → PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} →
.hlp [@ = hlpfile] → PersistentHandler = Reg Data - Key not found →
.hta [@ = htafile] → PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} →
.html [@ = htmlfile] → PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} →
.inf [@ = inffile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.ini [@ = inifile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.url [@ = InternetShortcut] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.js [@ = JSFile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.jse [@ = JSEFile] → PersistentHandler = Reg Data - Key not found →
.pif [@ = piffile] → PersistentHandler = Reg Data - Key not found →
.reg [@ = regfile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.scr [@ = scrfile] → PersistentHandler = Reg Data - Key not found →
.txt [@ = TXT_File] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.vbe [@ = VBEFile] → PersistentHandler = Reg Data - Key not found →
.vbs [@ = VBSFile] → PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} →
.wsf [@ = WSFFile] → PersistentHandler = Reg Data - Key not found →
.wsh [@ = WSHFile] → PersistentHandler = Reg Data - Key not found →
[Files/Folders - Created Within 30 days]
cvavr → %SystemDrive%\cvavr → [Folder | Created Date = 9/22/2007 12:21:16 AM | Attr = ]
cvavr.ini → %SystemRoot%\cvavr.ini → [Ver = | Size = 2846 bytes | Created Date = 9/22/2007 12:21:22 AM | Attr = ]
pestpatrol5.INI → %SystemRoot%\pestpatrol5.INI → [Ver = | Size = 0 bytes | Created Date = 10/6/2007 7:05:19 PM | Attr = ]
Dajuba.zip → %System32%\Dajuba.zip → [Ver = | Size = 0 bytes | Created Date = 9/12/2007 4:35:04 PM | Attr = ]
DrvMon.exe → %System32%\DrvMon.exe → Alcor Micro, Corp. [Ver = 1, 0, 0, 7 | Size = 53248 bytes | Created Date = 9/27/2007 2:07:16 PM | Attr = ]
ftbusui.dll → %System32%\ftbusui.dll → FTDI Ltd. [Ver = 1.1.0.1 | Size = 111936 bytes | Created Date = 9/22/2007 12:51:28 AM | Attr = ]
ftd2xx.dll → %System32%\ftd2xx.dll → FTDI Ltd [Ver = 3.01.12 | Size = 202048 bytes | Created Date = 9/22/2007 12:51:28 AM | Attr = ]
FTLang.dll → %System32%\FTLang.dll → FTDI [Ver = 1, 0, 0, 1 | Size = 107840 bytes | Created Date = 9/22/2007 12:51:28 AM | Attr = ]
ftserui2.dll → %System32%\ftserui2.dll → FTDI Ltd. [Ver = 2.00.01.1 built by: WinDDK | Size = 47432 bytes | Created Date = 9/22/2007 12:51:29 AM | Attr = ]
KeyLbE32.dll → %System32%\KeyLbE32.dll → Concept Software, Inc. [Ver = 4.3.0.2 | Size = 141824 bytes | Created Date = 9/25/2007 6:00:02 PM | Attr = ]
Machnm1.exe → %System32%\Machnm1.exe → [Ver = | Size = 15840 bytes | Created Date = 9/25/2007 6:00:02 PM | Attr = ]
Machnm32.sys → %System32%\Machnm32.sys → [Ver = | Size = 2304 bytes | Created Date = 9/25/2007 6:00:02 PM | Attr = ]
Machnm64.sys → %System32%\Machnm64.sys → [Ver = | Size = 5632 bytes | Created Date = 9/25/2007 6:00:02 PM | Attr = ]
xmaninf.exe → %System32%\xmaninf.exe → [Ver = | Size = 193888 bytes | Created Date = 9/18/2007 1:05:06 PM | Attr = ]
AvgArCln.sys → %System32%\drivers\AvgArCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 10/6/2007 6:49:03 PM | Attr = ]
AvgAsCln.sys → %System32%\drivers\AvgAsCln.sys → GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 10/5/2007 8:12:00 AM | Attr = ]
ftdibus.sys → %System32%\drivers\ftdibus.sys → FTDI Ltd. [Ver = 2.02.04.1 built by: WinDDK | Size = 53184 bytes | Created Date = 9/22/2007 12:51:28 AM | Attr = ]
ftser2k.sys → %System32%\drivers\ftser2k.sys → FTDI Ltd. [Ver = 2.02.04.1 built by: WinDDK | Size = 71488 bytes | Created Date = 9/22/2007 12:51:29 AM | Attr = ]
IOPORT.SYS → %System32%\drivers\IOPORT.SYS → Erik Salaj [Ver = 2.00.0000.0 | Size = 6144 bytes | Created Date = 9/22/2007 12:21:18 AM | Attr = ]
[Files/Folders - Modified Within 30 days]
BaseFolder → %SystemDrive%\BaseFolder → [Folder | Modified Date = 10/6/2007 8:50:12 PM | Attr = ]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 10/7/2007 12:51:04 AM | Attr = H ]
cvavr → %SystemDrive%\cvavr → [Folder | Modified Date = 10/1/2007 8:10:28 PM | Attr = ]
FSUIPC_reg.bin → %SystemDrive%\FSUIPC_reg.bin → [Ver = | Size = 1328 bytes | Modified Date = 9/23/2007 10:31:46 PM | Attr = ]
Program Files → %ProgramFiles% → [Folder | Modified Date = 10/6/2007 8:32:36 PM | Attr = R ]
Temp → %SystemDrive%\Temp → [Folder | Modified Date = 9/22/2007 2:25:44 AM | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 10/8/2007 10:23:18 AM | Attr = ]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 10/8/2007 6:37:04 PM | Attr = S]
cvavr.ini → %SystemRoot%\cvavr.ini → [Ver = | Size = 2846 bytes | Modified Date = 10/6/2007 12:13:16 PM | Attr = ]
Downloaded Program Files → %SystemRoot%\Downloaded Program Files → [Folder | Modified Date = 10/6/2007 6:45:42 PM | Attr = S]
inf → %SystemRoot%\inf → [Folder | Modified Date = 10/6/2007 7:01:26 PM | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 10/7/2007 12:51:04 AM | Attr = HS]
MEMORY.DMP → %SystemRoot%\MEMORY.DMP → [Ver = | Size = 536416256 bytes | Modified Date = 10/8/2007 10:23:18 AM | Attr = ]
pestpatrol5.INI → %SystemRoot%\pestpatrol5.INI → [Ver = | Size = 0 bytes | Modified Date = 10/6/2007 7:05:20 PM | Attr = ]
PIF → %SystemRoot%\PIF → [Folder | Modified Date = 9/22/2007 12:21:20 AM | Attr = H ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 10/6/2007 7:02:46 PM | Attr = ]
security → %SystemRoot%\security → [Folder | Modified Date = 10/4/2007 8:16:18 PM | Attr = ]
system32 → %System32% → [Folder | Modified Date = 10/8/2007 12:33:24 PM | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 10/6/2007 8:07:44 PM | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 10/8/2007 6:38:54 PM | Attr = ]
win.ini → %SystemRoot%\win.ini → [Ver = | Size = 630 bytes | Modified Date = 10/6/2007 7:16:20 PM | Attr = ]
At10.job → %SystemRoot%\tasks\At10.job → [Ver = | Size = 350 bytes | Modified Date = 9/28/2007 9:00:02 AM | Attr = ]
At11.job → %SystemRoot%\tasks\At11.job → [Ver = | Size = 350 bytes | Modified Date = 10/1/2007 10:00:02 AM | Attr = ]
At12.job → %SystemRoot%\tasks\At12.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 11:00:02 AM | Attr = ]
At13.job → %SystemRoot%\tasks\At13.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 12:00:02 PM | Attr = ]
At14.job → %SystemRoot%\tasks\At14.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 1:00:02 PM | Attr = ]
At15.job → %SystemRoot%\tasks\At15.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 2:00:02 PM | Attr = ]
At16.job → %SystemRoot%\tasks\At16.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 3:00:02 PM | Attr = ]
At17.job → %SystemRoot%\tasks\At17.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 4:00:02 PM | Attr = ]
At18.job → %SystemRoot%\tasks\At18.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 5:00:02 PM | Attr = ]
At19.job → %SystemRoot%\tasks\At19.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 6:00:02 PM | Attr = ]
At2.job → %SystemRoot%\tasks\At2.job → [Ver = | Size = 350 bytes | Modified Date = 10/8/2007 1:00:02 AM | Attr = ]
At20.job → %SystemRoot%\tasks\At20.job → [Ver = | Size = 350 bytes | Modified Date = 10/7/2007 7:00:02 PM | Attr = ]
At21.job → %SystemRoot%\tasks\At21.job → [Ver = | Size = 350 bytes | Modified Date = 10/7/2007 8:00:02 PM | Attr = ]
At22.job → %SystemRoot%\tasks\At22.job → [Ver = | Size = 350 bytes | Modified Date = 10/7/2007 9:00:02 PM | Attr = ]
At23.job → %SystemRoot%\tasks\At23.job → [Ver = | Size = 350 bytes | Modified Date = 10/7/2007 10:00:02 PM | Attr = ]
At24.job → %SystemRoot%\tasks\At24.job → [Ver = | Size = 350 bytes | Modified Date = 10/7/2007 11:00:02 PM | Attr = ]
At3.job → %SystemRoot%\tasks\At3.job → [Ver = | Size = 350 bytes | Modified Date = 9/22/2007 2:00:02 AM | Attr = ]
At4.job → %SystemRoot%\tasks\At4.job → [Ver = | Size = 350 bytes | Modified Date = 9/22/2007 3:00:02 AM | Attr = ]
At5.job → %SystemRoot%\tasks\At5.job → [Ver = | Size = 350 bytes | Modified Date = 9/20/2007 4:00:02 AM | Attr = ]
At6.job → %SystemRoot%\tasks\At6.job → [Ver = | Size = 350 bytes | Modified Date = 9/20/2007 5:00:02 AM | Attr = ]
At7.job → %SystemRoot%\tasks\At7.job → [Ver = | Size = 350 bytes | Modified Date = 9/20/2007 6:00:02 AM | Attr = ]
At8.job → %SystemRoot%\tasks\At8.job → [Ver = | Size = 350 bytes | Modified Date = 9/20/2007 7:00:02 AM | Attr = ]
At9.job → %SystemRoot%\tasks\At9.job → [Ver = | Size = 350 bytes | Modified Date = 9/28/2007 8:00:02 AM | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 10/8/2007 6:37:12 PM | Attr = H ]
bitcometres.dll → %System32%\bitcometres.dll → BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 9/23/2007 11:25:50 PM | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 10/7/2007 12:15:18 PM | Attr = ]
CONFIG.NT → %System32%\CONFIG.NT → [Ver = | Size = 2626 bytes | Modified Date = 9/15/2007 10:50:14 PM | Attr = ]
Dajuba.zip → %System32%\Dajuba.zip → [Ver = | Size = 0 bytes | Modified Date = 9/12/2007 4:35:06 PM | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 10/5/2007 8:31:14 AM | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 10/6/2007 7:36:04 PM | Attr = ]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 209696 bytes | Modified Date = 9/23/2007 10:22:08 AM | Attr = ]
npavinfo.dat → %System32%\npavinfo.dat → [Ver = | Size = 169 bytes | Modified Date = 10/1/2007 7:56:52 PM | Attr = ]
npconf.md5 → %System32%\npconf.md5 → [Ver = | Size = 238 bytes | Modified Date = 10/1/2007 7:56:48 PM | Attr = ]
npscanv.xml → %System32%\npscanv.xml → [Ver = | Size = 617 bytes | Modified Date = 10/1/2007 7:57:42 PM | Attr = ]
npzupdate.conf → %System32%\npzupdate.conf → [Ver = | Size = 305 bytes | Modified Date = 10/1/2007 7:55:48 PM | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 2206 bytes | Modified Date = 10/2/2007 10:04:38 AM | Attr = ]
xman.dll → %System32%\xman.dll → (c) Daum Communications. [Ver = 1, 2, 3, 3 | Size = 1467744 bytes | Modified Date = 9/18/2007 1:05:02 PM | Attr = ]
xmaninf.exe → %System32%\xmaninf.exe → [Ver = | Size = 193888 bytes | Modified Date = 9/18/2007 1:05:06 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
→ → File not found
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 6:25:42 PM | Attr = ]
Acrobat Assistant 8.0 → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe → Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 7:06:10 PM | Attr = ]
Jet Detection → %ProgramFiles%\Creative\SBLive\Program\ADGJDet.exe → [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Modified Date = 11/29/2001 1:00:00 AM | Attr = ]
SunJavaUpdateSched → %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
TkBellExe → %CommonProgramFiles%\Real\Update_OB\realsched.exe → RealNetworks, Inc. [Ver = 0.1.0.3959 | Size = 185896 bytes | Modified Date = 5/24/2007 12:08:42 PM | Attr = ]
WINDVDPatch → %System32%\CTHELPER.EXE → Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 7/2/2002 5:56:00 PM | Attr = ]
< Run [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
→ → File not found
BitComet → E:\Program Files\BitComet\BitComet.exe → www.BitComet.com [Ver = 0.93 | Size = 6338360 bytes | Modified Date = 9/10/2007 9:33:42 PM | Attr = ]
DrvMon.exe → %System32%\DrvMon.exe → Alcor Micro, Corp. [Ver = 1, 0, 0, 7 | Size = 53248 bytes | Modified Date = 6/15/2004 10:30:18 PM | Attr = ]
Start WingMan Profiler → %ProgramFiles%\Logitech\Profiler\LWEMon.exe → Logitech Inc. [Ver = 4.60.349 | Size = 73728 bytes | Modified Date = 4/18/2005 11:16:02 AM | Attr = ]
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk → %SystemRoot%\Installer{AC76BA86-1033-F400-7760-000000000003}_SC_Acrobat.exe → [Ver = | Size = 295606 bytes | Modified Date = 5/24/2007 11:13:58 AM | Attr = R ]
%AllUsersStartup%\Adobe Acrobat Synchronizer.lnk → %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe → [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
< User Startup > → C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup →
%UserStartup%\Adobe Gamma.lnk → %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe → Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ]
%UserStartup%\CaptureWiz.lnk → %ProgramFiles%\CaptureWiz\Pro\CaptureWiz.exe → PixelMetrics [Ver = 3.10.0.0 | Size = 2011168 bytes | Modified Date = 4/15/2007 3:48:04 PM | Attr = ]
%UserStartup%\MagicDisc.lnk → %ProgramFiles%\MagicDisc\MagicDisc.exe → [Ver = | Size = 534016 bytes | Modified Date = 9/26/2006 9:59:14 AM | Attr = ]
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 9:29:58 PM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] → %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL → SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP → File size too big (536416256 bytes) →
aspack , → %System32%\ALZALZ.BIN → [Ver = | Size = 63488 bytes | Modified Date = 8/30/2006 5:07:24 PM | Attr = ]
aspack , → %System32%\ALZZip.BIN → [Ver = | Size = 43008 bytes | Modified Date = 8/30/2006 5:07:24 PM | Attr = ]
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 9/6/2007 7:09:50 PM | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 9:00:00 PM | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 5/31/2007 3:44:56 PM | Attr = ]
Thawte Consulting , → %System32%\ICKHTTPS2.OCX → devSoft Inc. - www.dev-soft.com [Ver = 2.0.0.31 | Size = 100464 bytes | Modified Date = 5/21/2007 1:32:34 PM | Attr = ]
UPX! , UPX0 , → %System32%\mwace.dll → MW Graphics [Ver = 4.00.18 | Size = 56832 bytes | Modified Date = 5/14/2004 11:13:46 AM | Attr = ]
UPX! , UPX0 , → %System32%\mwdds.dll → MW Graphics [Ver = 4, 0, 0, 56 | Size = 104448 bytes | Modified Date = 6/17/2006 12:52:52 PM | Attr = ]
UPX! , UPX0 , → %System32%\mwgfx.dll → MW Graphics [Ver = 4.00.213 | Size = 183296 bytes | Modified Date = 6/17/2006 11:44:32 AM | Attr = ]
UPX! , UPX0 , → %System32%\mwgfx24.dll → MW Publishing [Ver = 4.00.55 | Size = 238080 bytes | Modified Date = 11/13/2005 1:28:44 AM | Attr = ]
Thawte Consulting , → %System32%\NaverBroker.exe → [Ver = 1, 0, 0, 1 | Size = 30488 bytes | Modified Date = 4/5/2007 10:56:46 AM | Attr = ]
Thawte Consulting , → %System32%\NaverFDL.exe → Dacom Multimedia Internet Corp. [Ver = 4, 0, 0, 66 | Size = 284440 bytes | Modified Date = 4/5/2007 10:56:42 AM | Attr = ]
Thawte Consulting , → %System32%\NaverFile.ocx → Dacom Multimedia Internet Corp. [Ver = 3, 6, 0, 22 | Size = 280344 bytes | Modified Date = 4/5/2007 10:56:38 AM | Attr = ]
KavSvc , → %System32%\npmonz.exe → INCA Internet Co., Ltd [Ver = 2007.6.26.1 | Size = 2000667 bytes | Modified Date = 6/27/2007 10:10:38 AM | Attr = ]
UPX! , UPX0 , Thawte Consulting , → %System32%\pandora_setup_mini.ocx → Pandora TV [Ver = 1.0.2.23 | Size = 272136 bytes | Modified Date = 8/26/2007 11:15:08 AM | Attr = ]
Thawte Consulting , → %System32%\rmoc3260.dll → RealNetworks, Inc. [Ver = 6.0.9.2764 | Size = 185952 bytes | Modified Date = 5/24/2007 12:08:56 PM | Attr = ]
Thawte Consulting , → %System32%\STAdminUAC.exe → SHOTECH Corp. [Ver = 1, 0, 0, 1 | Size = 38584 bytes | Modified Date = 3/6/2007 4:15:56 PM | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 9:00:00 PM | Attr = ]
WSUD , UPX0 , → %System32%\dllcache\hwxjpn.dll → [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 9:00:00 PM | Attr = ]
PTech , → %System32%\dllcache\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
PTech , → %System32%\drivers\mtlstrm.sys → Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 10:41:38 PM | Attr = ]
< End of report >
Thanks you so much.
By the way, any recommendation regarding the firewall?
Thanks again!
See http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php.
There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes.