I ran a boot scan and a problem was shown Goldrun ( I Think) But pressed 2 to delete and machine was frozen. Any ideas?
Goldrun is a rootkit if you wish I can help you get rid of it
- Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of HijackThis v1.99.1
Scan saved at 22:32:04, on 19/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {42B5EFFF-AFAE-4C77-BD62-AC1F38940340} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\myaapcax.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM..\Run: [PRISMSVR.EXE] “C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE” /APPLY
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM..\Run: [QuickTime Task] "C:\Program
Too many characters had to split
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [PrevxOne] “C:\Program Files\Prevx1\PXConsole.exe”
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\PROGRA~1\MICROS~4\wcescomm.exe”
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152538098733
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnli - C:\WINDOWS
O20 - Winlogon Notify: ssqopol - C:\WINDOWS
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
You are missing some of your log there should be more after the 09 entries, However I have enough to do an initial start, you are showing Virtumondo and purity so I will use combofix to clear that first
Download ComboFix from http://download.bleepingcomputer.com/sUBs/ComboFix.exe to your Desktop.
[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
OK I see the rest now but continue with combofix
“Dave” - 07-04-19 23:01:18 Service Pack 2
ComboFix 07-04-19.2V - Running from: C:\Documents and Settings\Dave\Desktop\
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\bpgalpop.dll
C:\WINDOWS\system32\bugykjiw.dll
C:\WINDOWS\system32\kpnvwgcc.dll
C:\WINDOWS\system32\pbeicihd.dll
C:\WINDOWS\system32\rrlyaoky.dll
C:\WINDOWS\system32\uqvfycea.dll
C:\WINDOWS\system32\vrraxfbe.dll
C:\WINDOWS\system32\xhcwhajf.dll
C:\WINDOWS\system32\yvbrovhu.dll
C:\WINDOWS\system32\myaapcax.dll
C:\WINDOWS\system32\ebfxarrv.ini
-
-
- POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files{90845~1
((((((((((((((((((((((((((((((( Files Created from 2007-03-19 to 2007-04-19 ))))))))))))))))))))))))))))))))))
2007-04-17 23:06 d-------- C:\DOCUME~1\Dave\APPLIC~1\Prevx
2007-04-17 23:05 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-04-17 23:04 77,312 --a------ C:\WINDOWS\ua2.dll
2007-04-17 22:26 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 22:26 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 22:26 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 22:25 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 22:25 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 22:25 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 22:25 712,832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 21:34 469,504 —hs---- C:\WINDOWS\system32\ilnmp.bak2
2007-04-17 20:01 d-------- C:\Program Files\Alwil Software
2007-04-16 21:34 459,924 —hs---- C:\WINDOWS\system32\ilnmp.bak1
2007-04-16 19:23 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-04-15 10:09 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-04-11 20:49 1,620,523 —hs---- C:\WINDOWS\system32\jxxlepkr.ini2
2007-04-09 18:03 d-------- C:\Program Files\InterActual
2007-04-06 19:16 d-------- C:\Program Files\RegCleaner
2007-04-06 19:11 d-------- C:\Program Files\Space Birdz
2007-04-06 19:06 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-06 19:03 d-------- C:\Program Files\Ubisoft
2007-04-06 18:51 d-------- C:\Program Files\Lavasoft
2007-04-05 19:42 d-------- C:\DOCUME~1\Dave\APPLIC~1\NCH Swift Sound
2007-04-05 19:41 d-------- C:\Program Files\NCH Swift Sound
2007-03-30 21:42 d-------- C:\Program Files\Windows Live Toolbar
2007-03-30 21:42 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-03-30 20:47 d-------- C:\DOCUME~1\Dave\APPLIC~1\MSNInstaller
2007-03-30 20:33 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-27 17:06 d-------- C:\Program Files\iTunes
2007-03-27 17:06 d-------- C:\Program Files\iPod
2007-03-26 20:26 d-------- C:\Program Files\Windows Journal Viewer
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-10 16:00 -------- d-------- C:\Program Files\steam
2007-04-06 19:03 -------- d–h----- C:\Program Files\installshield installation information
2007-04-05 12:22 -------- d-------- C:\Program Files\google
2007-03-31 07:23 -------- d—s---- C:\Program Files\xfire
2007-03-30 22:23 -------- d-------- C:\DOCUME~1\Dave\APPLIC~1\xfire
2007-03-30 21:41 -------- d-------- C:\Program Files\msn messenger
2007-03-27 16:20 -------- d-------- C:\Program Files\windows live safety center
2007-03-25 12:02 -------- d-------- C:\Program Files\java
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-14 16:34 -------- d-------- C:\Program Files\sony ericsson
2007-03-14 09:03 127034 -r------- C:\WINDOWS\bwunin-8.1.1.50-8876480sl.exe
2007-03-13 18:06 -------- d-------- C:\Program Files\quicktime
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 23:05 -------- d-------- C:\Program Files\cloudbrain
2007-03-05 17:55 -------- d-------- C:\Program Files\windows media connect 2
2007-03-01 18:06 -------- d-------- C:\DOCUME~1\Dave\APPLIC~1\google
2007-02-24 21:53 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-21 22:31 -------- d-------- C:\Program Files\wolfenstein - enemy territory
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-01 17:35 792 --a------ C:\DOCUME~1\Dave\APPLIC~1\wklnhst.dat
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
Note empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe”
“Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE”
“SunJavaUpdateSched”=“"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"”
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe”
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup”
“nwiz”=“nwiz.exe /install”
“HDAudDeck”=“C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1”
“PRISMSVR.EXE”=“"C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY”
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe”
“HP Component Manager”=“"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"”
“HP Software Update”=“"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"”
“LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE”
“LogitechVideoRepair”=“C:\Program Files\Logitech\Video\ISStart.exe "
“LogitechVideoTray”=“C:\Program Files\Logitech\Video\LogiTray.exe”
@=”"
“Sony Ericsson PC Suite”=“"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions”
“Adobe Photo Downloader”=“"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"”
“QuickTime Task”=“"C:\Program Files\QuickTime\qttask.exe" -atboottime”
“iTunesHelper”=“"C:\Program Files\iTunes\iTunesHelper.exe"”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”
“PrevxOne”=“"C:\Program Files\Prevx1\PXConsole.exe"”
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
“H/PC Connection Agent”=“"C:\PROGRA~1\MICROS~4\wcescomm.exe"”
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”
“LogitechSoftwareUpdate”=“"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe”
“Steam”=“”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,
6d,73,73,74,79,6c,65,73,00
“InstallTheme”=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqopol
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
Contents of the ‘Scheduled Tasks’ folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes …
scanning hidden services …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1???
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Completion time: 07-04-19 23:06:35
C:\ComboFix-quarantined-files.txt … 07-04-19 23:06
Logfile of HijackThis v1.99.1
Scan saved at 23:11:22, on 19/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {42B5EFFF-AFAE-4C77-BD62-AC1F38940340} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM..\Run: [PRISMSVR.EXE] “C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE” /APPLY
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [PrevxOne] “C:\Program Files\Prevx1\PXConsole.exe”
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\PROGRA~1\MICROS~4\wcescomm.exe”
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152538098733
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnli - C:\WINDOWS
O20 - Winlogon Notify: ssqopol - C:\WINDOWS
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Getting there
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]
O2 - BHO: (no name) - {42B5EFFF-AFAE-4C77-BD62-AC1F38940340} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\myaapcax.dll
O20 - Winlogon Notify: pmnli - C:\WINDOWS
O20 - Winlogon Notify: ssqopol - C:\WINDOWS\
[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\lfpsd13n.dll
C:\WINDOWS\system32\jxxlepkr.ini2
C:\WINDOWS\ua2.dll
C:\WINDOWS\system32\myaapcax.dll
Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now to check for remaining files
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
After move it
C:\WINDOWS\system32\ilnmp.bak2 moved successfully.
C:\WINDOWS\system32\ilnmp.bak1 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lfpsd13n.dll
C:\WINDOWS\system32\lfpsd13n.dll NOT unregistered.
C:\WINDOWS\system32\lfpsd13n.dll moved successfully.
C:\WINDOWS\system32\jxxlepkr.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\ua2.dll
C:\WINDOWS\ua2.dll NOT unregistered.
C:\WINDOWS\ua2.dll moved successfully.
File/Folder C:\WINDOWS\system32\myaapcax.dll not found.
Created on 04/19/2007 23:39:56
Logfile of HijackThis v1.99.1
Scan saved at 23:41:21, on 19/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Dave\Desktop\OTMoveIt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM..\Run: [PRISMSVR.EXE] “C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE” /APPLY
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [PrevxOne] “C:\Program Files\Prevx1\PXConsole.exe”
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\PROGRA~1\MICROS~4\wcescomm.exe”
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152538098733
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
WinPFind3 logfile created on: 19/04/2007 23:43:58
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Dave\Desktop\WinPFind3u
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1022.42 Mb Total Physical Memory | 540.32 Mb Available Physical Memory | 52.85% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.54 Gb Total Space | 180.79 Gb Free Space | 79.45% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: YOUR-62C93FF897
Current User Name: Dave
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
apdproxy.exe → %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe → Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 07/06/2005 00:46:24 | Attr = ]
ashdisp.exe → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 75392 bytes | Modified Date = 14/04/2007 08:48:28 | Attr = ]
ashmaisv.exe → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 243328 bytes | Modified Date = 14/04/2007 08:48:04 | Attr = ]
ashserv.exe → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 132736 bytes | Modified Date = 14/04/2007 08:48:22 | Attr = ]
ashwebsv.exe → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 345728 bytes | Modified Date = 14/04/2007 08:47:18 | Attr = ]
aswupdsv.exe → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 951, 0 | Size = 16512 bytes | Modified Date = 14/04/2007 08:37:44 | Attr = ]
fxsvr2.exe → %ProgramFiles%\Logitech\Video\FxSvr2.exe → Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 18/01/2005 18:08:36 | Attr = ]
hdeck.exe → %ProgramFiles%\VIAudioi\HDADeck\HDeck.exe → VIA Technologies, Inc. [Ver = 1, 4, 3, 0 | Size = 684032 bytes | Modified Date = 17/07/2006 15:36:18 | Attr = ]
hpcmpmgr.exe → %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe → Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 08:38:42 | Attr = ]
hpwuschd2.exe → %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe → Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 18/02/2004 18:55:28 | Attr = ]
hpztsb10.exe → %System32%\spool\drivers\w32x86\3\hpztsb10.exe → HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 04/03/2004 15:46:24 | Attr = ]
ipodservice.exe → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
jusched.exe → %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 03:23:28 | Attr = ]
logitechdesktopmessenger.exe → %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe → Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 14/03/2007 15:51:08 | Attr = ]
logitray.exe → %ProgramFiles%\Logitech\Video\LogiTray.exe → Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 18:37:30 | Attr = ]
lvcomsx.exe → %System32%\LVCOMSX.EXE → Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 12:52:32 | Attr = ]
mdnsresponder.exe → %ProgramFiles%\Bonjour\mDNSResponder.exe → Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 13:42:38 | Attr = ]
nvsvc32.exe → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.8466 | Size = 143426 bytes | Modified Date = 28/04/2006 00:47:00 | Attr = ]
prismsvr.exe → %ProgramFiles%\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe → Conexant Systems, Inc. [Ver = 1.01.24 | Size = 295001 bytes | Modified Date = 02/07/2004 16:27:26 | Attr = ]
pxagent.exe → %ProgramFiles%\Prevx1\PXAgent.exe → Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 27/03/2007 11:17:20 | Attr = ]
pxconsole.exe → %ProgramFiles%\Prevx1\PXConsole.exe → Prevx [Ver = 1.0.0.1 | Size = 1548288 bytes | Modified Date = 27/03/2007 11:16:46 | Attr = ]
qttask.exe → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
st121g.exe → %ProgramFiles%\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe → [Ver = 1.0.1.15 | Size = 303104 bytes | Modified Date = 23/09/2004 18:36:28 | Attr = ]
winpfind3u.exe → %UserDesktop%\WinPFind3u\WinPFind3U.exe → OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 10/04/2007 22:00:18 | Attr = ]
x10nets.exe → %CommonProgramFiles%\X10\Common\X10nets.exe → X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 12/11/2001 13:31:48 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe → Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 26/11/2006 14:18:06 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe → ALWIL Software [Ver = 4, 7, 951, 0 | Size = 16512 bytes | Modified Date = 14/04/2007 08:37:44 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] → %ProgramFiles%\Alwil Software\Avast4\ashServ.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 132736 bytes | Modified Date = 14/04/2007 08:48:22 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 243328 bytes | Modified Date = 14/04/2007 08:48:04 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] → %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 345728 bytes | Modified Date = 14/04/2007 08:47:18 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] → %ProgramFiles%\Bonjour\mDNSResponder.exe → Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 13:42:38 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] → %System32%\dmadmin.exe → Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe → Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 03/02/2007 11:41:30 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] → %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe → Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] → %ProgramFiles%\iPod\bin\iPodService.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] → %System32%\nvsvc32.exe → NVIDIA Corporation [Ver = 6.14.10.8466 | Size = 143426 bytes | Modified Date = 28/04/2006 00:47:00 | Attr = ]
(PREVXAgent) Prevx Agent [Win32_Own | Auto | Running] → %ProgramFiles%\Prevx1\PXAgent.exe → Prevx [Ver = 2.0.12.1 | Size = 139264 bytes | Modified Date = 27/03/2007 11:17:20 | Attr = ]
(x10nets) X10 Device Network Service [Win32_Own | Auto | Running] → %CommonProgramFiles%\X10\Common\X10nets.exe → X10 [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 12/11/2001 13:31:48 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
→ → File not found
Adobe Photo Downloader → %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe → Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 07/06/2005 00:46:24 | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 75392 bytes | Modified Date = 14/04/2007 08:48:28 | Attr = ]
HDAudDeck → %ProgramFiles%\VIAudioi\HDADeck\HDeck.exe → VIA Technologies, Inc. [Ver = 1, 4, 3, 0 | Size = 684032 bytes | Modified Date = 17/07/2006 15:36:18 | Attr = ]
HP Component Manager → %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe → Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 08:38:42 | Attr = ]
HP Software Update → %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe → Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 18/02/2004 18:55:28 | Attr = ]
HPDJ Taskbar Utility → %System32%\spool\drivers\w32x86\3\hpztsb10.exe → HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 04/03/2004 15:46:24 | Attr = ]
iTunesHelper → %ProgramFiles%\iTunes\iTunesHelper.exe → Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
LogitechVideoRepair → %ProgramFiles%\Logitech\Video\ISStart.exe → Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 18/01/2005 18:47:30 | Attr = ]
LogitechVideoTray → %ProgramFiles%\Logitech\Video\LogiTray.exe → Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 18:37:30 | Attr = ]
LVCOMSX → %System32%\LVCOMSX.EXE → Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 12:52:32 | Attr = ]
NeroFilterCheck → %System32%\NeroCheck.exe → Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 11:50:42 | Attr = ]
NvCplDaemon → %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] → NVIDIA Corporation [Ver = 6.14.10.8466 | Size = 7573504 bytes | Modified Date = 28/04/2006 00:47:00 | Attr = ]
nwiz → %System32%\nwiz.exe → [Ver = | Size = 1519616 bytes | Modified Date = 28/04/2006 00:47:00 | Attr = ]
PrevxOne → %ProgramFiles%\Prevx1\PXConsole.exe → Prevx [Ver = 1.0.0.1 | Size = 1548288 bytes | Modified Date = 27/03/2007 11:16:46 | Attr = ]
PRISMSVR.EXE → %ProgramFiles%\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe → Conexant Systems, Inc. [Ver = 1.01.24 | Size = 295001 bytes | Modified Date = 02/07/2004 16:27:26 | Attr = ]
QuickTime Task → %ProgramFiles%\QuickTime\qttask.exe → Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 11:54:04 | Attr = ]
Recguard → %SystemRoot%\SMINST\Recguard.exe → [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 13/09/2002 14:42:26 | Attr = ]
Sony Ericsson PC Suite → %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe → Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 18:17:24 | Attr = R ]
SunJavaUpdateSched → %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 03:23:28 | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Run [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LDM → %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe → Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 14/03/2007 15:51:08 | Attr = ]
LogitechSoftwareUpdate → %ProgramFiles%\Logitech\Video\ManifestEngine.exe → Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 18:07:54 | Attr = ]
Steam → → File not found
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk → %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe → Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]
%AllUsersStartup%\Logitech Desktop Messenger.lnk → %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe → Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 14/03/2007 15:51:08 | Attr = ]
%AllUsersStartup%\SpeedTouch 121g Wireless USB Monitor.lnk → %ProgramFiles%\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe → [Ver = 1.0.1.15 | Size = 303104 bytes | Modified Date = 23/09/2004 18:36:28 | Attr = ]
< User Startup > → C:\Documents and Settings\Dave\Start Menu\Programs\Startup
%UserStartup%\Adobe Gamma.lnk → %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe → Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 20:16:50 | Attr = ]
< SSODL [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] → Reg Data - Key not found [CDBurn] → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (734 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost → →
< Internet Explorer Settings > →
HKLM: Default_Page_URL → http://go.microsoft.com/fwlink/?LinkId=69157 →
HKLM: Main\Default_Search_URL → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://go.microsoft.com/fwlink/?LinkId=54896 →
HKLM: Start Page → about:blank →
HKLM: CustomizeSearch → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm →
HKLM: SearchAssistant → http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm →
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch →
HKCU: Start Page → http://www.orange.co.uk/ →
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → localhost;*.local →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] → Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] → %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll → Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} [HKLM] → %AllUsersAppData%\Prevx\pxbho.dll [URLDetector Class] → Prevx Ltd. [Ver = 1.0.0.3 | Size = 90112 bytes | Modified Date = 10/01/2006 12:09:54 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] → %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] → Reg Data - Key not found [Reg Data - Key not found] → File not found
< Internet Explorer Extensions [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] → %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 03:23:26 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] → %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} → Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] → File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] → Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] → File not found
< Internet Explorer Menu Extensions [HKCU] > → HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
Add to AMV Convert Tool… → %ProgramFiles%\MP3 Player Utilities 3.74\AMVConverter\grab.htm → File not found
Add to Windows &Live Favorites → http:\favorites.live.com\quickadd.asp → File not found
MediaManager tool grab multimedia file → %ProgramFiles%\MP3 Player Utilities 3.74\MediaManager\grab.htm → File not found
< DNS Name Servers [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters
{2CB9EDCE-DCA5-4D39-BBD0-7079D872B3A7} → (Windows Mobile-based Device) →
{31EF8F98-25B8-4E30-8649-5467D67D9CAB} → () →
{3B5B4465-9378-416F-BDAF-67C6A2CA340F} → (Windows Mobile-based Device) →
{61A2D5FB-973A-4877-8914-A6147AA00DFD} → (VIA Compatable Fast Ethernet Adapter) →
{90EB2CBD-2951-469A-895F-6E68A4DF39DD} → (1394 Net Adapter) →
{9CDDC518-C244-449F-A856-4DC56CD31995} → (Windows Mobile-based Device) →
{CB6E166C-0905-4F7C-B45E-5873ABFB6DDC} → (SpeedTouch 121g Wireless USB Adapter) →
< Winsock2 Catalogs [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] → %ProgramFiles%\Bonjour\mdnsNSP.dll → Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 13:42:30 | Attr = ]
< Protocol Handlers [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler
bwfile-8876480 → %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll → Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 14/03/2007 15:51:08 | Attr = ]
cetihpz → %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll → Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 22/12/2003 08:38:40 | Attr = ]
ipp → Reg Data - Key not found → File not found
msdaipp → Reg Data - Key not found → File not found
< Downloaded Program Files > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units
{00B71CFB-6864-4346-A978-C0A14556272C} → Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab →
{02BCC737-B171-4746-94C9-0D8A0B2C0089} → Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab →
{166B1BCA-3F9C-11CF-8075-444553540000} → Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab →
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} → FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab →
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} → MSN Photo Upload Tool - CodeBase = http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab →
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} → MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152538098733 →
{8AD9C840-044E-11D1-B3E9-00805F499D93} → Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab →
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} → MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab →
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} → VideoEgg ActiveX Loader - CodeBase = http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe →
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} → Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab →
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} → Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab →
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} → Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab →
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} → Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab →
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} → Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab →
{D27CDB6E-AE6D-11CF-96B8-444553540000} → - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab →
[Files/Folders - Created Within 30 days]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Created Date = 30/03/2007 19:47:56 | Attr = HS]
QooBox → %SystemDrive%\QooBox → [Folder | Created Date = 19/04/2007 22:05:25 | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Created Date = 19/04/2007 22:39:55 | Attr = ]
$NtUninstallKB925902$ → %SystemRoot%$NtUninstallKB925902$ → [Folder | Created Date = 04/04/2007 10:24:20 | Attr = H ]
$NtUninstallKB930178$ → %SystemRoot%$NtUninstallKB930178$ → [Folder | Created Date = 11/04/2007 08:25:07 | Attr = H ]
$NtUninstallKB931261$ → %SystemRoot%$NtUninstallKB931261$ → [Folder | Created Date = 11/04/2007 08:25:15 | Attr = H ]
$NtUninstallKB931784$ → %SystemRoot%$NtUninstallKB931784$ → [Folder | Created Date = 11/04/2007 08:25:26 | Attr = H ]
$NtUninstallKB932168$ → %SystemRoot%$NtUninstallKB932168$ → [Folder | Created Date = 11/04/2007 08:24:55 | Attr = H ]
iPlayer.INI → %SystemRoot%\iPlayer.INI → [Ver = | Size = 0 bytes | Created Date = 09/04/2007 17:15:45 | Attr = ]
actskin4.ocx → %System32%\actskin4.ocx → [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 17/04/2007 21:25:48 | Attr = ]
aswBoot.exe → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 712832 bytes | Created Date = 17/04/2007 21:25:48 | Attr = ]
AVASTSS.scr → %System32%\AVASTSS.scr → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 90112 bytes | Created Date = 17/04/2007 21:25:48 | Attr = ]
ilnmp.ini → %System32%\ilnmp.ini → [Ver = | Size = 465010 bytes | Created Date = 16/04/2007 20:34:15 | Attr = HS]
java.exe → %System32%\java.exe → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 25/03/2007 11:02:04 | Attr = ]
javaw.exe → %System32%\javaw.exe → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 25/03/2007 11:02:04 | Attr = ]
javaws.exe → %System32%\javaws.exe → Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 25/03/2007 11:02:04 | Attr = ]
jxxlepkr.ini → %System32%\jxxlepkr.ini → [Ver = | Size = 1653717 bytes | Created Date = 04/04/2007 16:33:49 | Attr = HS]
jxxlepkr.tmp → %System32%\jxxlepkr.tmp → [Ver = | Size = 1653726 bytes | Created Date = 11/04/2007 19:49:35 | Attr = HS]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 143 bytes | Created Date = 05/04/2007 10:51:05 | Attr = ]
pxinst.dll → %System32%\pxinst.dll → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 7680 bytes | Created Date = 17/04/2007 22:05:59 | Attr = ]
aavmker4.sys → %System32%\drivers\aavmker4.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 26888 bytes | Created Date = 17/04/2007 21:26:03 | Attr = ]
aswmon.sys → %System32%\drivers\aswmon.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 85952 bytes | Created Date = 17/04/2007 21:25:53 | Attr = ]
aswmon2.sys → %System32%\drivers\aswmon2.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 94552 bytes | Created Date = 17/04/2007 21:25:53 | Attr = ]
aswRdr.sys → %System32%\drivers\aswRdr.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 23416 bytes | Created Date = 17/04/2007 21:26:04 | Attr = ]
aswTdi.sys → %System32%\drivers\aswTdi.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 43176 bytes | Created Date = 17/04/2007 21:26:04 | Attr = ]
pxcom.sys → %System32%\drivers\pxcom.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 8192 bytes | Created Date = 17/04/2007 22:05:57 | Attr = ]
PxEmu.sys → %System32%\drivers\PxEmu.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 101120 bytes | Created Date = 17/04/2007 22:06:00 | Attr = ]
pxfsf.sys → %System32%\drivers\pxfsf.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 290816 bytes | Created Date = 17/04/2007 22:05:58 | Attr = ]
PxRD.sys → %System32%\drivers\PxRD.sys → [Ver = | Size = 13952 bytes | Created Date = 17/04/2007 22:04:59 | Attr = ]
pxtdi.sys → %System32%\drivers\pxtdi.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 19200 bytes | Created Date = 17/04/2007 22:05:58 | Attr = ]
[Files/Folders - Modified Within 30 days]
Config.Msi → %SystemDrive%\Config.Msi → [Folder | Modified Date = 13/04/2007 10:45:50 | Attr = HS]
hiberfil.sys → %SystemDrive%\hiberfil.sys → [Ver = | Size = 1072156672 bytes | Modified Date = 19/04/2007 21:54:02 | Attr = HS]
Program Files → %ProgramFiles% → [Folder | Modified Date = 19/04/2007 22:31:30 | Attr = R ]
QooBox → %SystemDrive%\QooBox → [Folder | Modified Date = 19/04/2007 23:05:26 | Attr = ]
WINDOWS → %SystemRoot% → [Folder | Modified Date = 19/04/2007 23:39:58 | Attr = ]
_OTMoveIt → %SystemDrive%_OTMoveIt → [Folder | Modified Date = 19/04/2007 23:39:56 | Attr = ]
$hf_mig$ → %SystemRoot%$hf_mig$ → [Folder | Modified Date = 11/04/2007 09:22:42 | Attr = H ]
$NtUninstallKB925902$ → %SystemRoot%$NtUninstallKB925902$ → [Folder | Modified Date = 04/04/2007 11:24:22 | Attr = H ]
$NtUninstallKB930178$ → %SystemRoot%$NtUninstallKB930178$ → [Folder | Modified Date = 11/04/2007 09:25:10 | Attr = H ]
$NtUninstallKB931261$ → %SystemRoot%$NtUninstallKB931261$ → [Folder | Modified Date = 11/04/2007 09:25:18 | Attr = H ]
$NtUninstallKB931784$ → %SystemRoot%$NtUninstallKB931784$ → [Folder | Modified Date = 11/04/2007 09:25:28 | Attr = H ]
$NtUninstallKB932168$ → %SystemRoot%$NtUninstallKB932168$ → [Folder | Modified Date = 11/04/2007 09:24:58 | Attr = H ]
assembly → %SystemRoot%\assembly → [Folder | Modified Date = 06/04/2007 19:06:28 | Attr = R S]
bootstat.dat → %SystemRoot%\bootstat.dat → [Ver = | Size = 2048 bytes | Modified Date = 19/04/2007 21:54:06 | Attr = S]
Fonts → %SystemRoot%\Fonts → [Folder | Modified Date = 31/03/2007 22:53:20 | Attr = R S]
Help → %SystemRoot%\Help → [Folder | Modified Date = 26/03/2007 20:26:10 | Attr = ]
imsins.BAK → %SystemRoot%\imsins.BAK → [Ver = | Size = 1374 bytes | Modified Date = 11/04/2007 09:25:22 | Attr = ]
inf → %SystemRoot%\inf → [Folder | Modified Date = 17/04/2007 23:06:02 | Attr = H ]
Installer → %SystemRoot%\Installer → [Folder | Modified Date = 13/04/2007 10:45:56 | Attr = HS]
iPlayer.INI → %SystemRoot%\iPlayer.INI → [Ver = | Size = 0 bytes | Modified Date = 09/04/2007 18:15:46 | Attr = ]
Microsoft.NET → %SystemRoot%\Microsoft.NET → [Folder | Modified Date = 26/03/2007 22:12:10 | Attr = ]
Minidump → %SystemRoot%\Minidump → [Folder | Modified Date = 12/04/2007 10:33:34 | Attr = ]
msagent → %SystemRoot%\msagent → [Folder | Modified Date = 11/04/2007 11:31:50 | Attr = ]
NeroDigital.ini → %SystemRoot%\NeroDigital.ini → [Ver = | Size = 116 bytes | Modified Date = 21/03/2007 17:02:04 | Attr = ]
Prefetch → %SystemRoot%\Prefetch → [Folder | Modified Date = 19/04/2007 23:43:40 | Attr = ]
Registration → %SystemRoot%\Registration → [Folder | Modified Date = 19/04/2007 21:55:36 | Attr = ]
system → %SystemRoot%\system → [Folder | Modified Date = 17/04/2007 19:57:40 | Attr = ]
system32 → %System32% → [Folder | Modified Date = 19/04/2007 23:39:58 | Attr = ]
Tasks → %SystemRoot%\Tasks → [Folder | Modified Date = 05/04/2007 12:18:36 | Attr = S]
Temp → %SystemRoot%\Temp → [Folder | Modified Date = 19/04/2007 23:07:30 | Attr = ]
WinSxS → %SystemRoot%\WinSxS → [Folder | Modified Date = 26/03/2007 20:21:06 | Attr = ]
AppleSoftwareUpdate.job → %SystemRoot%\tasks\AppleSoftwareUpdate.job → [Ver = | Size = 284 bytes | Modified Date = 17/04/2007 17:03:02 | Attr = ]
SA.DAT → %SystemRoot%\tasks\SA.DAT → [Ver = | Size = 6 bytes | Modified Date = 19/04/2007 21:54:20 | Attr = H ]
aswBoot.exe → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 712832 bytes | Modified Date = 10/04/2007 12:18:32 | Attr = ]
AVASTSS.scr → %System32%\AVASTSS.scr → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 90112 bytes | Modified Date = 14/04/2007 08:42:44 | Attr = ]
CatRoot → %System32%\CatRoot → [Folder | Modified Date = 23/03/2007 09:21:18 | Attr = ]
CatRoot2 → %System32%\CatRoot2 → [Folder | Modified Date = 19/04/2007 21:55:40 | Attr = ]
config → %System32%\config → [Folder | Modified Date = 17/04/2007 20:35:16 | Attr = ]
CONFIG.NT → %System32%\CONFIG.NT → [Ver = | Size = 2626 bytes | Modified Date = 17/04/2007 23:11:48 | Attr = ]
DirectX → %System32%\DirectX → [Folder | Modified Date = 06/04/2007 19:06:30 | Attr = ]
dllcache → %System32%\dllcache → [Folder | Modified Date = 11/04/2007 11:31:50 | Attr = RHS]
drivers → %System32%\drivers → [Folder | Modified Date = 19/04/2007 23:01:24 | Attr = ]
DRVSTORE → %System32%\DRVSTORE → [Folder | Modified Date = 30/03/2007 21:41:28 | Attr = ]
FNTCACHE.DAT → %System32%\FNTCACHE.DAT → [Ver = | Size = 1526312 bytes | Modified Date = 04/04/2007 17:28:04 | Attr = ]
ilnmp.ini → %System32%\ilnmp.ini → [Ver = | Size = 465010 bytes | Modified Date = 17/04/2007 23:19:46 | Attr = HS]
jxxlepkr.ini → %System32%\jxxlepkr.ini → [Ver = | Size = 1653717 bytes | Modified Date = 11/04/2007 20:45:40 | Attr = HS]
jxxlepkr.tmp → %System32%\jxxlepkr.tmp → [Ver = | Size = 1653726 bytes | Modified Date = 11/04/2007 20:49:36 | Attr = HS]
mcrh.tmp → %System32%\mcrh.tmp → [Ver = | Size = 143 bytes | Modified Date = 17/04/2007 16:19:20 | Attr = ]
nvapps.xml → %System32%\nvapps.xml → [Ver = | Size = 51048 bytes | Modified Date = 19/04/2007 21:55:02 | Attr = ]
perfc009.dat → %System32%\perfc009.dat → [Ver = | Size = 63132 bytes | Modified Date = 03/04/2007 10:04:36 | Attr = ]
perfh009.dat → %System32%\perfh009.dat → [Ver = | Size = 402714 bytes | Modified Date = 03/04/2007 10:04:36 | Attr = ]
PerfStringBackup.INI → %System32%\PerfStringBackup.INI → [Ver = | Size = 473400 bytes | Modified Date = 03/04/2007 10:04:34 | Attr = ]
pxinst.dll → %System32%\pxinst.dll → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 7680 bytes | Modified Date = 26/03/2007 16:23:02 | Attr = ]
wpa.dbl → %System32%\wpa.dbl → [Ver = | Size = 1158 bytes | Modified Date = 19/04/2007 21:55:36 | Attr = ]
aavmker4.sys → %System32%\drivers\aavmker4.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 26888 bytes | Modified Date = 14/04/2007 08:43:32 | Attr = ]
aswmon.sys → %System32%\drivers\aswmon.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 85952 bytes | Modified Date = 14/04/2007 08:47:46 | Attr = ]
aswmon2.sys → %System32%\drivers\aswmon2.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 94552 bytes | Modified Date = 14/04/2007 08:47:32 | Attr = ]
aswRdr.sys → %System32%\drivers\aswRdr.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 23416 bytes | Modified Date = 14/04/2007 08:45:36 | Attr = ]
aswTdi.sys → %System32%\drivers\aswTdi.sys → ALWIL Software [Ver = 4.7.981.0 | Size = 43176 bytes | Modified Date = 14/04/2007 08:44:52 | Attr = ]
etc → %System32%\drivers\etc → [Folder | Modified Date = 06/04/2007 18:58:22 | Attr = ]
pxcom.sys → %System32%\drivers\pxcom.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 8192 bytes | Modified Date = 26/03/2007 16:22:58 | Attr = ]
PxEmu.sys → %System32%\drivers\PxEmu.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 101120 bytes | Modified Date = 26/03/2007 16:23:02 | Attr = ]
pxfsf.sys → %System32%\drivers\pxfsf.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 290816 bytes | Modified Date = 26/03/2007 16:22:58 | Attr = ]
pxtdi.sys → %System32%\drivers\pxtdi.sys → Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8363 built by: WinDDK | Size = 19200 bytes | Modified Date = 26/03/2007 16:23:00 | Attr = ]
[File String Scan - Non-Microsoft Only]
Umonitor , → %SystemRoot%\pxinstall_log.txt → [Ver = | Size = 309094 bytes | Modified Date = 17/04/2007 23:07:24 | Attr = ]
UPX! , UPX0 , → %System32%\aswBoot.exe → ALWIL Software [Ver = 4, 7, 981, 0 | Size = 712832 bytes | Modified Date = 10/04/2007 12:18:32 | Attr = ]
PEC2 , → %System32%\dfrg.msc → [Ver = | Size = 41397 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
PEC2 , PECompact2 , → %System32%\DivX.dll → DivXNetworks [Ver = 6,0,0,1571 | Size = 692736 bytes | Modified Date = 02/09/2005 00:39:44 | Attr = ]
Thawte Consulting , → %System32%\mfimgvwr.ocx → MyFamily.com, Inc. [Ver = 2.0.0.1 | Size = 181752 bytes | Modified Date = 09/04/2005 10:44:18 | Attr = ]
PEC2 , → %System32%\oembios.bin → [Ver = | Size = 13107200 bytes | Modified Date = 11/09/2001 00:15:36 | Attr = ]
Thawte Consulting , → %System32%\SmartUI2.ocx → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.6553 | Size = 870152 bytes | Modified Date = 15/03/2007 12:22:38 | Attr = ]
winsync , → %System32%\wbdbase.deu → [Ver = | Size = 1309184 bytes | Modified Date = 10/08/2004 20:00:00 | Attr = ]
Thawte Consulting , → %System32%\XceedCry.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.6461.0 | Size = 526184 bytes | Modified Date = 15/03/2007 12:19:58 | Attr = ]
Thawte Consulting , → %System32%\XceedZip.dll → Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 6.0.6621.0 | Size = 497496 bytes | Modified Date = 15/03/2007 12:23:16 | Attr = ]
PEC2 , → %System32%\dllcache\oembios.bin → [Ver = | Size = 13107200 bytes | Modified Date = 11/09/2001 00:15:36 | Attr = ]
PEC2 , → %System32%\drivers\VcommMgr.sys → IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 25/03/2005 18:18:48 | Attr = ]
< End of report >
Got it running an anlysis now