C:\Program Files\Winamp\Skins\Winamp Modern\titlebar\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\window\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\xml\Desktop_.ini
C:\Program Files\Winamp\System\Desktop_.ini
C:\Program Files\WinRAR\Desktop_.ini
C:\Program Files\WinRAR\Formats\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\Program Files\Yahoo!\Desktop_.ini
C:\Program Files\Yahoo!\Common\Desktop_.ini
C:\Program Files\Yahoo!\Companion\Desktop_.ini
C:\Program Files\Yahoo!\Companion\Installs\Desktop_.ini
C:\Program Files\Yahoo!\Companion\Installs\cpn\Desktop_.ini
C:\Program Files\Yahoo!\Installs\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Maverick\Desktop_.ini
C:\RECYCLER\Desktop_.ini
C:\Temp\Desktop_.ini
C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style1\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style2\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\pages\index\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style3\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\pages\index\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style4\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style5\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style6\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style7\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style8\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\css\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\pages\image\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\pages\index\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\pages\thumbnail\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\AlbumGenerator\Styles\Style9\resources\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Effects\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Artistic\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Birthday\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Classic\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Contemporary\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Industrial\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Modern\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Nature\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Sports\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Urban\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\NTSC\Wedding\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Artistic\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Birthday\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Classic\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Contemporary\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Industrial\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Modern\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Nature\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Sports\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Urban\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Templates\PAL\Wedding\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Welcome\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\bin\Welcome\Graphics\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\LM\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\LM\Pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\LM\Products\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\QuickStart\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0.Pro\QuickStart\img\Desktop_.ini
((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))
2007-02-05 16:15 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-05 16:02 <DIR> d-------- C:\!KillBox
2007-02-05 10:27 <DIR> d-------- C:\SDFix
2007-02-01 16:16 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-01 16:16 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-02-01 16:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-02-01 16:16 <DIR> d-------- C:\DOCUME~1\user\Application Data\PC Tools
2007-02-01 16:14 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-29 14:56 1,035,688 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-25 17:41 <DIR> d-------- C:\DOCUME~1\user\Application Data\WinRAR
2007-01-24 18:40 <DIR> d-------- C:\DOCUME~1\user\Application Data\uTorrent
2007-01-24 09:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-01-24 09:53 <DIR> d-------- C:\Program Files\DAP
2007-01-24 08:44 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-01-24 08:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Lab
2007-01-24 08:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-24 08:33 <DIR> d-------- C:\kav
2007-01-23 11:56 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-23 11:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-01-23 11:32 <DIR> d-------- C:\Program Files\Spyware Nuker
2007-01-22 08:20 <DIR> d-------- C:\DOCUME~1\user\Application Data\FaxCtr
2007-01-19 16:06 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-01-19 16:06 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-01-19 16:06 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-01-19 16:06 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-01-19 16:06 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-01-19 16:06 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-01-19 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FaxCtr
2007-01-19 10:54 <DIR> d-------- C:\WINDOWS\system32\bak
2007-01-18 10:08 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-01-18 10:08 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2007-01-18 10:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Ahead
2007-01-18 10:04 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-01-08 15:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-01-08 15:25 <DIR> d-------- C:\Temp
2007-01-08 15:19 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-01-08 15:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-08 15:19 <DIR> d-------- C:\Program Files\Lexmark 4300 Series
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-05 16:13 -------- d-------- C:\Program Files\yahoo!
2007-02-05 16:13 -------- d-------- C:\Program Files\winamp
2007-02-05 16:13 -------- d-------- C:\Program Files\via
2007-02-05 16:13 -------- d-------- C:\Program Files\skype
2007-02-05 16:13 -------- d-------- C:\Program Files\s3
2007-02-05 16:13 -------- d-------- C:\Program Files\realtek sound manager
2007-02-05 16:13 -------- d-------- C:\Program Files\realtek ac97
2007-02-05 16:13 -------- d-------- C:\Program Files\real
2007-02-05 16:13 -------- d-------- C:\Program Files\online services
2007-02-05 16:13 -------- d-------- C:\Program Files\on-line help console
2007-02-05 16:12 -------- d-------- C:\Program Files\msn messenger
2007-02-05 16:12 -------- d-------- C:\Program Files\msn gaming zone
2007-02-05 16:12 -------- d-------- C:\Program Files\microsoft.net
2007-02-05 16:11 -------- d-------- C:\Program Files\microsoft activesync
2007-02-05 16:11 -------- d-------- C:\Program Files\lx_cats
2007-02-05 16:11 -------- d-------- C:\Program Files\keyboard driver
2007-02-05 16:11 -------- d-------- C:\Program Files\java
2007-02-05 16:11 -------- d-------- C:\Program Files\grisoft
2007-02-05 16:11 -------- d-------- C:\Program Files\divx
2007-02-05 16:10 -------- d-------- C:\Program Files\cyberlink
2007-02-05 16:10 -------- d-------- C:\Program Files\chinese star xp
2007-02-05 16:10 -------- d-------- C:\Program Files\bitcomet
2007-02-05 16:10 -------- d-------- C:\Program Files\avrack
2007-02-05 16:10 -------- d-------- C:\Program Files\ahead
2007-02-05 16:09 -------- d-------- C:\Program Files\acd systems
2007-02-01 16:16 -------- d-------- C:\Documents and Settings\user\Application Data\pc tools
2007-01-29 15:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-25 17:41 -------- d-------- C:\Documents and Settings\user\Application Data\winrar
2007-01-25 15:48 -------- d-------- C:\Documents and Settings\user\Application Data\utorrent
2007-01-24 10:04 -------- d-------- C:\Program Files\freerip
2007-01-24 09:45 -------- d---s---- C:\Documents and Settings\user\Application Data\microsoft
2007-01-24 09:04 17505 --a------ C:\DBI.EXE
2007-01-22 08:20 -------- d-------- C:\Documents and Settings\user\Application Data\faxctr
2007-01-19 11:24 38412 --a------ C:\WINDOWS\system32\nerocheck.exe
2006-12-26 14:19 -------- d-------- C:\Documents and Settings\user\Application Data\divx
2006-12-20 09:30 -------- dr-h----- C:\Documents and Settings\user\Application Data\yahoo!
2006-12-18 16:25 -------- d-------- C:\Documents and Settings\user\Application Data\sun
2006-12-18 16:09 -------- d-------- C:\Documents and Settings\user\Application Data\skype
2006-12-18 15:47 -------- d-------- C:\Documents and Settings\user\Application Data\macromedia
2006-12-18 11:55 -------- d-------- C:\Documents and Settings\user\Application Data\adobeum
2006-12-18 11:34 -------- d-------- C:\Documents and Settings\user\Application Data\adobe
2006-12-15 18:46 176167 --a------ C:\WINDOWS\system32\rmocx.dll
2006-12-15 18:35 -------- d-------- C:\Documents and Settings\user\Application Data\acd systems
2006-12-13 00:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-13 00:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-13 00:30 20640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-13 00:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-13 00:30 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-13 00:30 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-13 00:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-13 00:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-13 00:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-13 00:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-13 00:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-13 00:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-13 00:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-13 00:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-13 00:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-13 00:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-13 00:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-13 00:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-13 00:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-13 00:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-13 00:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SoundMan"="SOUNDMAN.EXE"
"LXCECATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCEtime.dll,_RunDLLEntry@16"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetect"
"hkey"="HKLM"
"command"="DevDetect.exe -autorun"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-05 16:18:25
Hijackthis Log:-Logfile of HijackThis v1.99.1
Scan saved at 4:20:03 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7DD4D29-1A67-4752-8327-0A9D7FC6F019}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Thanks!
Edited by victorywp, 05 February 2007 - 08:40 AM.
