Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
13 replies to this topic

#1 PrittStick

PrittStick

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 06 January 2008 - 12:23 PM

Hey, I'm back again :blink:

My PC has some spyware/malware I think and I was just wondering whether you could give my HJT log a quick once over.

Thanks a lot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:27, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\avp .exe
C:\WINDOWS\lsass .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU .exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1 .EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy .exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ben\LOCALS~1\Temp\agentmon.exe
C:\DOCUME~1\ben\LOCALS~1\Temp\3232.exe
C:\DOCUME~1\ben\LOCALS~1\Temp\64win.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass .exe
C:\Documents and Settings\ben\Local Settings\Temporary Internet Files\Content.IE5\HNX066LI\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\xxyxywt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper9.dll
O4 - HKLM\..\Run: [AVP] C:\WINDOWS\avp .exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe /auto
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwim.dll,startup
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165078554578
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyxywt - C:\WINDOWS\SYSTEM32\xxyxywt.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9245 bytes





THANKS :thumbsup:

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 13 January 2008 - 05:54 PM

Hello PrittStick and welcome to the BC HijackThis forum. This machine is a mess lol. Let me start by asking this: How come there is no anti-virus installed on this machine?

Now, let's see hat else is hiding in there. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Processes section click on All.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Disabled MS Config Items
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 14 January 2008 - 12:27 PM

Hey OldTimer.

Thanks for helping me with this. The reason I don't have an Anti-Virus is because I was using AntiVir and then I uninstalled it to use the Kaspersky Trial but that ran out and then I forgot about it. Before I read your log I re-installed AntiVir and attempted to scan with it. Even though it found things it didn't remove them so I was confused but I've read your log since then and here is the report:

WinPFind35 logfile created on: 14/01/2008 17:24:23
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\ben\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

511.48 Mb Total Physical Memory | 178.52 Mb Available Physical Memory | 34.90% Memory free
1.21 Gb Paging File | 0.86 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 35.39 Gb Free Space | 47.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: ben
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 19/05/2006 12:59:41 | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 26/07/2005 04:39:45 | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 26/07/2005 04:39:45 | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 19/12/2006 21:52:18 | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 19/12/2006 21:52:18 | Attr = ]
-> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 07/12/2004 19:32:34 | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 17/08/2006 12:28:27 | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 22/08/2005 18:29:46 | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 22/06/2006 10:47:18 | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 19/12/2006 21:52:18 | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 08/07/2005 16:27:56 | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 19/12/2006 21:52:18 | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\wbem\wmisvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 18/10/2006 21:47:16 | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\WudfSvc.dll [WudfSvc] -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 55808 bytes | Modified Date = 28/09/2006 18:56:14 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 05/02/2007 20:17:02 | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 04/01/2006 03:35:05 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 10/06/2005 23:53:32 | Attr = ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 10:23:07 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 479232 bytes | Modified Date = 14/01/2008 13:08:36 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 535552 bytes | Modified Date = 14/01/2008 13:08:37 | Attr = ]
datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1474560 bytes | Modified Date = 14/01/2008 13:08:40 | Attr = ]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 561664 bytes | Modified Date = 14/01/2008 13:08:41 | Attr = ]
ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
jusched .exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched .exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 14/01/2008 17:06:23 | Attr = ]
datalayer .exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer .exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 14/01/2008 17:06:34 | Attr = ]
launchapplication .exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication .exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 167936 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
pwrisovm .exe -> %ProgramFiles%\PowerISO\PWRISOVM .EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
ctfmon .exe -> %System32%\ctfmon .exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 14/01/2008 17:06:33 | Attr = ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 50, 28, 2 | Size = 97792 bytes | Modified Date = 22/03/2005 11:27:16 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Modified Date = 19/06/2003 23:25:00 | Attr = ]
mysqld-nt.exe -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
pnkbstrb.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 14/01/2008 17:10:04 | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 10:59:52 | Attr = ]
usnsvc.exe -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 97136 bytes | Modified Date = 19/01/2007 11:54:14 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 06/01/2008 13:17:10 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 03/05/2006 10:57:00 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 16/09/2007 20:05:15 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 01:40:21 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MySQL) MySQL [Win32_Own | Auto | Running] -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1505792 bytes | Modified Date = 21/02/2006 19:46:26 | Attr = ]
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 27/02/2007 15:25:10 | Attr = ]
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 17/09/2007 11:25:03 | Attr = ]
(avipbb) avipbb [Kernel | System | Running] -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctlsb16.sys -> Copyright © Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Modified Date = 17/08/2001 12:19:20 | Attr = ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 25/10/2004 20:02:00 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 11/02/2005 11:19:20 | Attr = ]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 11/02/2005 11:21:02 | Attr = ]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 11/02/2005 11:21:10 | Attr = ]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 11/02/2005 11:22:48 | Attr = ]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 11/02/2005 11:24:24 | Attr = ]
(KLIF) KLIF [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.267 | Size = 179472 bytes | Modified Date = 07/09/2007 13:05:33 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Modified Date = 03/08/2004 22:41:40 | Attr = ]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 5.02.14.05 | Size = 6300 bytes | Modified Date = 15/02/2005 15:57:54 | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 5.02.14.05 | Size = 9021 bytes | Modified Date = 15/02/2005 15:57:54 | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 5.02.14.05 | Size = 140619 bytes | Modified Date = 17/02/2005 12:48:06 | Attr = ]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Modified Date = 03/08/2004 22:41:40 | Attr = ]
(papycpu) papycpu [Kernel | On_Demand | Stopped] -> %System32%\drivers\papycpu.sys -> [Ver = | Size = 1888 bytes | Modified Date = 14/09/1998 11:57:46 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PnkBstrK) PnkBstrK [Kernel | On_Demand | Stopped] -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 29/09/2007 09:52:04 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 29/11/2007 21:44:27 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RecAgent) RecAgent [Kernel | Boot | Running] -> %System32%\drivers\RecAgent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Modified Date = 03/08/2004 22:41:40 | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03/08/2004 22:31:34 | Attr = ]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 07/08/2007 00:15:07 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 03/03/2005 17:53:57 | Attr = ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 23/02/2005 15:59:54 | Attr = ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 03/12/2004 10:20:41 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Modified Date = 03/08/2004 22:41:44 | Attr = ]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Modified Date = 03/08/2004 22:41:46 | Attr = ]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Modified Date = 03/08/2004 22:41:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(ssmdrv) ssmdrv [Kernel | System | Running] -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 01/03/2007 10:34:36 | Attr = ]
(STAC97NA) SigmaTel 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\stac97na.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 296179 bytes | Modified Date = 20/09/2002 18:42:32 | Attr = ]
(STAC97NH) STAC97NH [Kernel | On_Demand | Running] -> %System32%\drivers\stac97nh.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 231983 bytes | Modified Date = 20/09/2002 18:43:18 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.267 | Size = 179472 bytes | Modified Date = 07/09/2007 13:05:33 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> File not found
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 249896 bytes | Modified Date = 14/01/2008 17:10:04 | Attr = ]
avp -> %SystemRoot%\TEMP\win143.exe -> File not found
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1474560 bytes | Modified Date = 14/01/2008 13:08:40 | Attr = ]
EPSON Stylus C42 Series -> %System32%\spool\DRIVERS\W32X86\3\E_S10IC1.EXE -> File not found
lsass -> %SystemRoot%\lsass .exe -> File not found
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 535552 bytes | Modified Date = 14/01/2008 13:08:37 | Attr = ]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 561664 bytes | Modified Date = 14/01/2008 13:08:41 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 479232 bytes | Modified Date = 14/01/2008 13:08:36 | Attr = ]
Winupdate Engine -> %System32%\wupeng.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> [Ver = | Size = 2571776 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [Ver = | Size = 6422528 bytes | Modified Date = 14/01/2008 17:06:20 | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< ben Startup Folder > -> C:\Documents and Settings\ben\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} [HKEY_LOCAL_MACHINE] -> %System32%\xxyxywt.dll [] -> [Ver = | Size = 35328 bytes | Modified Date = 06/01/2008 14:57:59 | Attr = ]
{6DB38642-A70F-4C98-B82F-80D80E29E1E0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
wowfx.dll -> wowfx.dll -> File not found
xlibgfl254.dll -> xlibgfl254.dll -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09/03/2007 18:52:52 | Attr = ]
wintuh32 -> -> File not found
xxyxywt -> %System32%\xxyxywt.dll -> [Ver = | Size = 35328 bytes | Modified Date = 06/01/2008 14:57:59 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (3271 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ]
{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} [HKEY_LOCAL_MACHINE] -> %System32%\xxyxywt.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 35328 bytes | Modified Date = 06/01/2008 14:57:59 | Attr = ]
{637fbc9d-80e4-47df-b4d9-9f1e83f5dde7} [HKEY_LOCAL_MACHINE] -> %System32%\uvolgijr.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
{F502B02B-65CB-471C-B410-66AE3B4325B3} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 338944 bytes | Modified Date = 14/01/2008 13:02:15 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Web Anti-Virus statistics] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [Ver = | Size = 2571776 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [Ver = | Size = 2571776 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2FA65E42-5C25-4B45-95D2-1A955809AA53} -> (1394 Net Adapter) ->
{38DBA83C-08A7-4717-9EC1-921D23B087EA} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}[HKEY_LOCAL_MACHINE] -> http://musicmix.messenger.msn.com/Medialogic.CAB[CMediaMix Object] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1165078554578[MUWebControl Class] ->
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}[HKEY_LOCAL_MACHINE] -> http://launch.gamespyarcade.com/software/launch/alaunch.cab[GSDACtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_08] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab[HGPlugin9USA Class] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc311.cab[Measurement Services Client v.3.11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D27CDB6E-AE6D-11CF-96B8-444553550000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...ash/swflash.cab[Reg Error: Key does not exist or could not be opened.] ->
{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}[HKEY_LOCAL_MACHINE] -> http://eu.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab[NTR ActiveX 1.1.8] ->
{E862C832-3A5F-4CEB-BFAA-167B22010A71}[HKEY_LOCAL_MACHINE] -> http://support.packardbell.com/files/activ...nfosFinder2.CAB[InfosFinder2.InfosFinder] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
C:\WINDOWS\system32\pmkhh -> %System32%\pmkhh.dll -> [Ver = | Size = 338944 bytes | Modified Date = 14/01/2008 13:02:15 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 04:37:50 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 23162 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 12:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [Ver = | Size = 6422528 bytes | Modified Date = 14/01/2008 17:06:20 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 15:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe -> C:\Documents and Settings\ben\Application Data\trant.exe [C:\Documents and Settings\ben\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe -> C:\Documents and Settings\ben\Application Data\mcrupdate.exe [C:\Documents and Settings\ben\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe -> C:\WINDOWS\system32\spoolvs.exe [C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 12:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [Ver = | Size = 2571776 bytes | Modified Date = 14/01/2008 17:06:28 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 31/10/2005 15:56:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 122880 bytes | Modified Date = 02/07/2007 17:07:31 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe -> C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe [C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe:*:Enabled:LOCO Executable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2 Demo\Bf2_w32ded.exe -> C:\Program Files\EA GAMES\Battlefield 2 Demo\Bf2_w32ded.exe [C:\Program Files\EA GAMES\Battlefield 2 Demo\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded] -> [Ver = | Size = 4816896 bytes | Modified Date = 02/06/2005 13:46:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> IGN Entertainment, Inc. [Ver = 2.0.5.5228 | Size = 4206658 bytes | Modified Date = 21/08/2006 21:17:28 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2\BF2.exe -> C:\Program Files\EA GAMES\Battlefield 2\BF2.exe [C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2] -> [Ver = | Size = 7574463 bytes | Modified Date = 26/09/2006 16:53:22 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Xfire\xfire.exe -> C:\Program Files\Xfire\xfire.exe [C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 2742608 bytes | Modified Date = 12/09/2007 22:25:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe -> C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe [C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2] -> [Ver = | Size = 6011392 bytes | Modified Date = 07/06/2005 14:24:18 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DAP\DAP.exe -> C:\Program Files\DAP\DAP.exe [C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe -> C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe [C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC] -> [Ver = 1.0.0.0 | Size = 4832768 bytes | Modified Date = 14/12/2006 12:12:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD -> C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD [C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II] -> Microsoft Corporation [Ver = 00.14.22.0712 | Size = 2555949 bytes | Modified Date = 28/07/2000 21:33:14 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd -> C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd [C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion] -> Microsoft Corporation [Ver = 00.07.26.0809 | Size = 2699309 bytes | Modified Date = 10/08/2001 21:20:26 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [Ver = | Size = 6422528 bytes | Modified Date = 14/01/2008 17:06:20 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 15:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> C:\WINDOWS\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 27/10/2006 15:16:48 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Local Settings\Temp\win141.exe -> C:\Documents and Settings\ben\Local Settings\Temp\win141.exe [C:\Documents and Settings\ben\Local Settings\Temp\win141.exe:*:Enabled:UK Provider] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe -> C:\Documents and Settings\ben\Application Data\trant.exe [C:\Documents and Settings\ben\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe -> C:\Documents and Settings\ben\Application Data\mcrupdate.exe [C:\Documents and Settings\ben\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe -> C:\WINDOWS\system32\spoolvs.exe [C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr .exe -> C:\Program Files\MSN Messenger\msnmsgr .exe [C:\Program Files\MSN Messenger\msnmsgr .exe:*:Enabled:Messenger] -> [Ver = | Size = 6048256 bytes | Modified Date = 14/01/2008 17:06:59 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\emsbgrwm.exe -> C:\WINDOWS\system32\ems ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr .exe -> C:\Program Files\MSN Messenger\msnmsgr .exe [C:\Program Files\MSN Messenger\msnmsgr .exe:*:Enabled:Messenger] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 14/01/2008 17:07:22 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\win13A.exe -> C:\WINDOWS\Temp\win13A.exe [C:\WINDOWS\Temp\win13A.exe:*:Enabled:UK Provider] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3306:TCP -> 3306:TCP:*:Enabled:TCP ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe -> %AllUsersStartup%\autorun.exe -> File not found
C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast .exe -> %UserStartup%\findfast .exe -> File not found
C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast.exe -> %UserStartup%\findfast.exe -> File not found
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
EasySpywareCleaner hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\EasySpywareCleaner\EasySpywareCleaner.exe -> File not found
PcSync hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (423) | Size = 1215488 bytes | Modified Date = 06/01/2008 19:14:54 | Attr = ]
Spoolsv hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\spoolvs.exe -> File not found
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 23:55:59 | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
å -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Update\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Update\\NoAutoUpdate -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Update\\NoWindowsUpdate -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoUpdate -> 1 ->


[Files/Folders - Created Within 30 days]
Install -> %SystemDrive%\Install -> [Ver = | Size = 1283174 bytes | Created Date = 06/01/2008 14:58:17 | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Created Date = 20/12/2007 12:06:56 | Attr = H ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 06/01/2008 14:22:23 | Attr = RH ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 13/01/2008 13:40:10 | Attr = ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
audiopid.vxd -> %System32%\audiopid.vxd -> [Ver = | Size = 7062 bytes | Created Date = 25/12/2007 12:06:19 | Attr = ]
ctfmona.exe -> %System32%\ctfmona.exe -> [Ver = | Size = 372224 bytes | Created Date = 06/01/2008 15:12:36 | Attr = ]
CTSVCCDA.EXE -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Created Date = 25/12/2007 12:03:17 | Attr = ]
CTSVCCTL.EXE -> %System32%\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Created Date = 25/12/2007 12:03:17 | Attr = ]
drvwimr.dll -> %System32%\drvwimr.dll -> [Ver = | Size = 15360 bytes | Created Date = 06/01/2008 14:58:12 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
hhkmp.ini -> %System32%\hhkmp.ini -> [Ver = | Size = 7453 bytes | Created Date = 13/01/2008 23:54:43 | Attr = HS]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 7453 bytes | Created Date = 13/01/2008 23:54:46 | Attr = HS]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
Jvpr02.0cx -> %System32%\Jvpr02.0cx -> [Ver = | Size = 60 bytes | Created Date = 05/01/2008 20:23:09 | Attr = ]
lhhkcaiq.ini -> %System32%\lhhkcaiq.ini -> [Ver = | Size = 1049809 bytes | Created Date = 08/01/2008 19:05:42 | Attr = HS]
ltwctfsw.ini -> %System32%\ltwctfsw.ini -> [Ver = | Size = 1043887 bytes | Created Date = 06/01/2008 19:29:35 | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 13/01/2008 16:09:08 | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 09/01/2008 10:57:05 | Attr = ]
pmkhh.dll -> %System32%\pmkhh.dll -> [Ver = | Size = 338944 bytes | Created Date = 14/01/2008 13:02:13 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
qvnciggn.exe -> %System32%\qvnciggn.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 08/01/2008 19:05:25 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
uvofoxcq.ini -> %System32%\uvofoxcq.ini -> [Ver = | Size = 1061282 bytes | Created Date = 10/01/2008 11:43:25 | Attr = HS]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
wintuh32.dll -> %System32%\wintuh32.dll -> [Ver = | Size = 24576 bytes | Created Date = 06/01/2008 14:57:54 | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
xxyxywt.dll -> %System32%\xxyxywt.dll -> [Ver = | Size = 35328 bytes | Created Date = 06/01/2008 14:57:59 | Attr = ]
yagauhvs.exe -> %System32%\yagauhvs.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 10/01/2008 11:43:21 | Attr = ]
Casino.ico -> %SystemRoot%\Casino.ico -> [Ver = | Size = 2238 bytes | Created Date = 06/01/2008 17:03:33 | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 931 bytes | Created Date = 06/01/2008 19:53:14 | Attr = ]
Ctregrun.exe -> %SystemRoot%\Ctregrun.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 53248 bytes | Created Date = 25/12/2007 12:05:50 | Attr = ]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Created Date = 06/01/2008 17:03:33 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 20/12/2007 15:35:01 | Attr = ]
Pref23.D1l -> %SystemRoot%\Pref23.D1l -> [Ver = | Size = 25 bytes | Created Date = 05/01/2008 20:23:09 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 06/01/2008 14:26:36 | Attr = ]
Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico -> [Ver = | Size = 4846 bytes | Created Date = 06/01/2008 17:03:29 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 06/01/2008 11:11:32 | Attr = ]
ump.INI -> %SystemRoot%\ump.INI -> [Ver = | Size = 0 bytes | Created Date = 25/12/2007 19:22:33 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Created Date = 20/12/2007 12:07:32 | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Created Date = 20/12/2007 12:07:32 | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Created Date = 13/01/2008 13:40:07 | Attr = ]
Creative -> %AllUsersAppData%\Creative -> [Folder | Created Date = 25/12/2007 12:04:16 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 13/01/2008 13:35:57 | Attr = ]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 20/12/2007 18:20:09 | Attr = ]
Office Genuine Advantage -> %AllUsersAppData%\Office Genuine Advantage -> [Folder | Created Date = 20/12/2007 22:50:55 | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Created Date = 20/12/2007 12:07:57 | Attr = ]
Creative -> %UserAppData%\Creative -> [Folder | Created Date = 25/12/2007 12:16:08 | Attr = ]
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Created Date = 06/01/2008 15:14:20 | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Created Date = 20/12/2007 15:34:56 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Created Date = 26/12/2007 13:38:01 | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 20/12/2007 12:09:12 | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 20/12/2007 18:20:23 | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 06/01/2008 10:48:15 | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Created Date = 20/12/2007 15:34:56 | Attr = ]
Audible -> %AllUsersDocuments%\Audible -> [Folder | Created Date = 25/12/2007 12:05:00 | Attr = ]
Audible -> %UserDocuments%\Audible -> [Folder | Created Date = 25/12/2007 12:05:00 | Attr = ]
Digital_Divide_(ASSIGNMENT_C)[1].docx -> %UserDocuments%\Digital_Divide_(ASSIGNMENT_C)[1].docx -> [Ver = | Size = 20080 bytes | Created Date = 20/12/2007 11:28:25 | Attr = ]
love2_isss539w.thm -> %UserDocuments%\love2_isss539w.thm -> [Ver = | Size = 109056 bytes | Created Date = 06/01/2008 18:42:25 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\love2_isss539w.thm:Zone.Identifier
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Created Date = 06/01/2008 11:27:49 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:15:04 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 13/01/2008 13:41:01 | Attr = ]
Creative Product Registration.lnk -> %AllUsersDesktop%\Creative Product Registration.lnk -> [Ver = | Size = 1972 bytes | Created Date = 25/12/2007 12:05:51 | Attr = ]
Mozilla Thunderbird.lnk -> %AllUsersDesktop%\Mozilla Thunderbird.lnk -> [Ver = | Size = 1668 bytes | Created Date = 20/12/2007 15:34:45 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Created Date = 10/01/2008 21:18:33 | Attr = ]
ZEN Media Explorer.lnk -> %AllUsersDesktop%\ZEN Media Explorer.lnk -> [Ver = | Size = 124 bytes | Created Date = 25/12/2007 12:04:09 | Attr = ]
ZENcast Organizer.lnk -> %AllUsersDesktop%\ZENcast Organizer.lnk -> [Ver = | Size = 1747 bytes | Created Date = 25/12/2007 12:04:28 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Created Date = 13/01/2008 13:34:49 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Created Date = 13/01/2008 13:35:10 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
AWEMAN.DLL -> %UserDesktop%\AWEMAN.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 11328 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
AWEMAN32.DLL -> %UserDesktop%\AWEMAN32.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 35840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CIFMAN.CRL -> %UserDesktop%\CIFMAN.CRL -> Creative Technology Ltd. [Ver = 4.05.1003 | Size = 7168 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CIFMAN.DLL -> %UserDesktop%\CIFMAN.DLL -> Creative Technology Ltd. [Ver = 4.05.1005 | Size = 9728 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CSPMAN.DLL -> %UserDesktop%\CSPMAN.DLL -> Creative Technology Ltd. [Ver = 4.13.1 | Size = 19312 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CT3DSE.VXD -> %UserDesktop%\CT3DSE.VXD -> [Ver = | Size = 6398 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.INF -> %UserDesktop%\CTRESV.INF -> [Ver = | Size = 1315 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.VXD -> %UserDesktop%\CTRESV.VXD -> [Ver = | Size = 5942 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
DISK.ID -> %UserDesktop%\DISK.ID -> [Ver = | Size = 90 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
FILE_ID.DIZ -> %UserDesktop%\FILE_ID.DIZ -> [Ver = | Size = 608 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
Find Spyware Remover.lnk -> %UserDesktop%\Find Spyware Remover.lnk -> [Ver = | Size = 1440 bytes | Created Date = 06/01/2008 20:23:04 | Attr = ]
Free Online Dating.lnk -> %UserDesktop%\Free Online Dating.lnk -> [Ver = | Size = 1358 bytes | Created Date = 06/01/2008 20:23:08 | Attr = ]
Get a FREE audiobook!.lnk -> %UserDesktop%\Get a FREE audiobook!.lnk -> [Ver = | Size = 1574 bytes | Created Date = 25/12/2007 12:05:21 | Attr = ]
Go to Casino.lnk -> %UserDesktop%\Go to Casino.lnk -> [Ver = | Size = 1322 bytes | Created Date = 06/01/2008 20:23:08 | Attr = ]
SB16.VXD -> %UserDesktop%\SB16.VXD -> [Ver = | Size = 111150 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16AWE.INF -> %UserDesktop%\SB16AWE.INF -> [Ver = | Size = 25050 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16SND.DRV -> %UserDesktop%\SB16SND.DRV -> Creative Technology Ltd. [Ver = 4.38.13 | Size = 103392 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE.VXD -> %UserDesktop%\SBAWE.VXD -> [Ver = | Size = 77370 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE32.DRV -> %UserDesktop%\SBAWE32.DRV -> Creative Technology Ltd. [Ver = 4.38.0 | Size = 45264 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBFM.DRV -> %UserDesktop%\SBFM.DRV -> Creative Technology Ltd. [Ver = 4.12.1 | Size = 4096 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:00:29 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 13/01/2008 13:29:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
SYNTHGM.SBK -> %UserDesktop%\SYNTHGM.SBK -> [Ver = | Size = 34832 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UIDLL16.DLL -> %UserDesktop%\UIDLL16.DLL -> Creative® Technology Ltd. [Ver = 1.00 | Size = 15840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.EXE -> %UserDesktop%\UPDDRV95.EXE -> Creative® Technology Ltd. [Ver = 1.15 | Size = 22528 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.INF -> %UserDesktop%\UPDDRV95.INF -> [Ver = | Size = 498 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0200.ACV -> %UserDesktop%\WFM0200.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 12800 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0200A.CSP -> %UserDesktop%\WFM0200A.CSP -> [Ver = | Size = 2238 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201.ACV -> %UserDesktop%\WFM0201.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 5024 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201A.CSP -> %UserDesktop%\WFM0201A.CSP -> [Ver = | Size = 6776 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202.ACV -> %UserDesktop%\WFM0202.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 49616 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202A.CSP -> %UserDesktop%\WFM0202A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203.ACV -> %UserDesktop%\WFM0203.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 60080 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203A.CSP -> %UserDesktop%\WFM0203A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 14/01/2008 17:21:59 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 14/01/2008 17:21:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Created Date = 20/12/2007 12:07:09 | Attr = ]
Creative -> %CommonProgramFiles%\Creative -> [Folder | Created Date = 25/12/2007 12:02:54 | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 06/01/2008 14:32:18 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = HS]
Install -> %SystemDrive%\Install -> [Ver = | Size = 1283174 bytes | Modified Date = 06/01/2008 14:58:22 | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 442 bytes | Modified Date = 20/12/2007 12:09:12 | Attr = H ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 06/01/2008 14:22:23 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/01/2008 14:37:34 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 06/01/2008 15:51:55 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 14/01/2008 13:07:18 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr = ]
AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 06/01/2008 16:02:10 | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 2826 bytes | Modified Date = 07/01/2008 22:30:05 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 101187104 bytes | Modified Date = 14/01/2008 13:05:52 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1357292 bytes | Modified Date = 14/01/2008 13:05:52 | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1895712 bytes | Modified Date = 14/01/2008 13:05:52 | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 179192 bytes | Modified Date = 14/01/2008 13:05:52 | Attr = HS]
NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 25/12/2007 12:08:47 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 25/12/2007 12:08:47 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 14/01/2008 17:07:57 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/01/2008 19:53:49 | Attr = ]
ctfmona.exe -> %System32%\ctfmona.exe -> [Ver = | Size = 372224 bytes | Modified Date = 06/01/2008 15:55:09 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 14/01/2008 17:08:09 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 13/01/2008 13:40:28 | Attr = ]
drvwimr.dll -> %System32%\drvwimr.dll -> [Ver = | Size = 15360 bytes | Modified Date = 06/01/2008 14:58:12 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1566736 bytes | Modified Date = 06/01/2008 15:45:49 | Attr = ]
hhkmp.ini -> %System32%\hhkmp.ini -> [Ver = | Size = 7453 bytes | Modified Date = 14/01/2008 17:24:58 | Attr = HS]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 7453 bytes | Modified Date = 14/01/2008 17:23:46 | Attr = HS]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 20/12/2007 23:11:52 | Attr = ]
Jvpr02.0cx -> %System32%\Jvpr02.0cx -> [Ver = | Size = 60 bytes | Modified Date = 05/01/2008 20:23:09 | Attr = ]
lhhkcaiq.ini -> %System32%\lhhkcaiq.ini -> [Ver = | Size = 1049809 bytes | Modified Date = 10/01/2008 09:38:10 | Attr = HS]
lsdelete.exe -> %System32%\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 13/01/2008 13:39:38 | Attr = ]
ltwctfsw.ini -> %System32%\ltwctfsw.ini -> [Ver = | Size = 1043887 bytes | Modified Date = 06/01/2008 20:58:29 | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 13/01/2008 16:09:08 | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 09/01/2008 10:57:05 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 516804 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
pmkhh.dll -> %System32%\pmkhh.dll -> [Ver = | Size = 338944 bytes | Modified Date = 14/01/2008 13:02:15 | Attr = ]
qvnciggn.exe -> %System32%\qvnciggn.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 08/01/2008 19:05:26 | Attr = ]
uvofoxcq.ini -> %System32%\uvofoxcq.ini -> [Ver = | Size = 1061282 bytes | Modified Date = 13/01/2008 14:36:22 | Attr = HS]
wbem -> %System32%\wbem -> [Folder | Modified Date = 11/01/2008 19:53:21 | Attr = ]
wintuh32.dll -> %System32%\wintuh32.dll -> [Ver = | Size = 24576 bytes | Modified Date = 06/01/2008 14:57:54 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 14/01/2008 17:08:10 | Attr = ]
xxyxywt.dll -> %System32%\xxyxywt.dll -> [Ver = | Size = 35328 bytes | Modified Date = 06/01/2008 14:57:59 | Attr = ]
yagauhvs.exe -> %System32%\yagauhvs.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 10/01/2008 11:43:21 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 10:47:24 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 06/01/2008 14:34:45 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 14/01/2008 17:05:30 | Attr = S]
Casino.ico -> %SystemRoot%\Casino.ico -> [Ver = | Size = 2238 bytes | Modified Date = 06/01/2008 20:23:08 | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 931 bytes | Modified Date = 10/01/2008 16:51:24 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 10/01/2008 00:15:48 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 06/01/2008 17:20:00 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/01/2008 14:31:03 | Attr = R S]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Modified Date = 06/01/2008 20:23:05 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 20/12/2007 18:28:56 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 09/01/2008 10:54:28 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/01/2008 13:36:34 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 28/12/2007 22:32:44 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 19/12/2007 20:16:48 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 20/12/2007 15:35:01 | Attr = ]
Pref23.D1l -> %SystemRoot%\Pref23.D1l -> [Ver = | Size = 25 bytes | Modified Date = 05/01/2008 20:23:09 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 13/01/2008 13:41:17 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 13/01/2008 13:51:28 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/01/2008 19:53:20 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 06/01/2008 14:32:02 | Attr = ]
Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico -> [Ver = | Size = 4846 bytes | Modified Date = 06/01/2008 20:23:03 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 06/01/2008 11:13:12 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 14/01/2008 17:17:42 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 14/01/2008 17:25:04 | Attr = ]
ump.INI -> %SystemRoot%\ump.INI -> [Ver = | Size = 0 bytes | Modified Date = 25/12/2007 19:22:33 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 872 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 06/01/2008 12:06:24 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/01/2008 18:17:23 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/01/2008 17:05:57 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 20/12/2007 12:07:32 | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Modified Date = 20/12/2007 12:10:01 | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Modified Date = 13/01/2008 13:40:07 | Attr = ]
Creative -> %AllUsersAppData%\Creative -> [Folder | Modified Date = 25/12/2007 12:16:09 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 13/01/2008 13:42:27 | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 06/01/2008 14:30:37 | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 07/01/2008 17:30:12 | Attr = ]
Office Genuine Advantage -> %AllUsersAppData%\Office Genuine Advantage -> [Folder | Modified Date = 20/12/2007 22:50:55 | Attr = ]
Skype -> %AllUsersAppData%\Skype -> [Folder | Modified Date = 07/01/2008 20:59:32 | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 20/12/2007 12:07:57 | Attr = ]
Creative -> %UserAppData%\Creative -> [Folder | Modified Date = 26/12/2007 12:25:39 | Attr = ]
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Modified Date = 06/01/2008 15:14:20 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 08/01/2008 01:51:58 | Attr = S]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 20/12/2007 15:35:01 | Attr = ]
ntr -> %UserAppData%\ntr -> [Folder | Modified Date = 13/01/2008 13:21:03 | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Modified Date = 20/12/2007 15:34:59 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Modified Date = 26/12/2007 13:38:01 | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 20/12/2007 12:09:12 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 9728 bytes | Modified Date = 12/01/2008 18:42:08 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 73048 bytes | Modified Date = 06/01/2008 16:11:39 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3729848 bytes | Modified Date = 27/12/2007 02:51:35 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 20/12/2007 22:47:58 | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 20/12/2007 18:20:23 | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 06/01/2008 10:48:15 | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Modified Date = 20/12/2007 15:35:09 | Attr = ]
Audible -> %AllUsersDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:05 | Attr = ]
Audible -> %UserDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:13 | Attr = ]
Ben's Phone Folder -> %UserDocuments%\Ben's Phone Folder -> [Folder | Modified Date = 01/01/2008 17:01:14 | Attr = ]
Ben's Seriously Old School Work -> %UserDocuments%\Ben's Seriously Old School Work -> [Folder | Modified Date = 27/12/2007 02:11:59 | Attr = ]
Digital_Divide_(ASSIGNMENT_C)[1].docx -> %UserDocuments%\Digital_Divide_(ASSIGNMENT_C)[1].docx -> [Ver = | Size = 20080 bytes | Modified Date = 20/12/2007 11:28:26 | Attr = ]
jodis crap -> %UserDocuments%\jodis crap -> [Folder | Modified Date = 03/01/2008 01:06:36 | Attr = ]
liz -> %UserDocuments%\liz -> [Folder | Modified Date = 27/12/2007 02:11:48 | Attr = ]
love2_isss539w.thm -> %UserDocuments%\love2_isss539w.thm -> [Ver = | Size = 109056 bytes | Modified Date = 06/01/2008 18:42:26 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\love2_isss539w.thm:Zone.Identifier
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Modified Date = 06/01/2008 11:52:42 | Attr = ]
My Chat Logs -> %UserDocuments%\My Chat Logs -> [Folder | Modified Date = 02/01/2008 16:13:37 | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 12:07:37 | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 09/01/2008 17:58:02 | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 13/01/2008 21:45:04 | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 569 bytes | Modified Date = 14/01/2008 17:19:42 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Modified Date = 06/01/2008 21:15:13 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 13/01/2008 13:41:01 | Attr = ]
Creative Product Registration.lnk -> %AllUsersDesktop%\Creative Product Registration.lnk -> [Ver = | Size = 1972 bytes | Modified Date = 25/12/2007 12:05:51 | Attr = ]
Mozilla Thunderbird.lnk -> %AllUsersDesktop%\Mozilla Thunderbird.lnk -> [Ver = | Size = 1668 bytes | Modified Date = 20/12/2007 15:34:45 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Modified Date = 10/01/2008 21:18:33 | Attr = ]
ZENcast Organizer.lnk -> %AllUsersDesktop%\ZENcast Organizer.lnk -> [Ver = | Size = 1747 bytes | Modified Date = 25/12/2007 12:04:28 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Modified Date = 13/01/2008 13:34:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Modified Date = 13/01/2008 13:39:17 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
Find Spyware Remover.lnk -> %UserDesktop%\Find Spyware Remover.lnk -> [Ver = | Size = 1440 bytes | Modified Date = 06/01/2008 20:23:05 | Attr = ]
Free Online Dating.lnk -> %UserDesktop%\Free Online Dating.lnk -> [Ver = | Size = 1358 bytes | Modified Date = 06/01/2008 20:23:08 | Attr = ]
Get a FREE audiobook!.lnk -> %UserDesktop%\Get a FREE audiobook!.lnk -> [Ver = | Size = 1574 bytes | Modified Date = 25/12/2007 12:05:21 | Attr = ]
Go to Casino.lnk -> %UserDesktop%\Go to Casino.lnk -> [Ver = | Size = 1322 bytes | Modified Date = 06/01/2008 20:23:08 | Attr = ]
Incomplete -> %UserDesktop%\Incomplete -> [Folder | Modified Date = 11/01/2008 19:13:02 | Attr = ]
james -> %UserDesktop%\james -> [Folder | Modified Date = 11/01/2008 18:35:16 | Attr = ]
Random Files Which May Be Of Use... Someday -> %UserDesktop%\Random Files Which May Be Of Use... Someday -> [Folder | Modified Date = 03/01/2008 12:22:41 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 07/01/2008 22:37:04 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 13/01/2008 13:29:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 14/01/2008 17:21:59 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 14/01/2008 17:21:47 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 20/12/2007 19:04:04 | Attr = ]
Creative -> %CommonProgramFiles%\Creative -> [Folder | Modified Date = 25/12/2007 12:02:54 | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 06/01/2008 14:32:18 | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 06/01/2008 14:33:17 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 06/01/2008 14:26:51 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 13/01/2008 13:35:41 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 13810 bytes | Modified Date = 14/01/2008 17:08:33 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 13810 bytes | Modified Date = 14/01/2008 17:08:33 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 03/12/2006 18:59:30 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8592 bytes | Modified Date = 06/01/2008 14:42:17 | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 14 January 2008 - 01:36 PM

Hi PrittStick. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and then exit out of the program. We will run a scan a bit later in the fix.
Step #2

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe
YN -> avp -> %SystemRoot%\TEMP\win143.exe
YN -> EPSON Stylus C42 Series -> %System32%\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
YN -> lsass -> %SystemRoot%\lsass .exe
YN -> Winupdate Engine -> %System32%\wupeng.exe
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} [HKEY_LOCAL_MACHINE] -> %System32%\xxyxywt.dll []
YN -> {6DB38642-A70F-4C98-B82F-80D80E29E1E0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> wowfx.dll -> wowfx.dll
YN -> xlibgfl254.dll -> xlibgfl254.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> wintuh32 -> 
YY -> xxyxywt -> %System32%\xxyxywt.dll
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} [HKEY_LOCAL_MACHINE] -> %System32%\xxyxywt.dll [Reg Error: Value does not exist or could not be read.]
YN -> {637fbc9d-80e4-47df-b4d9-9f1e83f5dde7} [HKEY_LOCAL_MACHINE] -> %System32%\uvolgijr.dll [Reg Error: Value does not exist or could not be read.]
YY -> {F502B02B-65CB-471C-B410-66AE3B4325B3} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Web Anti-Virus statistics]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\pmkhh -> %System32%\pmkhh.dll
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe -> C:\Documents and Settings\ben\Application Data\trant.exe [C:\Documents and Settings\ben\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe -> C:\Documents and Settings\ben\Application Data\mcrupdate.exe [C:\Documents and Settings\ben\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe -> C:\WINDOWS\system32\spoolvs.exe [C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe -> C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe [C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe:*:Enabled:LOCO Executable]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DAP\DAP.exe -> C:\Program Files\DAP\DAP.exe [C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Local Settings\Temp\win141.exe -> C:\Documents and Settings\ben\Local Settings\Temp\win141.exe [C:\Documents and Settings\ben\Local Settings\Temp\win141.exe:*:Enabled:UK Provider]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe -> C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe [C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe -> C:\Documents and Settings\ben\Application Data\trant.exe [C:\Documents and Settings\ben\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe -> C:\Documents and Settings\ben\Application Data\mcrupdate.exe [C:\Documents and Settings\ben\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe -> C:\WINDOWS\system32\printer.exe [C:\WINDOWS\system32\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe -> C:\WINDOWS\system32\spoolvs.exe [C:\WINDOWS\system32\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe -> C:\WINDOWS\shell.exe [C:\WINDOWS\shell.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\emsbgrwm.exe -> C:\WINDOWS\system32\ems
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\win13A.exe -> C:\WINDOWS\Temp\win13A.exe [C:\WINDOWS\Temp\win13A.exe:*:Enabled:UK Provider]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe -> %AllUsersStartup%\autorun.exe
YN -> C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast .exe -> %UserStartup%\findfast .exe
YN -> C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast.exe -> %UserStartup%\findfast.exe
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> EasySpywareCleaner hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\EasySpywareCleaner\EasySpywareCleaner.exe
YN -> Spoolsv hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\spoolvs.exe
[Files/Folders - Created Within 30 days]
NY -> Install -> %SystemDrive%\Install
NY -> IPH.PH -> %SystemDrive%\IPH.PH
NY -> audiopid.vxd -> %System32%\audiopid.vxd
NY -> ctfmona.exe -> %System32%\ctfmona.exe
NY -> drvwimr.dll -> %System32%\drvwimr.dll
NY -> dumphive.exe -> %System32%\dumphive.exe
NY -> hhkmp.ini -> %System32%\hhkmp.ini
NY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
NY -> Jvpr02.0cx -> %System32%\Jvpr02.0cx
NY -> lhhkcaiq.ini -> %System32%\lhhkcaiq.ini
NY -> ltwctfsw.ini -> %System32%\ltwctfsw.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> pmkhh.dll -> %System32%\pmkhh.dll
NY -> qvnciggn.exe -> %System32%\qvnciggn.exe
NY -> uvofoxcq.ini -> %System32%\uvofoxcq.ini
NY -> wintuh32.dll -> %System32%\wintuh32.dll
NY -> WS2Fix.exe -> %System32%\WS2Fix.exe
NY -> xxyxywt.dll -> %System32%\xxyxywt.dll
NY -> yagauhvs.exe -> %System32%\yagauhvs.exe
NY -> Casino.ico -> %SystemRoot%\Casino.ico
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico
NY -> Pref23.D1l -> %SystemRoot%\Pref23.D1l
NY -> SHELLNEW -> %SystemRoot%\SHELLNEW
NY -> Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico
NY -> ump.INI -> %SystemRoot%\ump.INI
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com
NY -> love2_isss539w.thm -> %UserDocuments%\love2_isss539w.thm
NY -> Go to Casino.lnk -> %UserDesktop%\Go to Casino.lnk
[Files/Folders - Modified Within 30 days]
NY -> IPH.PH -> %SystemDrive%\IPH.PH
NY -> ctfmona.exe -> %System32%\ctfmona.exe
NY -> drvwimr.dll -> %System32%\drvwimr.dll
NY -> FNTCACHE.DAT -> %System32%\FNTCACHE.DAT
NY -> hhkmp.ini -> %System32%\hhkmp.ini
NY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
NY -> Jvpr02.0cx -> %System32%\Jvpr02.0cx
NY -> lhhkcaiq.ini -> %System32%\lhhkcaiq.ini
NY -> ltwctfsw.ini -> %System32%\ltwctfsw.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> MRT.INI -> %System32%\MRT.INI
NY -> pmkhh.dll -> %System32%\pmkhh.dll
NY -> qvnciggn.exe -> %System32%\qvnciggn.exe
NY -> uvofoxcq.ini -> %System32%\uvofoxcq.ini
NY -> wintuh32.dll -> %System32%\wintuh32.dll
NY -> xxyxywt.dll -> %System32%\xxyxywt.dll
NY -> yagauhvs.exe -> %System32%\yagauhvs.exe
NY -> Casino.ico -> %SystemRoot%\Casino.ico
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico
NY -> Pref23.D1l -> %SystemRoot%\Pref23.D1l
NY -> Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico
NY -> ump.INI -> %SystemRoot%\ump.INI
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com
NY -> love2_isss539w.thm -> %UserDocuments%\love2_isss539w.thm
NY -> Find Spyware Remover.lnk -> %UserDesktop%\Find Spyware Remover.lnk
NY -> Free Online Dating.lnk -> %UserDesktop%\Free Online Dating.lnk
NY -> Go to Casino.lnk -> %UserDesktop%\Go to Casino.lnk
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35fix.txt and close Notepad.

Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Once in Safe Mode start WinPFind35U. Open the wpf35.txt file you created earlier with NotePad and Copy/Paste the information from the file into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose No at this time.

Step #4

Start SUPERAntiSpyware.
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Reboot the machine normally and post the following back here:
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
      • File - Additional Folder Scans
    • Do not change any other settings.
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind35u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 15 January 2008 - 02:41 AM

Hey OldTimer. Here are the logs. :blink:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 04:47 AM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Complete Scan
Total Scan Time : 05:41:18

Memory items scanned : 198
Memory threats detected : 3
Registry items scanned : 5838
Registry threats detected : 46
File items scanned : 96457
File threats detected : 19

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINTUH32.DLL
C:\WINDOWS\SYSTEM32\WINTUH32.DLL

Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\XXYXYWT.DLL
C:\WINDOWS\SYSTEM32\XXYXYWT.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxyxywt

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMKHH.DLL
C:\WINDOWS\SYSTEM32\PMKHH.DLL
HKLM\Software\Classes\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}
HKCR\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}
HKCR\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}\InprocServer32
HKCR\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{385CD9CE-E5F6-4A9A-B0F5-DE6A13F251AF}
HKCR\CLSID\{385CD9CE-E5F6-4A9A-B0F5-DE6A13F251AF}
HKCR\CLSID\{385CD9CE-E5F6-4A9A-B0F5-DE6A13F251AF}\InprocServer32
HKCR\CLSID\{385CD9CE-E5F6-4A9A-B0F5-DE6A13F251AF}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{3F28D823-E741-4A31-9F16-C52C086434C6}
HKCR\CLSID\{3F28D823-E741-4A31-9F16-C52C086434C6}
HKCR\CLSID\{3F28D823-E741-4A31-9F16-C52C086434C6}\InprocServer32
HKCR\CLSID\{3F28D823-E741-4A31-9F16-C52C086434C6}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385CD9CE-E5F6-4A9A-B0F5-DE6A13F251AF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}
HKCR\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\PMKHH.EXE
C:\WINDOWS\SYSTEM32\PMKHH.EXE
[load] C:\WINDOWS\SYSTEM32\PMKHH.EXE
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\CTFMONA.EXE

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\Software\Outerinfo
HKLM\Software\Outerinfo#InstallDirectory
HKLM\Software\Outerinfo#REFID
HKLM\Software\Outerinfo#PID
C:\Program Files\Outerinfo\outerinfo.ico
C:\Program Files\Outerinfo

Adware.Tracking Cookie
C:\Documents and Settings\ben\Cookies\ben@ad.yieldmanager[2].txt
C:\Documents and Settings\ben\Cookies\ben@casalemedia[1].txt

Adware.Search2Find
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\DOCUMENTS AND SETTINGS\BEN\DESKTOP\FIND SPYWARE REMOVER.LNK
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\DOCUMENTS AND SETTINGS\BEN\DESKTOP\FREE ONLINE DATING.LNK
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\DOCUMENTS AND SETTINGS\BEN\DESKTOP\GO TO CASINO.LNK

Malware.WinAntiSpyware-Installer
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\DRVWIMR.DLL

Adware.Vundo Variant/Rel
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\HHKMP.INI
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\HHKMP.INI
C:\WINDOWS\SYSTEM32\YCCDD.INI

Trojan.Downloader-Gen/DDC
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\QVNCIGGN.EXE
C:\DOCUMENTS AND SETTINGS\BEN\DESKTOP\WINPFIND35U\MOVEDFILES\01142008_230431\WINDOWS\SYSTEM32\YAGAUHVS.EXE




WinPFind35 logfile created on: 15/01/2008 07:40:00
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\ben\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

511.48 Mb Total Physical Memory | 160.00 Mb Available Physical Memory | 31.28% Memory free
1.21 Gb Paging File | 0.81 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 35.34 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: ben
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
mysqld-nt.exe -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
pnkbstrb.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 479232 bytes | Modified Date = 15/01/2008 00:05:51 | Attr = ]
jusched .exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched .exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 15/01/2008 07:34:26 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 535552 bytes | Modified Date = 15/01/2008 00:05:54 | Attr = ]
launchapplication .exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication .exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 167936 bytes | Modified Date = 15/01/2008 07:34:40 | Attr = ]
datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1474560 bytes | Modified Date = 15/01/2008 00:05:58 | Attr = ]
pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 561664 bytes | Modified Date = 15/01/2008 00:05:59 | Attr = ]
pwrisovm .exe -> %ProgramFiles%\PowerISO\PWRISOVM .EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 15/01/2008 07:34:52 | Attr = ]
datalayer .exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer .exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 15/01/2008 07:34:53 | Attr = ]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 50, 28, 2 | Size = 97792 bytes | Modified Date = 22/03/2005 11:27:16 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1775104 bytes | Modified Date = 14/01/2008 23:05:21 | Attr = ]
superantispyware .exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware .exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 15/01/2008 07:35:43 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 06/01/2008 13:17:10 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 03/05/2006 10:57:00 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 16/09/2007 20:05:15 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 01:40:21 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MySQL) MySQL [Win32_Own | Auto | Running] -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.16 | Size = 636928 bytes | Modified Date = 15/01/2008 00:06:01 | Attr = ]
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1474560 bytes | Modified Date = 15/01/2008 00:05:58 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 535552 bytes | Modified Date = 15/01/2008 00:05:54 | Attr = ]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 561664 bytes | Modified Date = 15/01/2008 00:05:59 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 479232 bytes | Modified Date = 15/01/2008 00:05:51 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> [Ver = | Size = 2571776 bytes | Modified Date = 15/01/2008 00:05:46 | Attr = ]
msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [Ver = | Size = 6422528 bytes | Modified Date = 15/01/2008 07:35:12 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1775104 bytes | Modified Date = 14/01/2008 23:05:21 | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe -> File not found
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< ben Startup Folder > -> C:\Documents and Settings\ben\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
-> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09/03/2007 18:52:52 | Attr = ]
wintuh32 -> wintuh32.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (3271 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
{803B99BE-7FF9-4F36-AEBB-3B99D3A6D359} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 338944 bytes | Modified Date = 15/01/2008 07:34:25 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [Ver = | Size = 2571776 bytes | Modified Date = 15/01/2008 00:05:46 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [Ver = | Size = 2571776 bytes | Modified Date = 15/01/2008 00:05:46 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2FA65E42-5C25-4B45-95D2-1A955809AA53} -> (1394 Net Adapter) ->
{38DBA83C-08A7-4717-9EC1-921D23B087EA} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}[HKEY_LOCAL_MACHINE] -> http://musicmix.messenger.msn.com/Medialogic.CAB[CMediaMix Object] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1165078554578[MUWebControl Class] ->
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}[HKEY_LOCAL_MACHINE] -> http://launch.gamespyarcade.com/software/launch/alaunch.cab[GSDACtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_08] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab[HGPlugin9USA Class] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc311.cab[Measurement Services Client v.3.11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D27CDB6E-AE6D-11CF-96B8-444553550000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...ash/swflash.cab[Reg Error: Key does not exist or could not be opened.] ->
{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}[HKEY_LOCAL_MACHINE] -> http://eu.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab[NTR ActiveX 1.1.8] ->
{E862C832-3A5F-4CEB-BFAA-167B22010A71}[HKEY_LOCAL_MACHINE] -> http://support.packardbell.com/files/activ...nfosFinder2.CAB[InfosFinder2.InfosFinder] ->



[Files/Folders - Created Within 30 days]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 06/01/2008 14:22:23 | Attr = RH ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 13/01/2008 13:40:10 | Attr = ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
CTSVCCDA.EXE -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Created Date = 25/12/2007 12:03:17 | Attr = ]
CTSVCCTL.EXE -> %System32%\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Created Date = 25/12/2007 12:03:17 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1566736 bytes | Created Date = 15/01/2008 07:33:12 | Attr = ]
hhkmp.ini -> %System32%\hhkmp.ini -> [Ver = | Size = 6556 bytes | Created Date = 15/01/2008 07:34:39 | Attr = HS]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 6516 bytes | Created Date = 14/01/2008 23:04:59 | Attr = HS]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
pmkhh.dll -> %System32%\pmkhh.dll -> [Ver = | Size = 338944 bytes | Created Date = 15/01/2008 07:34:23 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
Ctregrun.exe -> %SystemRoot%\Ctregrun.exe -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 53248 bytes | Created Date = 25/12/2007 12:05:50 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 20/12/2007 15:35:01 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 06/01/2008 11:11:32 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Created Date = 20/12/2007 12:07:32 | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Created Date = 20/12/2007 12:07:32 | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Created Date = 13/01/2008 13:40:07 | Attr = ]
Creative -> %AllUsersAppData%\Creative -> [Folder | Created Date = 25/12/2007 12:04:16 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 13/01/2008 13:35:57 | Attr = ]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 20/12/2007 18:20:09 | Attr = ]
Office Genuine Advantage -> %AllUsersAppData%\Office Genuine Advantage -> [Folder | Created Date = 20/12/2007 22:50:55 | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 14/01/2008 22:54:01 | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Created Date = 20/12/2007 12:07:57 | Attr = ]
Creative -> %UserAppData%\Creative -> [Folder | Created Date = 25/12/2007 12:16:08 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 14/01/2008 22:53:33 | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Created Date = 20/12/2007 15:34:56 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Created Date = 26/12/2007 13:38:01 | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Created Date = 20/12/2007 12:09:12 | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 20/12/2007 18:20:23 | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 06/01/2008 10:48:15 | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Created Date = 20/12/2007 15:34:56 | Attr = ]
Audible -> %AllUsersDocuments%\Audible -> [Folder | Created Date = 25/12/2007 12:05:00 | Attr = ]
Audible -> %UserDocuments%\Audible -> [Folder | Created Date = 25/12/2007 12:05:00 | Attr = ]
Digital_Divide_(ASSIGNMENT_C)[1].docx -> %UserDocuments%\Digital_Divide_(ASSIGNMENT_C)[1].docx -> [Ver = | Size = 20080 bytes | Created Date = 20/12/2007 11:28:25 | Attr = ]
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Created Date = 06/01/2008 11:27:49 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:15:04 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 13/01/2008 13:41:01 | Attr = ]
Creative Product Registration.lnk -> %AllUsersDesktop%\Creative Product Registration.lnk -> [Ver = | Size = 1972 bytes | Created Date = 25/12/2007 12:05:51 | Attr = ]
Mozilla Thunderbird.lnk -> %AllUsersDesktop%\Mozilla Thunderbird.lnk -> [Ver = | Size = 1668 bytes | Created Date = 20/12/2007 15:34:45 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Created Date = 10/01/2008 21:18:33 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 14/01/2008 22:53:39 | Attr = ]
ZEN Media Explorer.lnk -> %AllUsersDesktop%\ZEN Media Explorer.lnk -> [Ver = | Size = 124 bytes | Created Date = 25/12/2007 12:04:09 | Attr = ]
ZENcast Organizer.lnk -> %AllUsersDesktop%\ZENcast Organizer.lnk -> [Ver = | Size = 1747 bytes | Created Date = 25/12/2007 12:04:28 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Created Date = 13/01/2008 13:34:49 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Created Date = 13/01/2008 13:35:10 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
AWEMAN.DLL -> %UserDesktop%\AWEMAN.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 11328 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
AWEMAN32.DLL -> %UserDesktop%\AWEMAN32.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 35840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CIFMAN.CRL -> %UserDesktop%\CIFMAN.CRL -> Creative Technology Ltd. [Ver = 4.05.1003 | Size = 7168 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CIFMAN.DLL -> %UserDesktop%\CIFMAN.DLL -> Creative Technology Ltd. [Ver = 4.05.1005 | Size = 9728 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CSPMAN.DLL -> %UserDesktop%\CSPMAN.DLL -> Creative Technology Ltd. [Ver = 4.13.1 | Size = 19312 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CT3DSE.VXD -> %UserDesktop%\CT3DSE.VXD -> [Ver = | Size = 6398 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.INF -> %UserDesktop%\CTRESV.INF -> [Ver = | Size = 1315 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.VXD -> %UserDesktop%\CTRESV.VXD -> [Ver = | Size = 5942 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
DISK.ID -> %UserDesktop%\DISK.ID -> [Ver = | Size = 90 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
FILE_ID.DIZ -> %UserDesktop%\FILE_ID.DIZ -> [Ver = | Size = 608 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
Get a FREE audiobook!.lnk -> %UserDesktop%\Get a FREE audiobook!.lnk -> [Ver = | Size = 1574 bytes | Created Date = 25/12/2007 12:05:21 | Attr = ]
SB16.VXD -> %UserDesktop%\SB16.VXD -> [Ver = | Size = 111150 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16AWE.INF -> %UserDesktop%\SB16AWE.INF -> [Ver = | Size = 25050 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16SND.DRV -> %UserDesktop%\SB16SND.DRV -> Creative Technology Ltd. [Ver = 4.38.13 | Size = 103392 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE.VXD -> %UserDesktop%\SBAWE.VXD -> [Ver = | Size = 77370 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE32.DRV -> %UserDesktop%\SBAWE32.DRV -> Creative Technology Ltd. [Ver = 4.38.0 | Size = 45264 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBFM.DRV -> %UserDesktop%\SBFM.DRV -> Creative Technology Ltd. [Ver = 4.12.1 | Size = 4096 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:00:29 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 13/01/2008 13:29:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
SYNTHGM.SBK -> %UserDesktop%\SYNTHGM.SBK -> [Ver = | Size = 34832 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UIDLL16.DLL -> %UserDesktop%\UIDLL16.DLL -> Creative® Technology Ltd. [Ver = 1.00 | Size = 15840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.EXE -> %UserDesktop%\UPDDRV95.EXE -> Creative® Technology Ltd. [Ver = 1.15 | Size = 22528 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.INF -> %UserDesktop%\UPDDRV95.INF -> [Ver = | Size = 498 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0200.ACV -> %UserDesktop%\WFM0200.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 12800 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0200A.CSP -> %UserDesktop%\WFM0200A.CSP -> [Ver = | Size = 2238 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201.ACV -> %UserDesktop%\WFM0201.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 5024 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201A.CSP -> %UserDesktop%\WFM0201A.CSP -> [Ver = | Size = 6776 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202.ACV -> %UserDesktop%\WFM0202.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 49616 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202A.CSP -> %UserDesktop%\WFM0202A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203.ACV -> %UserDesktop%\WFM0203.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 60080 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203A.CSP -> %UserDesktop%\WFM0203A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 14/01/2008 17:21:59 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 14/01/2008 17:21:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Created Date = 20/12/2007 12:07:09 | Attr = ]
Creative -> %CommonProgramFiles%\Creative -> [Folder | Created Date = 25/12/2007 12:02:54 | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 06/01/2008 14:32:18 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 06/01/2008 14:22:23 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/01/2008 22:53:34 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 06/01/2008 15:51:55 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/01/2008 07:33:46 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr = ]
AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 06/01/2008 16:02:10 | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 2826 bytes | Modified Date = 07/01/2008 22:30:05 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 101473824 bytes | Modified Date = 15/01/2008 07:38:27 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1362020 bytes | Modified Date = 14/01/2008 22:59:06 | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1896736 bytes | Modified Date = 15/01/2008 07:36:39 | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 179816 bytes | Modified Date = 14/01/2008 22:59:07 | Attr = HS]
NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 25/12/2007 12:08:47 | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 25/12/2007 12:08:47 | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 15/01/2008 07:34:44 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/01/2008 19:53:49 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/01/2008 07:35:56 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 13/01/2008 13:40:28 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1566736 bytes | Modified Date = 15/01/2008 07:33:30 | Attr = ]
hhkmp.ini -> %System32%\hhkmp.ini -> [Ver = | Size = 6556 bytes | Modified Date = 15/01/2008 07:39:25 | Attr = HS]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 6516 bytes | Modified Date = 15/01/2008 07:37:47 | Attr = HS]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Modified Date = 20/12/2007 23:11:52 | Attr = ]
lsdelete.exe -> %System32%\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 13/01/2008 13:39:38 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 516804 bytes | Modified Date = 20/12/2007 15:16:45 | Attr = ]
pmkhh.dll -> %System32%\pmkhh.dll -> [Ver = | Size = 338944 bytes | Modified Date = 15/01/2008 07:34:25 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 11/01/2008 19:53:21 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 15/01/2008 07:33:59 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 10:47:24 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 06/01/2008 14:34:45 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 15/01/2008 07:33:15 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 10/01/2008 00:15:48 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 06/01/2008 17:20:00 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/01/2008 14:31:03 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 20/12/2007 18:28:56 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 09/01/2008 10:54:28 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/01/2008 22:53:56 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 28/12/2007 22:32:44 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 19/12/2007 20:16:48 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 20/12/2007 15:35:01 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 15/01/2008 07:36:44 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 13/01/2008 13:51:28 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/01/2008 19:53:20 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 06/01/2008 11:13:12 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 15/01/2008 07:36:05 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 15/01/2008 07:36:04 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 872 bytes | Modified Date = 06/01/2008 19:17:51 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 06/01/2008 12:06:24 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 12/01/2008 18:17:23 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 15/01/2008 07:33:25 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 20/12/2007 12:07:32 | Attr = ]
AOL OCP -> %AllUsersAppData%\AOL OCP -> [Folder | Modified Date = 20/12/2007 12:10:01 | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Modified Date = 13/01/2008 13:40:07 | Attr = ]
Creative -> %AllUsersAppData%\Creative -> [Folder | Modified Date = 25/12/2007 12:16:09 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 13/01/2008 13:42:27 | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 06/01/2008 14:30:37 | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 07/01/2008 17:30:12 | Attr = ]
Office Genuine Advantage -> %AllUsersAppData%\Office Genuine Advantage -> [Folder | Modified Date = 20/12/2007 22:50:55 | Attr = ]
Skype -> %AllUsersAppData%\Skype -> [Folder | Modified Date = 07/01/2008 20:59:32 | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/01/2008 22:54:01 | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 20/12/2007 12:07:57 | Attr = ]
Creative -> %UserAppData%\Creative -> [Folder | Modified Date = 26/12/2007 12:25:39 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 08/01/2008 01:51:58 | Attr = S]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 20/12/2007 15:35:01 | Attr = ]
ntr -> %UserAppData%\ntr -> [Folder | Modified Date = 13/01/2008 13:21:03 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/01/2008 22:53:34 | Attr = ]
Thunderbird -> %UserAppData%\Thunderbird -> [Folder | Modified Date = 20/12/2007 15:34:59 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Modified Date = 26/12/2007 13:38:01 | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 20/12/2007 12:09:12 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 9728 bytes | Modified Date = 12/01/2008 18:42:08 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 73048 bytes | Modified Date = 06/01/2008 16:11:39 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3729848 bytes | Modified Date = 27/12/2007 02:51:35 | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 20/12/2007 22:47:58 | Attr = ]
Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 20/12/2007 18:20:23 | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 06/01/2008 10:48:15 | Attr = ]
Thunderbird -> %LocalAppData%\Thunderbird -> [Folder | Modified Date = 20/12/2007 15:35:09 | Attr = ]
Audible -> %AllUsersDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:05 | Attr = ]
Audible -> %UserDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:13 | Attr = ]
Ben's Phone Folder -> %UserDocuments%\Ben's Phone Folder -> [Folder | Modified Date = 01/01/2008 17:01:14 | Attr = ]
Ben's Seriously Old School Work -> %UserDocuments%\Ben's Seriously Old School Work -> [Folder | Modified Date = 27/12/2007 02:11:59 | Attr = ]
Digital_Divide_(ASSIGNMENT_C)[1].docx -> %UserDocuments%\Digital_Divide_(ASSIGNMENT_C)[1].docx -> [Ver = | Size = 20080 bytes | Modified Date = 20/12/2007 11:28:26 | Attr = ]
jodis crap -> %UserDocuments%\jodis crap -> [Folder | Modified Date = 03/01/2008 01:06:36 | Attr = ]
liz -> %UserDocuments%\liz -> [Folder | Modified Date = 27/12/2007 02:11:48 | Attr = ]
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Modified Date = 06/01/2008 11:52:42 | Attr = ]
My Chat Logs -> %UserDocuments%\My Chat Logs -> [Folder | Modified Date = 02/01/2008 16:13:37 | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 12:07:37 | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 09/01/2008 17:58:02 | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 13/01/2008 21:45:04 | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 569 bytes | Modified Date = 14/01/2008 19:58:30 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Modified Date = 06/01/2008 21:15:13 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 13/01/2008 13:41:01 | Attr = ]
Creative Product Registration.lnk -> %AllUsersDesktop%\Creative Product Registration.lnk -> [Ver = | Size = 1972 bytes | Modified Date = 25/12/2007 12:05:51 | Attr = ]
Mozilla Thunderbird.lnk -> %AllUsersDesktop%\Mozilla Thunderbird.lnk -> [Ver = | Size = 1668 bytes | Modified Date = 20/12/2007 15:34:45 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Modified Date = 10/01/2008 21:18:33 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 14/01/2008 22:53:39 | Attr = ]
ZENcast Organizer.lnk -> %AllUsersDesktop%\ZENcast Organizer.lnk -> [Ver = | Size = 1747 bytes | Modified Date = 25/12/2007 12:04:28 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Modified Date = 13/01/2008 13:34:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Modified Date = 13/01/2008 13:39:17 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
Get a FREE audiobook!.lnk -> %UserDesktop%\Get a FREE audiobook!.lnk -> [Ver = | Size = 1574 bytes | Modified Date = 25/12/2007 12:05:21 | Attr = ]
Incomplete -> %UserDesktop%\Incomplete -> [Folder | Modified Date = 11/01/2008 19:13:02 | Attr = ]
james -> %UserDesktop%\james -> [Folder | Modified Date = 11/01/2008 18:35:16 | Attr = ]
Random Files Which May Be Of Use... Someday -> %UserDesktop%\Random Files Which May Be Of Use... Someday -> [Folder | Modified Date = 03/01/2008 12:22:41 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 07/01/2008 22:37:04 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 13/01/2008 13:29:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 14/01/2008 23:04:31 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 14/01/2008 17:21:47 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 20/12/2007 19:04:04 | Attr = ]
Creative -> %CommonProgramFiles%\Creative -> [Folder | Modified Date = 25/12/2007 12:02:54 | Attr = ]
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 06/01/2008 14:32:18 | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 06/01/2008 14:33:17 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 06/01/2008 14:26:51 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14/01/2008 22:52:35 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 13810 bytes | Modified Date = 15/01/2008 07:35:56 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 13810 bytes | Modified Date = 15/01/2008 07:35:56 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 03/12/2006 18:59:30 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8592 bytes | Modified Date = 06/01/2008 14:42:17 | Attr = ]

< End of report >





Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\avp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus C42 Series deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lsass deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Winupdate Engine deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\wowfx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xxyxywt.dll
C:\WINDOWS\System32\xxyxywt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xxyxywt.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6DB38642-A70F-4C98-B82F-80D80E29E1E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DB38642-A70F-4C98-B82F-80D80E29E1E0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:wowfx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:xlibgfl254.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintuh32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxywt\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xxyxywt.dll
C:\WINDOWS\System32\xxyxywt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xxyxywt.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xxyxywt.dll
C:\WINDOWS\System32\xxyxywt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xxyxywt.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{637fbc9d-80e4-47df-b4d9-9f1e83f5dde7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{637fbc9d-80e4-47df-b4d9-9f1e83f5dde7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F502B02B-65CB-471C-B410-66AE3B4325B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F502B02B-65CB-471C-B410-66AE3B4325B3}\ not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmkhh deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LEGO Media\Constructive\LEGO LOCO\Exe\Loco.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DAP\DAP.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Local Settings\Temp\win141.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Start Menu\Programs\Startup\findfast.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\trant.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ben\Application Data\mcrupdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\printer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spoolvs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\shell.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\emsbgrwm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\win13A.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe\ deleted successfully.
File C:\WINDOWS\pss\autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast .exe\ deleted successfully.
File C:\WINDOWS\pss\findfast .exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^ben^Start Menu^Programs^Startup^findfast.exe\ deleted successfully.
File C:\WINDOWS\pss\findfast.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EasySpywareCleaner hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spoolsv hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 days]
C:\Install moved successfully.
C:\IPH.PH moved successfully.
C:\WINDOWS\System32\audiopid.vxd moved successfully.
C:\WINDOWS\System32\ctfmona.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\drvwimr.dll
C:\WINDOWS\System32\drvwimr.dll NOT unregistered.
C:\WINDOWS\System32\drvwimr.dll moved successfully.
C:\WINDOWS\System32\dumphive.exe moved successfully.
C:\WINDOWS\System32\hhkmp.ini moved successfully.
C:\WINDOWS\System32\hhkmp.ini2 moved successfully.
C:\WINDOWS\System32\Jvpr02.0cx moved successfully.
C:\WINDOWS\System32\lhhkcaiq.ini moved successfully.
C:\WINDOWS\System32\ltwctfsw.ini moved successfully.
C:\WINDOWS\System32\mcrh.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\qvnciggn.exe moved successfully.
C:\WINDOWS\System32\uvofoxcq.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wintuh32.dll
C:\WINDOWS\System32\wintuh32.dll NOT unregistered.
C:\WINDOWS\System32\wintuh32.dll moved successfully.
C:\WINDOWS\System32\WS2Fix.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xxyxywt.dll
C:\WINDOWS\System32\xxyxywt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xxyxywt.dll scheduled to be moved on reboot.
C:\WINDOWS\System32\yagauhvs.exe moved successfully.
C:\WINDOWS\Casino.ico moved successfully.
C:\WINDOWS\cookies.ini moved successfully.
C:\WINDOWS\Free Online Dating.ico moved successfully.
C:\WINDOWS\Pref23.D1l moved successfully.
C:\WINDOWS\SHELLNEW moved successfully.
C:\WINDOWS\Spyware Remover.ico moved successfully.
C:\WINDOWS\ump.INI moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com\EasySpywareCleaner moved successfully.
C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com moved successfully.
C:\Documents and Settings\ben\My Documents\love2_isss539w.thm moved successfully.
C:\Documents and Settings\ben\Desktop\Go to Casino.lnk moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\IPH.PH not found!
File C:\WINDOWS\System32\ctfmona.exe not found!
File C:\WINDOWS\System32\drvwimr.dll not found!
C:\WINDOWS\System32\FNTCACHE.DAT moved successfully.
File C:\WINDOWS\System32\hhkmp.ini not found!
File C:\WINDOWS\System32\hhkmp.ini2 not found!
File C:\WINDOWS\System32\Jvpr02.0cx not found!
File C:\WINDOWS\System32\lhhkcaiq.ini not found!
File C:\WINDOWS\System32\ltwctfsw.ini not found!
File C:\WINDOWS\System32\mcrh.tmp not found!
C:\WINDOWS\System32\MRT.INI moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\qvnciggn.exe not found!
File C:\WINDOWS\System32\uvofoxcq.ini not found!
File C:\WINDOWS\System32\wintuh32.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\xxyxywt.dll
C:\WINDOWS\System32\xxyxywt.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\xxyxywt.dll scheduled to be moved on reboot.
File C:\WINDOWS\System32\yagauhvs.exe not found!
File C:\WINDOWS\Casino.ico not found!
File C:\WINDOWS\cookies.ini not found!
File C:\WINDOWS\Free Online Dating.ico not found!
File C:\WINDOWS\Pref23.D1l not found!
File C:\WINDOWS\Spyware Remover.ico not found!
File C:\WINDOWS\ump.INI not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\ben\Application Data\EasySpywareCleaner.com not found!
File C:\Documents and Settings\ben\My Documents\love2_isss539w.thm not found!
C:\Documents and Settings\ben\Desktop\Find Spyware Remover.lnk moved successfully.
C:\Documents and Settings\ben\Desktop\Free Online Dating.lnk moved successfully.
File C:\Documents and Settings\ben\Desktop\Go to Casino.lnk not found!
[Empty Temp Folders]
C:\DOCUME~1\ben\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\ben\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 01142008_230431






That's all of them. I am still having some of the same problems I think but I haven't really explored much yet.
Thanks again :thumbsup:

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 15 January 2008 - 11:51 AM

Hi PrittStick. Yeah, you still have a vundo infection in there somewhere. Let's try a different tool.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Next, start WinPFind35U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YN -> C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> wintuh32 -> wintuh32.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {803B99BE-7FF9-4F36-AEBB-3B99D3A6D359} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
YY -> hhkmp.ini -> %System32%\hhkmp.ini
YY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
YY -> pmkhh.dll -> %System32%\pmkhh.dll
[Files/Folders - Modified Within 30 days]
YY -> hhkmp.ini -> %System32%\hhkmp.ini
YY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
YY -> pmkhh.dll -> %System32%\pmkhh.dll
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
YY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Reboot the machine normally and post the following back here:
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
      • File - Additional Folder Scans
    • Do not change any other settings.
  • the Avenger report
  • the latest .log file from the WinPFind35u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 24 January 2008 - 03:36 PM

Hey again OldTimer. I am really sorry for being so late. I think I may have ran the same scans about three times but I keep forgetting and then I get disorientated lol. I wasn't sure what the Avenger report was and I don't think WinPFind35U worked properly but here is everything you asked for (other than Avenger).


VundoFix V6.3.23

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:41:50 20/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.tmp
C:\WINDOWS\system32\vabfrixw.dll
C:\WINDOWS\system32\vtutuvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvvwa.tmp
C:\WINDOWS\system32\tvvwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vabfrixw.dll
C:\WINDOWS\system32\vabfrixw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutuvv.dll
C:\WINDOWS\system32\vtutuvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:53:02 20/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 00:32:08 16/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\pmkhh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 16:49:30 24/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\bkgokcdc.exe
C:\WINDOWS\system32\grmdbcgw.exe
C:\WINDOWS\system32\qibxwgdv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bkgokcdc.exe
C:\WINDOWS\system32\bkgokcdc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\grmdbcgw.exe
C:\WINDOWS\system32\grmdbcgw.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qibxwgdv.dll
C:\WINDOWS\system32\qibxwgdv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\grmdbcgw.exe
C:\WINDOWS\system32\grmdbcgw.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...






WinPFind35 logfile created on: 24/01/2008 20:33:45
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\ben\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

511.48 Mb Total Physical Memory | 183.88 Mb Available Physical Memory | 35.95% Memory free
1.21 Gb Paging File | 0.90 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.71 Gb Free Space | 46.57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: ben
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
mysqld-nt.exe -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
pnkbstrb.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
grmdbcgw.exe -> %System32%\grmdbcgw.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 20/01/2008 11:18:11 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 06/01/2008 13:17:10 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 13/01/2008 13:37:52 | Attr = ]
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr = ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 03/05/2006 10:57:00 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\grmdbcgw.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 20/01/2008 11:18:11 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 16/09/2007 20:05:15 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 01:40:21 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(MySQL) MySQL [Win32_Own | Auto | Running] -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -> [Ver = | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr = ]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> File not found
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> File not found
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
msnmsgr -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe -> File not found
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< ben Startup Folder > -> C:\Documents and Settings\ben\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 02/12/2006 16:36:03 | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
-> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09/03/2007 18:52:52 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (3271 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ]
{6D5E21ED-2488-42C1-BA06-7B6B97610681} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2FA65E42-5C25-4B45-95D2-1A955809AA53} -> (1394 Net Adapter) ->
{38DBA83C-08A7-4717-9EC1-921D23B087EA} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}[HKEY_LOCAL_MACHINE] -> http://musicmix.messenger.msn.com/Medialogic.CAB[CMediaMix Object] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdat...b?1165078554578[MUWebControl Class] ->
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}[HKEY_LOCAL_MACHINE] -> http://launch.gamespyarcade.com/software/launch/alaunch.cab[GSDACtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_08] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab[HGPlugin9USA Class] ->
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc311.cab[Measurement Services Client v.3.11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
{D27CDB6E-AE6D-11CF-96B8-444553550000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shock...ash/swflash.cab[Reg Error: Key does not exist or could not be opened.] ->
{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}[HKEY_LOCAL_MACHINE] -> http://eu.ntrsupport.com/inquiero/mod/setu...tivex118_24.cab[NTR ActiveX 1.1.8] ->
{E862C832-3A5F-4CEB-BFAA-167B22010A71}[HKEY_LOCAL_MACHINE] -> http://support.packardbell.com/files/activ...nfosFinder2.CAB[InfosFinder2.InfosFinder] ->



[Files/Folders - Created Within 30 days]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 06/01/2008 14:22:23 | Attr = RH ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 13/01/2008 13:40:10 | Attr = ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 13/01/2008 13:40:12 | Attr = ]
4c008224 -> %System32%\4c008224 -> [Ver = | Size = 8 bytes | Created Date = 24/01/2008 19:40:10 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1566736 bytes | Created Date = 15/01/2008 07:33:12 | Attr = ]
grmdbcgw.exe -> %System32%\grmdbcgw.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 20/01/2008 11:18:11 | Attr = ]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 6556 bytes | Created Date = 24/01/2008 19:40:14 | Attr = HS]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
pmkhh.VIR -> %System32%\pmkhh.VIR -> [Ver = | Size = 338944 bytes | Created Date = 16/01/2008 07:37:15 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 06/01/2008 21:00:42 | Attr = ]
xcpelhbm.exe -> %System32%\xcpelhbm.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 22/01/2008 14:45:42 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 06/01/2008 11:11:32 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avira -> %AllUsersAppData%\Avira -> [Folder | Created Date = 13/01/2008 13:40:07 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 13/01/2008 13:35:57 | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 14/01/2008 22:54:01 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 14/01/2008 22:53:33 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Created Date = 26/12/2007 13:38:01 | Attr = ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Created Date = 06/01/2008 10:48:15 | Attr = ]
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Created Date = 06/01/2008 11:27:49 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:15:04 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Created Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 13/01/2008 13:41:01 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Created Date = 10/01/2008 21:18:33 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 14/01/2008 22:53:39 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Created Date = 13/01/2008 13:34:49 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Created Date = 13/01/2008 13:35:10 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
AWEMAN.DLL -> %UserDesktop%\AWEMAN.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 11328 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
AWEMAN32.DLL -> %UserDesktop%\AWEMAN32.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 35840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 19/01/2008 00:41:35 | Attr = ]
CIFMAN.CRL -> %UserDesktop%\CIFMAN.CRL -> Creative Technology Ltd. [Ver = 4.05.1003 | Size = 7168 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CIFMAN.DLL -> %UserDesktop%\CIFMAN.DLL -> Creative Technology Ltd. [Ver = 4.05.1005 | Size = 9728 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CSPMAN.DLL -> %UserDesktop%\CSPMAN.DLL -> Creative Technology Ltd. [Ver = 4.13.1 | Size = 19312 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CT3DSE.VXD -> %UserDesktop%\CT3DSE.VXD -> [Ver = | Size = 6398 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.INF -> %UserDesktop%\CTRESV.INF -> [Ver = | Size = 1315 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
CTRESV.VXD -> %UserDesktop%\CTRESV.VXD -> [Ver = | Size = 5942 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
DISK.ID -> %UserDesktop%\DISK.ID -> [Ver = | Size = 90 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
FILE_ID.DIZ -> %UserDesktop%\FILE_ID.DIZ -> [Ver = | Size = 608 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16.VXD -> %UserDesktop%\SB16.VXD -> [Ver = | Size = 111150 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16AWE.INF -> %UserDesktop%\SB16AWE.INF -> [Ver = | Size = 25050 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SB16SND.DRV -> %UserDesktop%\SB16SND.DRV -> Creative Technology Ltd. [Ver = 4.38.13 | Size = 103392 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE.VXD -> %UserDesktop%\SBAWE.VXD -> [Ver = | Size = 77370 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBAWE32.DRV -> %UserDesktop%\SBAWE32.DRV -> Creative Technology Ltd. [Ver = 4.38.0 | Size = 45264 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SBFM.DRV -> %UserDesktop%\SBFM.DRV -> Creative Technology Ltd. [Ver = 4.12.1 | Size = 4096 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 06/01/2008 21:00:29 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 13/01/2008 13:29:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
SYNTHGM.SBK -> %UserDesktop%\SYNTHGM.SBK -> [Ver = | Size = 34832 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UIDLL16.DLL -> %UserDesktop%\UIDLL16.DLL -> Creative® Technology Ltd. [Ver = 1.00 | Size = 15840 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.EXE -> %UserDesktop%\UPDDRV95.EXE -> Creative® Technology Ltd. [Ver = 1.15 | Size = 22528 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
UPDDRV95.INF -> %UserDesktop%\UPDDRV95.INF -> [Ver = | Size = 498 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 15/01/2008 22:52:49 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WFM0200.ACV -> %UserDesktop%\WFM0200.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 12800 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0200A.CSP -> %UserDesktop%\WFM0200A.CSP -> [Ver = | Size = 2238 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201.ACV -> %UserDesktop%\WFM0201.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 5024 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0201A.CSP -> %UserDesktop%\WFM0201A.CSP -> [Ver = | Size = 6776 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202.ACV -> %UserDesktop%\WFM0202.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 49616 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0202A.CSP -> %UserDesktop%\WFM0202A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203.ACV -> %UserDesktop%\WFM0203.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 60080 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WFM0203A.CSP -> %UserDesktop%\WFM0203A.CSP -> [Ver = | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 14/01/2008 17:21:59 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Created Date = 14/01/2008 17:21:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 06/01/2008 14:32:18 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 24/01/2008 19:54:59 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 06/01/2008 14:22:23 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/01/2008 22:53:34 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 06/01/2008 15:51:55 | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 24/01/2008 18:26:57 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 24/01/2008 12:48:54 | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr = ]
AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 06/01/2008 16:02:10 | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr = ]
hosts.msn -> %System32%\drivers\etc\hosts.msn -> [Ver = | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 104394784 bytes | Modified Date = 24/01/2008 20:26:40 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 1400996 bytes | Modified Date = 24/01/2008 19:36:56 | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 1964576 bytes | Modified Date = 24/01/2008 19:38:19 | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 186272 bytes | Modified Date = 24/01/2008 19:36:56 | Attr = HS]
NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 13/01/2008 13:39:39 | Attr = ]
4c008224 -> %System32%\4c008224 -> [Ver = | Size = 8 bytes | Modified Date = 24/01/2008 19:40:10 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 24/01/2008 19:52:36 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/01/2008 19:53:49 | Attr = ]
ctfmon.exe.tmp -> %System32%\ctfmon.exe.tmp -> [Ver = | Size = 359424 bytes | Modified Date = 24/01/2008 12:45:46 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 24/01/2008 19:40:26 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 13/01/2008 13:40:28 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 1566736 bytes | Modified Date = 15/01/2008 07:33:30 | Attr = ]
grmdbcgw.exe -> %System32%\grmdbcgw.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 20/01/2008 11:18:11 | Attr = ]
hhkmp.ini2 -> %System32%\hhkmp.ini2 -> [Ver = | Size = 6556 bytes | Modified Date = 24/01/2008 19:49:18 | Attr = HS]
lsdelete.exe -> %System32%\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 13/01/2008 13:39:38 | Attr = ]
pmkhh.VIR -> %System32%\pmkhh.VIR -> [Ver = | Size = 338944 bytes | Modified Date = 16/01/2008 07:37:16 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 11/01/2008 19:53:21 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 24/01/2008 19:52:59 | Attr = ]
xcpelhbm.exe -> %System32%\xcpelhbm.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 22/01/2008 14:45:42 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 10:47:24 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 06/01/2008 14:34:45 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 24/01/2008 19:51:44 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 10/01/2008 00:15:48 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 06/01/2008 17:20:00 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/01/2008 14:31:03 | Attr = R S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 09/01/2008 10:54:28 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/01/2008 22:53:56 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 28/12/2007 22:32:44 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24/01/2008 12:49:05 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 13/01/2008 13:51:28 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/01/2008 19:53:20 | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 06/01/2008 11:13:12 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 24/01/2008 19:54:58 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 24/01/2008 20:29:59 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 24/01/2008 20:34:42 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 872 bytes | Modified Date = 24/01/2008 19:54:58 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 06/01/2008 12:06:24 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 19/01/2008 18:17:08 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24/01/2008 19:52:02 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avira -> %AllUsersAppData%\Avira -> [Folder | Modified Date = 13/01/2008 13:40:07 | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 13/01/2008 13:42:27 | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 06/01/2008 14:30:37 | Attr = S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 07/01/2008 17:30:12 | Attr = ]
Skype -> %AllUsersAppData%\Skype -> [Folder | Modified Date = 07/01/2008 20:59:32 | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/01/2008 22:54:01 | Attr = ]
Creative -> %UserAppData%\Creative -> [Folder | Modified Date = 26/12/2007 12:25:39 | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 08/01/2008 01:51:58 | Attr = S]
ntr -> %UserAppData%\ntr -> [Folder | Modified Date = 13/01/2008 13:21:03 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/01/2008 22:53:34 | Attr = ]
Viewpoint -> %UserAppData%\Viewpoint -> [Folder | Modified Date = 26/12/2007 13:38:01 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 9728 bytes | Modified Date = 12/01/2008 18:42:08 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 73048 bytes | Modified Date = 06/01/2008 16:11:39 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4268806 bytes | Modified Date = 19/01/2008 11:59:54 | Attr = H ]
PCHealth -> %LocalAppData%\PCHealth -> [Folder | Modified Date = 06/01/2008 10:48:15 | Attr = ]
Audible -> %AllUsersDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:05 | Attr = ]
Audible -> %UserDocuments%\Audible -> [Folder | Modified Date = 06/01/2008 16:18:13 | Attr = ]
Ben's Phone Folder -> %UserDocuments%\Ben's Phone Folder -> [Folder | Modified Date = 01/01/2008 17:01:14 | Attr = ]
Ben's Seriously Old School Work -> %UserDocuments%\Ben's Seriously Old School Work -> [Folder | Modified Date = 27/12/2007 02:11:59 | Attr = ]
jodis crap -> %UserDocuments%\jodis crap -> [Folder | Modified Date = 03/01/2008 01:06:36 | Attr = ]
liz -> %UserDocuments%\liz -> [Folder | Modified Date = 27/12/2007 02:11:48 | Attr = ]
microsoft installations -> %UserDocuments%\microsoft installations -> [Folder | Modified Date = 06/01/2008 11:52:42 | Attr = ]
My Chat Logs -> %UserDocuments%\My Chat Logs -> [Folder | Modified Date = 02/01/2008 16:13:37 | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 12:07:37 | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 21/01/2008 19:58:23 | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 20/01/2008 13:05:34 | Attr = R ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 569 bytes | Modified Date = 24/01/2008 16:38:55 | Attr = ]
SmitfraudFix -> %UserDocuments%\SmitfraudFix -> [Folder | Modified Date = 06/01/2008 21:15:13 | Attr = ]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1790 bytes | Modified Date = 13/01/2008 13:36:08 | Attr = ]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 13/01/2008 13:41:01 | Attr = ]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk -> [Ver = | Size = 682 bytes | Modified Date = 10/01/2008 21:18:33 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 14/01/2008 22:53:39 | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 17896352 bytes | Modified Date = 13/01/2008 13:34:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 17788920 bytes | Modified Date = 13/01/2008 13:39:17 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 19/01/2008 00:41:35 | Attr = ]
Incomplete -> %UserDesktop%\Incomplete -> [Folder | Modified Date = 21/01/2008 15:54:02 | Attr = ]
james -> %UserDesktop%\james -> [Folder | Modified Date = 21/01/2008 15:23:51 | Attr = ]
Random Files Which May Be Of Use... Someday -> %UserDesktop%\Random Files Which May Be Of Use... Someday -> [Folder | Modified Date = 03/01/2008 12:22:41 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 07/01/2008 22:37:04 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 06/01/2008 21:11:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 13/01/2008 13:29:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 15/01/2008 22:52:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 14/01/2008 23:04:31 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 464339 bytes | Modified Date = 14/01/2008 17:21:47 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 06/01/2008 14:32:18 | Attr = ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 06/01/2008 14:33:17 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 06/01/2008 14:26:51 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14/01/2008 22:52:35 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 16286 bytes | Modified Date = 24/01/2008 19:53:26 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 16286 bytes | Modified Date = 24/01/2008 19:53:27 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 03/12/2006 18:59:30 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8592 bytes | Modified Date = 06/01/2008 14:42:17 | Attr = ]

< End of report >




Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\WINDOWS\system32\pmkhh.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintuh32\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{803B99BE-7FF9-4F36-AEBB-3B99D3A6D359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{803B99BE-7FF9-4F36-AEBB-3B99D3A6D359}\ not found.
LoadLibrary failed for C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\hhkmp.ini moved successfully.
C:\WINDOWS\System32\hhkmp.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\hhkmp.ini not found!
File C:\WINDOWS\System32\hhkmp.ini2 not found!
LoadLibrary failed for C:\WINDOWS\System32\pmkhh.dll
C:\WINDOWS\System32\pmkhh.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\pmkhh.dll scheduled to be moved on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Empty Temp Folders]
C:\DOCUME~1\ben\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\ben\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 01242008_190837

Edited by PrittStick, 24 January 2008 - 03:37 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 24 January 2008 - 05:09 PM

Hi PrittStick. That looks pretty good. There are still a couple of files in there so let's do it again.

First I need you to delete your current copy of WinPFind35u and download the latest version. The version you have is quite old already lol. Just delete hte file you downloaded and the folder it created on your desktop and then do the following:

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

files to delete:
c:\windows\System32\drivers\grmdbcgw.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YN -> C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe
[Files/Folders - Created Within 30 days]
NY -> 4c008224 -> %System32%\4c008224
NY -> grmdbcgw.exe -> %System32%\grmdbcgw.exe
NY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
NY -> pmkhh.VIR -> %System32%\pmkhh.VIR
[Files/Folders - Modified Within 30 days]
NY -> 4c008224 -> %System32%\4c008224
NY -> grmdbcgw.exe -> %System32%\grmdbcgw.exe
NY -> hhkmp.ini2 -> %System32%\hhkmp.ini2
NY -> pmkhh.VIR -> %System32%\pmkhh.VIR
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #4

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 26 January 2008 - 11:59 AM

Hi, think this is everything you have asked for. WinPFind35u restarted my computer by the way.

Thanks again OldTimer,

WinPFind35 logfile created on: 26/01/2008 16:53:51
WinPFind35U Version Beta37	 Folder = C:\Documents and Settings\ben\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
511.48 Mb Total Physical Memory | 240.20 Mb Available Physical Memory | 46.96% Memory free
1.21 Gb Paging File | 0.92 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.60 Gb Free Space | 46.43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: ben
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr =	]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr =	]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr =	]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr =	]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr =	]
mysqld-nt.exe -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ->  [Ver =  | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr =	]
pnkbstra.exe -> %System32%\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr =	]
pnkbstrb.exe -> %System32%\PnkBstrB.exe ->  [Ver =  | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr =	]
slserv.exe -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 24/01/2008 17:27:04 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ->  [Ver =  | Size = 124832 bytes | Modified Date = 02/10/2007 14:46:56 | Attr =	]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 28/08/2007 13:16:22 | Attr =	]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 13/01/2008 13:44:18 | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 21/02/2006 19:39:16 | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 03/05/2006 10:57:00 | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr =	]
(DomainService) DomainService [Win32_Own | Auto | Stopped] -> %System32%\grmdbcgw.exe -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 16/09/2007 20:05:15 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 01:40:21 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(MySQL) MySQL [Win32_Own | Auto | Running] -> %ProgramFiles%\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ->  [Ver =  | Size = 5701632 bytes | Modified Date = 04/05/2007 09:00:12 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 20/09/2007 18:39:36 | Attr =	]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %System32%\PnkBstrB.exe ->  [Ver =  | Size = 103736 bytes | Modified Date = 29/09/2007 09:43:38 | Attr =	]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 04/01/2007 21:38:08 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1505792 bytes | Modified Date = 21/02/2006 19:46:26 | Attr =	]
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 27/02/2007 15:25:10 | Attr =	]
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 17/09/2007 11:25:03 | Attr =	]
(avipbb) avipbb [Kernel | System | Running] -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctlsb16.sys -> Copyright (C) Creative Technology Ltd. 1994-2001 [Ver = 5.1.2501.0 built by: WinDDK | Size = 96256 bytes | Modified Date = 17/08/2001 12:19:20 | Attr =	]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %System32%\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 25/10/2004 20:02:00 | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 11/02/2005 11:19:20 | Attr =	]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 11/02/2005 11:21:02 | Attr =	]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 11/02/2005 11:21:10 | Attr =	]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 11/02/2005 11:22:48 | Attr =	]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 11/02/2005 11:24:24 | Attr =	]
(KLIF) KLIF [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.267 | Size = 179472 bytes | Modified Date = 07/09/2007 13:05:33 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %System32%\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Modified Date = 03/08/2004 22:41:40 | Attr =	]
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr =	]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 5.02.14.05 | Size = 6300 bytes | Modified Date = 15/02/2005 15:57:54 | Attr =	]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 5.02.14.05 | Size = 9021 bytes | Modified Date = 15/02/2005 15:57:54 | Attr =	]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 5.02.14.05 | Size = 140619 bytes | Modified Date = 17/02/2005 12:48:06 | Attr =	]
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %System32%\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Modified Date = 03/08/2004 22:41:40 | Attr =	]
(papycpu) papycpu [Kernel | On_Demand | Stopped] -> %System32%\drivers\papycpu.sys ->  [Ver =  | Size = 1888 bytes | Modified Date = 14/09/1998 11:57:46 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PnkBstrK) PnkBstrK [Kernel | On_Demand | Stopped] -> %System32%\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 29/09/2007 09:52:04 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 29/11/2007 21:44:27 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RecAgent) RecAgent [Kernel | Boot | Running] -> %System32%\drivers\RecAgent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Modified Date = 03/08/2004 22:41:40 | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 03/08/2004 22:31:34 | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr =	]
(SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 07/08/2007 00:15:07 | Attr =	]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr =	]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 03/03/2005 17:53:57 | Attr =	]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 23/02/2005 15:59:54 | Attr =	]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 03/12/2004 10:20:41 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr =	]
(Slntamr) Smart Link 56K Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Modified Date = 03/08/2004 22:41:44 | Attr =	]
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %System32%\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Modified Date = 03/08/2004 22:41:46 | Attr =	]
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %System32%\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Modified Date = 03/08/2004 22:41:46 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(ssmdrv) ssmdrv [Kernel | System | Running] -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 01/03/2007 10:34:36 | Attr =	]
(STAC97NA) SigmaTel 3D Environmental Audio [Kernel | On_Demand | Running] -> %System32%\drivers\stac97na.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 296179 bytes | Modified Date = 20/09/2002 18:42:32 | Attr =	]
(STAC97NH) STAC97NH [Kernel | On_Demand | Running] -> %System32%\drivers\stac97nh.sys -> SigmaTel Inc. [Ver = 6.13.10.9010 | Size = 231983 bytes | Modified Date = 20/09/2002 18:43:18 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.267 | Size = 179472 bytes | Modified Date = 07/09/2007 13:05:33 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found
DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> File not found
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> File not found
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> File not found
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe -> File not found
*MultiFile Done* -> -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< ben Startup Folder > -> C:\Documents and Settings\ben\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
  ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr =	]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 21/02/2006 19:40:30 | Attr =	]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09/03/2007 18:52:52 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (3271 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr =	]
{6D5E21ED-2488-42C1-BA06-7B6B97610681} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:33 | Attr =	]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2FA65E42-5C25-4B45-95D2-1A955809AA53} ->	(1394 Net Adapter) -> 
{38DBA83C-08A7-4717-9EC1-921D23B087EA} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}[HKEY_LOCAL_MACHINE] -> http://musicmix.messenger.msn.com/Medialogic.CAB[CMediaMix Object] -> 
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165078554578[MUWebControl Class] -> 
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}[HKEY_LOCAL_MACHINE] -> http://launch.gamespyarcade.com/software/launch/alaunch.cab[GSDACtl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[HGPlugin9USA Class] -> 
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc311.cab[Measurement Services Client v.3.11] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
{D27CDB6E-AE6D-11CF-96B8-444553550000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
{E6ACF817-0A85-4EBE-9F0A-096C6488CFEA}[HKEY_LOCAL_MACHINE] -> http://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab[NTR ActiveX 1.1.8] -> 
{E862C832-3A5F-4CEB-BFAA-167B22010A71}[HKEY_LOCAL_MACHINE] -> http://support.packardbell.com/files/activex/InfosFinder2.CAB[InfosFinder2.InfosFinder] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 26/01/2008 16:39:59 | Attr =	]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 06/01/2008 14:22:23 | Attr = RH ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 13/01/2008 13:40:12 | Attr =	]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 13/01/2008 13:40:12 | Attr =	]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 13/01/2008 13:40:10 | Attr =	]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 13/01/2008 13:40:12 | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 1566736 bytes | Created Date = 15/01/2008 07:33:12 | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
swsc.exe -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 06/01/2008 21:00:42 | Attr =	]
xcpelhbm.exe -> %System32%\xcpelhbm.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 22/01/2008 14:45:42 | Attr =	]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel ->  [Folder | Created Date = 06/01/2008 11:11:32 | Attr =	]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avira -> %AllUsersAppData%\Avira ->  [Folder | Created Date = 13/01/2008 13:40:07 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 13/01/2008 13:35:57 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 14/01/2008 22:54:01 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 14/01/2008 22:53:33 | Attr =	]
PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Created Date = 06/01/2008 10:48:15 | Attr =	]
microsoft installations -> %UserDocuments%\microsoft installations ->  [Folder | Created Date = 06/01/2008 11:27:49 | Attr =	]
SmitfraudFix -> %UserDocuments%\SmitfraudFix ->  [Folder | Created Date = 06/01/2008 21:15:04 | Attr =	]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk ->  [Ver =  | Size = 1851 bytes | Created Date = 13/01/2008 13:41:01 | Attr =	]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Created Date = 10/01/2008 21:18:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 14/01/2008 22:53:39 | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 17896352 bytes | Created Date = 13/01/2008 13:34:49 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe ->  [Ver =  | Size = 17788920 bytes | Created Date = 13/01/2008 13:35:10 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
avenger.exe -> %UserDesktop%\avenger.exe ->  [Ver =  | Size = 130048 bytes | Created Date = 26/01/2008 16:34:44 | Attr =	]
AWEMAN.DLL -> %UserDesktop%\AWEMAN.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 11328 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
AWEMAN32.DLL -> %UserDesktop%\AWEMAN32.DLL -> Creative Technology Ltd. [Ver = 1.44.11 | Size = 35840 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Created Date = 19/01/2008 00:41:35 | Attr =	]
CIFMAN.CRL -> %UserDesktop%\CIFMAN.CRL -> Creative Technology Ltd. [Ver = 4.05.1003 | Size = 7168 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CIFMAN.DLL -> %UserDesktop%\CIFMAN.DLL -> Creative Technology Ltd. [Ver = 4.05.1005 | Size = 9728 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CSPMAN.DLL -> %UserDesktop%\CSPMAN.DLL -> Creative Technology Ltd. [Ver = 4.13.1 | Size = 19312 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CT3DSE.VXD -> %UserDesktop%\CT3DSE.VXD ->  [Ver =  | Size = 6398 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CTRESV.INF -> %UserDesktop%\CTRESV.INF ->  [Ver =  | Size = 1315 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
CTRESV.VXD -> %UserDesktop%\CTRESV.VXD ->  [Ver =  | Size = 5942 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
DISK.ID -> %UserDesktop%\DISK.ID ->  [Ver =  | Size = 90 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
FILE_ID.DIZ -> %UserDesktop%\FILE_ID.DIZ ->  [Ver =  | Size = 608 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SB16.VXD -> %UserDesktop%\SB16.VXD ->  [Ver =  | Size = 111150 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SB16AWE.INF -> %UserDesktop%\SB16AWE.INF ->  [Ver =  | Size = 25050 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SB16SND.DRV -> %UserDesktop%\SB16SND.DRV -> Creative Technology Ltd. [Ver = 4.38.13 | Size = 103392 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SBAWE.VXD -> %UserDesktop%\SBAWE.VXD ->  [Ver =  | Size = 77370 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SBAWE32.DRV -> %UserDesktop%\SBAWE32.DRV -> Creative Technology Ltd. [Ver = 4.38.0 | Size = 45264 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SBFM.DRV -> %UserDesktop%\SBFM.DRV -> Creative Technology Ltd. [Ver = 4.12.1 | Size = 4096 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
SmitfraudFix -> %UserDesktop%\SmitfraudFix ->  [Folder | Created Date = 06/01/2008 21:00:29 | Attr =	]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe ->  [Ver =  | Size = 1129580 bytes | Created Date = 06/01/2008 21:11:50 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited									 [Ver =					  | Size = 5037072 bytes | Created Date = 13/01/2008 13:29:44 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
SYNTHGM.SBK -> %UserDesktop%\SYNTHGM.SBK ->  [Ver =  | Size = 34832 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
UIDLL16.DLL -> %UserDesktop%\UIDLL16.DLL -> Creative® Technology Ltd. [Ver = 1.00 | Size = 15840 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
UPDDRV95.EXE -> %UserDesktop%\UPDDRV95.EXE -> Creative® Technology Ltd. [Ver = 1.15 | Size = 22528 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
UPDDRV95.INF -> %UserDesktop%\UPDDRV95.INF ->  [Ver =  | Size = 498 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 15/01/2008 22:52:49 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WFM0200.ACV -> %UserDesktop%\WFM0200.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 12800 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0200A.CSP -> %UserDesktop%\WFM0200A.CSP ->  [Ver =  | Size = 2238 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0201.ACV -> %UserDesktop%\WFM0201.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 5024 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0201A.CSP -> %UserDesktop%\WFM0201A.CSP ->  [Ver =  | Size = 6776 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0202.ACV -> %UserDesktop%\WFM0202.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 49616 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0202A.CSP -> %UserDesktop%\WFM0202A.CSP ->  [Ver =  | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0203.ACV -> %UserDesktop%\WFM0203.ACV -> Creative Technology Ltd. [Ver = 4.03 | Size = 60080 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WFM0203A.CSP -> %UserDesktop%\WFM0203A.CSP ->  [Ver =  | Size = 9004 bytes | Created Date = 03/01/2008 12:21:34 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 26/01/2008 16:33:22 | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478410 bytes | Created Date = 26/01/2008 16:43:11 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 06/01/2008 14:32:18 | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 26/01/2008 16:39:59 | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 24/01/2008 19:54:59 | Attr =  HS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 06/01/2008 14:22:23 | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 24/01/2008 20:42:35 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 06/01/2008 15:51:55 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 24/01/2008 18:26:57 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 26/01/2008 16:38:48 | Attr =	]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 13/01/2008 13:44:19 | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 06/01/2008 16:02:10 | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr =	]
hosts.msn -> %System32%\drivers\etc\hosts.msn ->  [Ver =  | Size = 3271 bytes | Modified Date = 13/01/2008 14:36:13 | Attr =	]
fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 105149216 bytes | Modified Date = 26/01/2008 16:52:19 | Attr =  HS]
fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 1411340 bytes | Modified Date = 26/01/2008 16:45:39 | Attr =  HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 1981216 bytes | Modified Date = 26/01/2008 16:51:35 | Attr =  HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 187808 bytes | Modified Date = 26/01/2008 16:45:39 | Attr =  HS]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 26/01/2008 16:44:56 | Attr =	]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
config -> %System32%\config ->  [Folder | Modified Date = 11/01/2008 19:53:49 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 24/01/2008 19:40:26 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 26/01/2008 16:40:00 | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 1566736 bytes | Modified Date = 15/01/2008 07:33:30 | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 11/01/2008 19:53:21 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 26/01/2008 16:47:17 | Attr =	]
xcpelhbm.exe -> %System32%\xcpelhbm.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 22/01/2008 14:45:42 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 09/01/2008 10:47:24 | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 06/01/2008 14:34:45 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 26/01/2008 16:46:49 | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 10/01/2008 00:15:48 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 06/01/2008 17:20:00 | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 06/01/2008 14:31:03 | Attr = R S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 24/01/2008 20:45:37 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 24/01/2008 20:48:05 | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 28/12/2007 22:32:44 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 26/01/2008 16:35:36 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 13/01/2008 13:51:28 | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 11/01/2008 19:53:20 | Attr =	]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel ->  [Folder | Modified Date = 06/01/2008 11:13:12 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 285 bytes | Modified Date = 24/01/2008 19:54:58 | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 26/01/2008 16:45:00 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 26/01/2008 16:52:22 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 872 bytes | Modified Date = 24/01/2008 19:54:58 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 06/01/2008 12:06:24 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 19/01/2008 18:17:08 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 26/01/2008 16:46:52 | Attr =  H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avira -> %AllUsersAppData%\Avira ->  [Folder | Modified Date = 13/01/2008 13:40:07 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 13/01/2008 13:42:27 | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 06/01/2008 14:30:37 | Attr =   S]
Microsoft Help -> %AllUsersAppData%\Microsoft Help ->  [Folder | Modified Date = 07/01/2008 17:30:12 | Attr =	]
Skype -> %AllUsersAppData%\Skype ->  [Folder | Modified Date = 07/01/2008 20:59:32 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 14/01/2008 22:54:01 | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 08/01/2008 01:51:58 | Attr =   S]
ntr -> %UserAppData%\ntr ->  [Folder | Modified Date = 13/01/2008 13:21:03 | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 14/01/2008 22:53:34 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 9728 bytes | Modified Date = 12/01/2008 18:42:08 | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 73048 bytes | Modified Date = 06/01/2008 16:11:39 | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 4810806 bytes | Modified Date = 26/01/2008 16:45:07 | Attr =  H ]
PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Modified Date = 06/01/2008 10:48:15 | Attr =	]
Audible -> %AllUsersDocuments%\Audible ->  [Folder | Modified Date = 06/01/2008 16:18:05 | Attr =	]
Audible -> %UserDocuments%\Audible ->  [Folder | Modified Date = 06/01/2008 16:18:13 | Attr =	]
Ben's Phone Folder -> %UserDocuments%\Ben's Phone Folder ->  [Folder | Modified Date = 01/01/2008 17:01:14 | Attr =	]
jodis crap -> %UserDocuments%\jodis crap ->  [Folder | Modified Date = 03/01/2008 01:06:36 | Attr =	]
microsoft installations -> %UserDocuments%\microsoft installations ->  [Folder | Modified Date = 06/01/2008 11:52:42 | Attr =	]
My Chat Logs -> %UserDocuments%\My Chat Logs ->  [Folder | Modified Date = 02/01/2008 16:13:37 | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 03/01/2008 12:07:37 | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 21/01/2008 19:58:23 | Attr = R  ]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 20/01/2008 13:05:34 | Attr = R  ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 569 bytes | Modified Date = 26/01/2008 16:48:33 | Attr =	]
SmitfraudFix -> %UserDocuments%\SmitfraudFix ->  [Folder | Modified Date = 06/01/2008 21:15:13 | Attr =	]
AntiVir PE Classic.lnk -> %AllUsersDesktop%\AntiVir PE Classic.lnk ->  [Ver =  | Size = 1851 bytes | Modified Date = 13/01/2008 13:41:01 | Attr =	]
PowerISO.lnk -> %AllUsersDesktop%\PowerISO.lnk ->  [Ver =  | Size = 682 bytes | Modified Date = 10/01/2008 21:18:33 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 14/01/2008 22:53:39 | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 17896352 bytes | Modified Date = 13/01/2008 13:34:54 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe ->  [Ver =  | Size = 17788920 bytes | Modified Date = 13/01/2008 13:39:17 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 19/01/2008 00:41:35 | Attr =	]
Incomplete -> %UserDesktop%\Incomplete ->  [Folder | Modified Date = 25/01/2008 18:07:25 | Attr =	]
james -> %UserDesktop%\james ->  [Folder | Modified Date = 25/01/2008 17:43:46 | Attr =	]
Random Files Which May Be Of Use... Someday -> %UserDesktop%\Random Files Which May Be Of Use... Someday ->  [Folder | Modified Date = 03/01/2008 12:22:41 | Attr =	]
SmitfraudFix -> %UserDesktop%\SmitfraudFix ->  [Folder | Modified Date = 07/01/2008 22:37:04 | Attr =	]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe ->  [Ver =  | Size = 1129580 bytes | Modified Date = 06/01/2008 21:11:50 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited									 [Ver =					  | Size = 5037072 bytes | Modified Date = 13/01/2008 13:29:50 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 15/01/2008 22:52:53 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 26/01/2008 16:52:05 | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478410 bytes | Modified Date = 26/01/2008 16:43:30 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 06/01/2008 14:32:18 | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 24/01/2008 20:44:03 | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 06/01/2008 14:26:51 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 24/01/2008 20:42:48 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 16286 bytes | Modified Date = 26/01/2008 16:48:29 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 16286 bytes | Modified Date = 26/01/2008 16:48:29 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 03/12/2006 18:59:30 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8592 bytes | Modified Date = 06/01/2008 14:42:17 | Attr =	]

< End of report >



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xrmhgmfq

*******************

Script file located at: \??\C:\WINDOWS\eibvoohg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\System32\drivers\grmdbcgw.exe not found!
Deletion of file c:\windows\System32\drivers\grmdbcgw.exe failed!

Could not process line:
c:\windows\System32\drivers\grmdbcgw.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 26 January 2008 - 03:54 PM

Hi PrittStick. That looks alot better. Just a few leftover reg entires to clean up.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YN -> (DomainService) DomainService [Win32_Own | Auto | Stopped] -> %System32%\grmdbcgw.exe
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YN -> C:\WINDOWS\system32\pmkhh.exe -> %System32%\pmkhh.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {6D5E21ED-2488-42C1-BA06-7B6B97610681} [HKEY_LOCAL_MACHINE] -> %System32%\pmkhh.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 26 January 2008 - 04:06 PM

That was easy lol, here is the log.

[Win32 Services - Non-Microsoft Only]
Service DomainService stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\C:\WINDOWS\system32\pmkhh.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D5E21ED-2488-42C1-BA06-7B6B97610681}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D5E21ED-2488-42C1-BA06-7B6B97610681}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
< End of fix log >
WinPFind35U Version Beta37 fix logfile created on 01262008_210543

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 26 January 2008 - 05:42 PM

Hi PrittStick. It's nice to have them easy once in a while isn't it?

Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 PrittStick

PrittStick
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Location:Wolverhampton, England
  • Local time:12:28 PM

Posted 26 January 2008 - 07:11 PM

Thanks a lot OldTimer, I really appreciate you fixing my PC. I'll try and keep it clean this time lol.

Thanks again,
PrittStick

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:28 AM

Posted 26 January 2008 - 11:32 PM

You are very welcome PrittStick. I'm glad that we could help.

I will now close this topic. If yo uhave any new malware related issues in the future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users