Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wng_z3r0


  • Please log in to reply
2 replies to this topic

#1 moonjokes

moonjokes

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 20 August 2007 - 11:47 PM

WinPFind logfile created on: 8/21/2007 12:37:28 AM
WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind\

Windows OS and Versions

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 6.0.2900.2180

Memory/Drive Info

1022.11 Mb Total Physical Memory | 731.98 Mb Available Physical Memory | 71.61% Memory free
2.40 Gb Paging File | 2.14 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 33.39 Gb Free Space | 35.84% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-6BE5C33FD5
Current User Name: Owner
Logged in as Administrator.
Cannot determine boot mode.

Running Processes (Non-Microsoft)

C:\Documents and Settings\Owner\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Program Files\Spyware Doctor\svcntaux.exe (PC Tools)
C:\Program Files\Spyware Doctor\swdsvc.exe (PC Tools)

Win32 Services (Non-Microsoft)

(AntiVirMailService) AntiVir Windows Workstation MailGuard [Win32_Own | Auto | Stopped]
= C:\Program Files\AntiVir Workstation\avmailc.exe (Avira GmbH)

(AntiVirScheduler) AntiVir Windows Workstation Scheduler [Win32_Own | Auto | Stopped]
= C:\Program Files\AntiVir Workstation\sched.exe (Avira GmbH)

(AntiVirService) AntiVir Windows Workstation Guard [Win32_Own | Auto | Stopped]
= C:\Program Files\AntiVir Workstation\avguard.exe (Avira GmbH)

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped]
= C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

(AVEService) AntiVir Windows Workstation MailGuard helper service [Win32_Own | Auto | Stopped]
= C:\Program Files\AntiVir Workstation\avesvc.exe (Avira GmbH)

(ccEvtMgr) Symantec Event Manager [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)

(ccPwdSvc) Symantec Password Validation [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE (Symantec Corporation)

(ccSetMgr) Symantec Settings Manager [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(LiveUpdate) LiveUpdate [Win32_Own | Disabled | Stopped]
= C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)

(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()

(MWAgent) MWAgent [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)

(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Disabled | Stopped]
= C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)

(PrismXL) PrismXL [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Norton AntiVirus\SAVSCAN.EXE (Symantec Corporation)

(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)

(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running]
= C:\Program Files\Spyware Doctor\svcntaux.exe (PC Tools)

(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running]
= C:\Program Files\Spyware Doctor\swdsvc.exe (PC Tools)

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe (Symantec Corporation)

Registry Items (Non-Microsoft)

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
avgnt = C:\Program Files\AntiVir Workstation\avgnt.exe (Avira GmbH)
mmtask = C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
RemoteControl = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
SDTray = C:\Program Files\Spyware Doctor\SDTrayApp.exe (PC Tools)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
Symantec NetDriver Monitor = C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UnHackMe Monitor = C:\PROGRA~1\UnHackMe\hackmon.exe (File not found)
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe (Uniblue Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Owner\Start Menu\Programs\Startup >
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Mopy Points Collector.lnk
C:\MOPYFISH\GETPOINT.EXE ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
mcupdmgr.exe = 3
iPodService = 3
gusvc = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk (File not found)
location = Common Startup
item = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup = C:\WINDOWS\pss\BigFix.lnk (File not found)
location = Common Startup
item = BigFix

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup = C:\WINDOWS\pss\WinZip Quick Pick.lnk (File not found)
location = Common Startup
item = WinZip Quick Pick

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKLM
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = AOLSP Scheduler
hkey = HKLM
command = C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = atiptaxx
hkey = HKLM
command = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cleanup]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mcappins
hkey = HKLM
command = c:\PROGRA~1\mcafee.com\shared\mcappins.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = AOLHostManager
hkey = HKLM
command = C:\Program Files\Common Files\AOL\1143989041\EE\AOLHostManager.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = iTunesHelper
hkey = HKLM
command = C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\McafWelcome]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mcwelcom
hkey = HKLM
command = C:\PROGRA~1\McAfee.com\Agent\mcwelcom.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mcagent
hkey = HKLM
command = c:\PROGRA~1\mcafee.com\agent\mcagent.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mcupdate
hkey = HKLM
command = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
hkey = HKLM
command = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
command = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Steam
hkey = HKCU
command = C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunKist]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = shwicon2k
hkey = HKLM
command = C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = realsched
hkey = HKLM
command = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = winampa
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = YAHOOM~1
hkey = HKCU
command = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 2
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

>>>>> ICQ Net Settings <<<<<

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\]
[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps]*





>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
DllName = C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 10188 bytes | Modified Date: 3/23/2007 2:06:32 PM)

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Search_URL = http://www.google.com
Search Page = http://www.google.com
Start Page =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
= ScriptInocUI Class ( HKLM = Reg Data - Key not found (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
- Yahoo! Toolbar Helper ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
- Yahoo! IE Services Button ( HKLM = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = c:\program files\Google\googletoolbar1.dll (Google Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
- Google Toolbar Notifier BHO ( HKLM = C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
- CNavExtBho Class ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

>>>>> HKLM Internet Explorer ToolBars <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar1.dll (Google Inc.) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar1.dll (Google Inc.) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8192 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} = 8193 - Yahoo! IE Services Button ( HKLM = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} = 8196 - Messenger Class ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8198

>>>>> HKLM Internet Explorer Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
ButtonText = Yahoo! Services
ClsidExtension = {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button ( HKLM C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}]
ButtonText = AIM
Exec = C:\Program Files\AIM\aim.exe (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
ButtonText = Real.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
ButtonText = Yahoo! Messenger
MenuText = Yahoo! Messenger
Exec = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping]

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search]
@ = C:\Program Files\AOL Toolbar\toolbar.dll\SEARCH.HTM (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Windows Live Search]
@ = C:\Program Files\Windows Live Toolbar\msntb.dll\search.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Yahoo! Search]
@ = C:\Program Files\Yahoo!\Common\YCSRCH.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open in new background tab]
@ = 29?266bbcf33f2244cc9e33f65a880c4161 (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open in new foreground tab]
@ = 30?266bbcf33f2244cc9e33f65a880c4161 (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Dictionary]
@ = C:\Program Files\Yahoo!\Common\YCDICT.HTM ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Maps]
@ = C:\Program Files\Yahoo!\Common\ycmap.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &SMS]
@ = C:\Program Files\Yahoo!\Common\YCsms.htm ()

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel ( HKLM = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning ( HKLM = C:\Program Files\AntiVir Workstation\shlext.dll (Avira GmbH) )
{5464D816-CF16-4784-B9F3-75C0DB52B499} = YMailShellExt Class ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi2005010104.dll (Yahoo! Inc.) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

>>>>> HKCU Approved Shell Extensions <<<<<

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning]
@ = {45AC2688-0253-4ED8-97DE-B5370FA7D48A} ( HKLM = C:\Program Files\AntiVir Workstation\shlext.dll (Avira GmbH) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Yahoo! Mail]
@ = {5464D816-CF16-4784-B9F3-75C0DB52B499} ( HKLM = C:\Program Files\Yahoo!\Common\ymmapi2005010104.dll (Yahoo! Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning]
@ = {45AC2688-0253-4ED8-97DE-B5370FA7D48A} ( HKLM = C:\Program Files\AntiVir Workstation\shlext.dll (Avira GmbH) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
SynchronousMachineGroupPolicy = 0
SynchronousUserGroupPolicy = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
NoLowDiskSpaceChecks = 1

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = Partizan;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) )
TEMP = %SystemRoot%\TEMP
TMP = %SystemRoot%\TEMP
windir = %SystemRoot%

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%SystemRoot%\system32
%SystemRoot%
%SystemRoot%\System32\Wbem
C:\Program Files\ATI Technologies\ATI Control Panel
C:\Program Files\QuickTime\QTSystem\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> SafeBoot Option Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> Reg Data - Key not found
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [cmd] -> cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BDF731F-4E91-4796-A3B0-E96F577BD85E}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{56C3E7DA-4FAB-484D-8DEF-1F7C3A76BECC}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67D12DFF-B321-4A9A-942B-DCA48CF7EAC6}] ( Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.5
DhcpNameServer = 192.168.1.1
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71345FA5-61DC-430E-8468-A76800CB0393}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7640FBC9-9036-4464-AFAD-CAADC0EF1C89}] ( Broadcom 802.11g Network Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.3
DhcpNameServer = 192.168.1.1
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99020401-DCEA-48DE-A386-FAF724759DE5}] ( Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller )
DefaultGateway =
DhcpIPAddress = 69.47.114.137
DhcpServer = 172.31.15.248
DhcpSubnetMask = 255.255.240.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
PackedCatalogItem = aavsda.dll (File not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
PackedCatalogItem = aavsda.dll (File not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
PackedCatalogItem = aavsda.dll (File not found)

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = My Computer
about: - 4 = Restricted sites (Not a Default Protocol)

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\DownloadInformation]
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
INF = C:\WINDOWS\Downloaded Program Files\avsniff.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation]
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
INF = C:\Program Files\Yahoo!\Common\yinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\DownloadInformation]
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
INF = C:\WINDOWS\Downloaded Program Files\CabSA.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =


Files / Folders Created Within 60 Days

C:\23990098.$$$ [Ver = | Size = 0 bytes | Created Date = 7/27/2007 2:57:02 PM | Attr = ]
C:\bootini.uns [Ver = | Size = 191 bytes | Created Date = 8/12/2007 4:30:14 PM | Attr = ]
C:\MOPYFISH [Folder | Created Date = 8/13/2007 12:20:00 AM | Attr = ]
C:\PUB [Folder | Created Date = 7/27/2007 2:57:02 PM | Attr = ]
C:\RootkitNO [Folder | Created Date = 7/26/2007 4:50:10 PM | Attr = ]
C:\Rustbfix [Folder | Created Date = 7/26/2007 9:59:40 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [Folder | Created Date = 7/23/2007 12:33:39 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\AntiVir Workstation [Folder | Created Date = 8/20/2007 7:27:22 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\Help [Folder | Created Date = 8/14/2007 3:08:47 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\PC Tools [Folder | Created Date = 8/20/2007 3:12:04 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\SpinTop [Folder | Created Date = 7/23/2007 12:25:45 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\Uniblue [Folder | Created Date = 8/20/2007 4:29:55 PM | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\Help [Folder | Created Date = 8/14/2007 3:08:47 PM | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\Oblivion [Folder | Created Date = 7/21/2007 8:57:21 PM | Attr = ]
C:\Documents and Settings\Owner\My Documents\My Games [Folder | Created Date = 7/21/2007 8:57:21 PM | Attr = ]
C:\Documents and Settings\Owner\My Documents\RegRun2 [Folder | Created Date = 7/26/2007 4:49:48 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\RegCure.lnk [Ver = | Size = 441 bytes | Created Date = 8/20/2007 7:03:14 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\RegistryBooster 2.lnk [Ver = | Size = 794 bytes | Created Date = 8/20/2007 4:29:51 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [Ver = | Size = 768 bytes | Created Date = 8/20/2007 3:12:07 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\antivir_workstation_win7u_en_h.exe [Ver = | Size = 17180760 bytes | Created Date = 8/20/2007 6:32:31 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\avg75free_484a1100.exe [Ver = | Size = 26578096 bytes | Created Date = 8/20/2007 6:20:50 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\BUGHUN22 [Folder | Created Date = 8/20/2007 3:36:53 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\BUGHUN22.ZIP [Ver = | Size = 247080 bytes | Created Date = 8/20/2007 3:35:55 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\dl.php [Ver = | Size = 22994 bytes | Created Date = 8/20/2007 4:14:51 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Games wow oblivion [Folder | Created Date = 7/22/2007 8:07:09 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\gmer.zip [Ver = | Size = 502055 bytes | Created Date = 8/20/2007 3:04:11 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\HBEDV.KEY [Ver = | Size = 1536 bytes | Created Date = 8/20/2007 6:36:53 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\installspeedfan432.exe [Ver = | Size = 1570268 bytes | Created Date = 8/20/2007 7:47:35 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\RegCureSetup_1_5.exe ParetoLogic Inc. [Ver = 1.5.0.0 | Size = 1075536 bytes | Created Date = 8/20/2007 7:03:06 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\regcure_1.0.0.43_(Serial).zip [Ver = | Size = 194 bytes | Created Date = 8/20/2007 7:11:42 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\RegCure_v1.x.x.x.zip [Ver = | Size = 240424 bytes | Created Date = 8/20/2007 7:14:44 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\registryboosteraff.exe Uniblue [Ver = RegistryBooster 2.0 | Size = 4190792 bytes | Created Date = 8/20/2007 4:29:16 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Registry_Booster_-_wbb_west.rar [Ver = | Size = 4215358 bytes | Created Date = 8/20/2007 4:36:19 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Registry_Booster_2_2_(Serial).zip [Ver = | Size = 387 bytes | Created Date = 8/20/2007 4:37:36 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Reg_Cure_Version_1.0.0.43_(Serial).zip [Ver = | Size = 368 bytes | Created Date = 8/20/2007 7:13:43 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\sdsetup.exe PC Tools [Ver = 5.0.5.259 | Size = 14920632 bytes | Created Date = 8/20/2007 3:11:22 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\SETUP.PREVX2.1.0.2.61.2K2K3XP.x86AMD64.exe [Ver = | Size = 14072888 bytes | Created Date = 8/20/2007 3:33:10 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk [Ver = | Size = 682 bytes | Created Date = 8/20/2007 7:47:51 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\unhackme(2).zip [Ver = | Size = 3535909 bytes | Created Date = 8/20/2007 5:24:34 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\unhackme.zip [Ver = | Size = 3535909 bytes | Created Date = 8/20/2007 3:28:25 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\WinPFind [Folder | Created Date = 8/20/2007 11:36:25 PM | Attr = ]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Mopy Points Collector.lnk [Ver = | Size = 534 bytes | Created Date = 8/13/2007 12:20:25 AM | Attr = ]
C:\Program Files\Common Files\MicroWorld [Folder | Created Date = 7/27/2007 2:50:33 PM | Attr = ]
C:\Program Files\Common Files\Softwin [Folder | Created Date = 7/26/2007 2:09:27 PM | Attr = ]
C:\WINDOWS\$NtUninstallKB921503$ [Folder | Created Date = 8/15/2007 11:02:35 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB936021$ [Folder | Created Date = 8/15/2007 11:02:50 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB936782_WMP11$ [Folder | Created Date = 8/15/2007 10:59:03 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB937143$ [Folder | Created Date = 8/15/2007 10:59:59 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938127$ [Folder | Created Date = 8/15/2007 11:00:35 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938828$ [Folder | Created Date = 8/15/2007 11:02:42 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938829$ [Folder | Created Date = 8/15/2007 11:02:28 AM | Attr = H ]
C:\WINDOWS\BlendSettings.ini [Ver = | Size = 23 bytes | Created Date = 7/21/2007 9:23:05 PM | Attr = ]
C:\WINDOWS\BYEFISH.EXE [Ver = | Size = 10944 bytes | Created Date = 8/13/2007 12:20:24 AM | Attr = ]
C:\WINDOWS\ERDNT [Folder | Created Date = 8/20/2007 4:18:21 PM | Attr = ]
C:\WINDOWS\gmer.dll [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 8/20/2007 3:04:23 PM | Attr = ]
C:\WINDOWS\gmer.exe [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 8/20/2007 3:04:23 PM | Attr = R ]
C:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Created Date = 8/20/2007 3:04:23 PM | Attr = ]
C:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Created Date = 8/20/2007 3:04:23 PM | Attr = ]
C:\WINDOWS\inst_tsp.exe [Ver = | Size = 40448 bytes | Created Date = 7/27/2007 2:50:12 PM | Attr = ]
C:\WINDOWS\killproc.exe MicroWorld Technologies Inc. [Ver = 4, 0, 0, 5 | Size = 41984 bytes | Created Date = 7/27/2007 2:50:19 PM | Attr = ]
C:\WINDOWS\Lic.xxx [Ver = | Size = 26 bytes | Created Date = 7/27/2007 2:40:42 PM | Attr = ]
C:\WINDOWS\mopyfish.ini [Ver = | Size = 124 bytes | Created Date = 8/13/2007 12:20:00 AM | Attr = ]
C:\WINDOWS\MOPYFISH.SCR [Ver = | Size = 14320 bytes | Created Date = 8/13/2007 12:20:24 AM | Attr = ]
C:\WINDOWS\Prefetch [Folder | Created Date = 8/12/2007 4:35:01 PM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 8/19/2007 1:37:04 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 8/19/2007 1:37:04 PM | Attr = H ]
C:\WINDOWS\REGBK00.ZIP [Ver = | Size = 4624088 bytes | Created Date = 7/27/2007 2:58:50 PM | Attr = ]
C:\WINDOWS\REGBK01.ZIP [Ver = | Size = 4620511 bytes | Created Date = 8/12/2007 4:29:47 PM | Attr = ]
C:\WINDOWS\rootkitno.ini [Ver = | Size = 134 bytes | Created Date = 7/26/2007 4:55:11 PM | Attr = ]
C:\WINDOWS\ua2.dll [Ver = | Size = 77312 bytes | Created Date = 7/26/2007 12:28:36 PM | Attr = ]
C:\WINDOWS\winsbak.reg [Ver = | Size = 18706 bytes | Created Date = 7/27/2007 2:50:50 PM | Attr = ]
C:\WINDOWS\winsbak2.reg [Ver = | Size = 147790 bytes | Created Date = 7/27/2007 2:50:50 PM | Attr = ]
C:\WINDOWS\winstart.bat [Ver = | Size = 2 bytes | Created Date = 8/20/2007 3:29:17 PM | Attr = RHS]
C:\WINDOWS\System32\BASSMOD.dll [Ver = | Size = 34308 bytes | Created Date = 8/20/2007 7:14:52 PM | Attr = ]
C:\WINDOWS\System32\bdod.bin [Ver = | Size = 81984 bytes | Created Date = 7/26/2007 2:15:58 PM | Attr = ]
C:\WINDOWS\System32\contfilt.dll MicroWorld Technologies Inc. [Ver = 4, 0, 0, 14 | Size = 950272 bytes | Created Date = 7/27/2007 2:50:14 PM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Created Date = 8/12/2007 2:27:10 PM | Attr = ]
C:\WINDOWS\System32\FLCSS.EXE [Folder | Created Date = 7/27/2007 2:50:10 PM | Attr = ]
C:\WINDOWS\System32\initdebug.nfo [Ver = | Size = 45 bytes | Created Date = 8/20/2007 7:47:48 PM | Attr = ]
C:\WINDOWS\System32\mwnsp.dll MicroWorld Technologies Inc. [Ver = 934, 0, 0, 0 | Size = 118784 bytes | Created Date = 7/27/2007 2:50:14 PM | Attr = ]
C:\WINDOWS\System32\mwtsp.dll MicroWorld Technologies Inc. [Ver = 934, 0, 0, 0 | Size = 339968 bytes | Created Date = 7/27/2007 2:50:12 PM | Attr = ]
C:\WINDOWS\System32\UNZDLL.DLL [Ver = 1, 6, 0 | Size = 125440 bytes | Created Date = 7/27/2007 2:50:12 PM | Attr = ]
C:\WINDOWS\System32\ZIPDLL.DLL [Ver = 1, 6, 0 | Size = 130560 bytes | Created Date = 7/27/2007 2:50:12 PM | Attr = ]
C:\WINDOWS\System32\drivers\avipbb.sys Avira GmbH [Ver = 1.00.01.09 | Size = 43584 bytes | Created Date = 8/20/2007 6:56:12 PM | Attr = ]
C:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 8/20/2007 3:04:23 PM | Attr = ]
C:\WINDOWS\System32\drivers\ikfilesec.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Created Date = 8/20/2007 3:12:06 PM | Attr = ]
C:\WINDOWS\System32\drivers\iksysflt.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Created Date = 8/20/2007 3:12:06 PM | Attr = ]
C:\WINDOWS\System32\drivers\iksyssec.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Created Date = 8/20/2007 3:12:06 PM | Attr = ]
C:\WINDOWS\System32\drivers\kcom.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 8/20/2007 3:12:06 PM | Attr = ]
C:\WINDOWS\System32\drivers\ssmdrv.sys Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 8/20/2007 6:56:12 PM | Attr = ]

Files / Folders Modified Within 30 Days

C:\23990098.$$$ [Ver = | Size = 0 bytes | Modified Date = 8/12/2007 5:30:20 PM | Attr = ]
C:\boot.ini [Ver = | Size = 199 bytes | Modified Date = 8/12/2007 5:30:20 PM | Attr = RHS]
C:\bootini.uns [Ver = | Size = 191 bytes | Modified Date = 7/27/2007 3:50:50 PM | Attr = ]
C:\Documents and Settings [Folder | Modified Date = 7/27/2007 3:50:46 PM | Attr = ]
C:\MOPYFISH [Folder | Modified Date = 8/20/2007 10:40:32 PM | Attr = ]
C:\Program Files [Folder | Modified Date = 8/20/2007 11:18:08 PM | Attr = ]
C:\PUB [Folder | Modified Date = 8/12/2007 5:29:46 PM | Attr = ]
C:\RootkitNO [Folder | Modified Date = 8/20/2007 6:37:56 PM | Attr = ]
C:\Rustbfix [Folder | Modified Date = 8/14/2007 4:17:40 PM | Attr = ]
C:\System Volume Information [Folder | Modified Date = 8/12/2007 5:42:28 PM | Attr = HS]
C:\WINDOWS [Folder | Modified Date = 8/20/2007 6:27:32 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\AntiVir Workstation [Folder | Modified Date = 8/20/2007 8:24:12 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\mainlsp.reg.dat [Ver = | Size = 144198 bytes | Modified Date = 8/20/2007 8:25:02 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\TEMP [Folder | Modified Date = 7/23/2007 1:26:10 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 (101 bytes)
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 (113 bytes)
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [Folder | Modified Date = 7/23/2007 1:33:40 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\AntiVir Workstation [Folder | Modified Date = 8/20/2007 8:27:24 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\Help [Folder | Modified Date = 8/14/2007 4:08:48 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\PC Tools [Folder | Modified Date = 8/20/2007 4:12:06 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\SpinTop [Folder | Modified Date = 7/23/2007 1:25:46 PM | Attr = ]
C:\Documents and Settings\Owner\Application Data\Uniblue [Folder | Modified Date = 8/20/2007 5:29:56 PM | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\Help [Folder | Modified Date = 8/14/2007 4:08:48 PM | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [Ver = | Size = 1076140 bytes | Modified Date = 8/20/2007 6:32:24 PM | Attr = H ]
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft [Folder | Modified Date = 8/12/2007 9:37:50 PM | Attr = ]
C:\Documents and Settings\Owner\My Documents\My Music [Folder | Modified Date = 8/13/2007 12:56:20 PM | Attr = R ]
C:\Documents and Settings\Owner\My Documents\My Pictures [Folder | Modified Date = 8/13/2007 12:06:40 PM | Attr = R ]
C:\Documents and Settings\Owner\My Documents\RegRun2 [Folder | Modified Date = 7/26/2007 6:04:12 PM | Attr = ]
C:\Documents and Settings\Owner\My Documents\WoW-BurningCrusade-enUS-Slim-Installer [Folder | Modified Date = 8/3/2007 10:39:08 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\RegCure.lnk [Ver = | Size = 441 bytes | Modified Date = 8/20/2007 8:03:16 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\RegistryBooster 2.lnk [Ver = | Size = 794 bytes | Modified Date = 8/20/2007 5:29:52 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [Ver = | Size = 768 bytes | Modified Date = 8/20/2007 4:12:08 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\antivir_workstation_win7u_en_h.exe [Ver = | Size = 17180760 bytes | Modified Date = 8/20/2007 7:35:06 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\avg75free_484a1100.exe [Ver = | Size = 26578096 bytes | Modified Date = 8/20/2007 7:26:02 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\BUGHUN22 [Folder | Modified Date = 8/20/2007 4:59:56 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\BUGHUN22.ZIP [Ver = | Size = 247080 bytes | Modified Date = 8/20/2007 4:36:46 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\dl.php [Ver = | Size = 22994 bytes | Modified Date = 8/20/2007 5:14:52 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Games wow oblivion [Folder | Modified Date = 8/20/2007 6:12:00 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\gmer.zip [Ver = | Size = 502055 bytes | Modified Date = 8/20/2007 4:04:14 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\HBEDV.KEY [Ver = | Size = 1536 bytes | Modified Date = 8/20/2007 7:36:50 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\installspeedfan432.exe [Ver = | Size = 1570268 bytes | Modified Date = 8/20/2007 8:47:42 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\RegCureSetup_1_5.exe ParetoLogic Inc. [Ver = 1.5.0.0 | Size = 1075536 bytes | Modified Date = 8/20/2007 8:03:10 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\regcure_1.0.0.43_(Serial).zip [Ver = | Size = 194 bytes | Modified Date = 8/20/2007 8:11:42 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\RegCure_v1.x.x.x.zip [Ver = | Size = 240424 bytes | Modified Date = 8/20/2007 8:14:46 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\registryboosteraff.exe Uniblue [Ver = RegistryBooster 2.0 | Size = 4190792 bytes | Modified Date = 8/20/2007 5:29:40 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Registry_Booster_-_wbb_west.rar [Ver = | Size = 4215358 bytes | Modified Date = 8/20/2007 5:37:54 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Registry_Booster_2_2_(Serial).zip [Ver = | Size = 387 bytes | Modified Date = 8/20/2007 5:37:36 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\Reg_Cure_Version_1.0.0.43_(Serial).zip [Ver = | Size = 368 bytes | Modified Date = 8/20/2007 8:13:42 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\sdsetup.exe PC Tools [Ver = 5.0.5.259 | Size = 14920632 bytes | Modified Date = 8/20/2007 4:11:48 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\SETUP.PREVX2.1.0.2.61.2K2K3XP.x86AMD64.exe [Ver = | Size = 14072888 bytes | Modified Date = 8/20/2007 4:34:56 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\SpeedFan.lnk [Ver = | Size = 682 bytes | Modified Date = 8/20/2007 8:47:52 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\unhackme(2).zip [Ver = | Size = 3535909 bytes | Modified Date = 8/20/2007 6:24:46 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\unhackme.zip [Ver = | Size = 3535909 bytes | Modified Date = 8/20/2007 4:28:36 PM | Attr = ]
C:\Documents and Settings\Owner\Desktop\WinPFind [Folder | Modified Date = 8/21/2007 12:36:26 AM | Attr = ]
C:\Program Files\Common Files\Microsoft Shared [Folder | Modified Date = 8/14/2007 4:25:38 PM | Attr = ]
C:\Program Files\Common Files\MicroWorld [Folder | Modified Date = 8/12/2007 5:29:48 PM | Attr = ]
C:\Program Files\Common Files\Softwin [Folder | Modified Date = 7/26/2007 3:10:26 PM | Attr = ]
C:\Program Files\Common Files\Symantec Shared [Folder | Modified Date = 8/20/2007 6:43:30 PM | Attr = ]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Mopy Points Collector.lnk [Ver = | Size = 534 bytes | Modified Date = 8/13/2007 1:20:26 AM | Attr = ]
C:\WINDOWS\$hf_mig$ [Folder | Modified Date = 8/14/2007 4:32:50 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB921503$ [Folder | Modified Date = 8/15/2007 12:02:38 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB936021$ [Folder | Modified Date = 8/15/2007 12:02:52 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB936782_WMP11$ [Folder | Modified Date = 8/15/2007 11:59:06 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB937143$ [Folder | Modified Date = 8/15/2007 12:00:06 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938127$ [Folder | Modified Date = 8/15/2007 12:00:38 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938828$ [Folder | Modified Date = 8/15/2007 12:02:44 PM | Attr = H ]
C:\WINDOWS\$NtUninstallKB938829$ [Folder | Modified Date = 8/15/2007 12:02:30 PM | Attr = H ]
C:\WINDOWS\BlendSettings.ini [Ver = | Size = 23 bytes | Modified Date = 7/26/2007 3:11:20 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 8/20/2007 11:26:04 PM | Attr = S]
C:\WINDOWS\BYEFISH.EXE [Ver = | Size = 10944 bytes | Modified Date = 8/13/2007 1:20:02 AM | Attr = ]
C:\WINDOWS\Downloaded Program Files [Folder | Modified Date = 7/23/2007 1:26:02 PM | Attr = S]
C:\WINDOWS\ERDNT [Folder | Modified Date = 8/20/2007 5:18:22 PM | Attr = ]
C:\WINDOWS\gmer.dll [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 8/20/2007 4:04:24 PM | Attr = ]
C:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Modified Date = 8/20/2007 7:11:42 PM | Attr = ]
C:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Modified Date = 8/20/2007 4:04:24 PM | Attr = ]
C:\WINDOWS\Help [Folder | Modified Date = 8/20/2007 6:57:34 PM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 8/15/2007 12:02:48 PM | Attr = ]
C:\WINDOWS\inf [Folder | Modified Date = 8/20/2007 11:18:10 PM | Attr = H ]
C:\WINDOWS\Installer [Folder | Modified Date = 8/15/2007 11:59:24 AM | Attr = HS]
C:\WINDOWS\Lic.xxx [Ver = | Size = 26 bytes | Modified Date = 7/27/2007 3:40:44 PM | Attr = ]
C:\WINDOWS\Minidump [Folder | Modified Date = 7/27/2007 3:52:04 PM | Attr = ]
C:\WINDOWS\mopyfish.ini [Ver = | Size = 124 bytes | Modified Date = 8/15/2007 12:12:42 PM | Attr = ]
C:\WINDOWS\MOPYFISH.SCR [Ver = | Size = 14320 bytes | Modified Date = 8/13/2007 1:20:02 AM | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 7/29/2007 1:34:02 PM | Attr = ]
C:\WINDOWS\Prefetch [Folder | Modified Date = 8/20/2007 7:00:02 PM | Attr = ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 8/19/2007 2:37:06 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 8/20/2007 9:24:34 PM | Attr = H ]
C:\WINDOWS\REGBK00.ZIP [Ver = | Size = 4624088 bytes | Modified Date = 7/27/2007 3:59:24 PM | Attr = ]
C:\WINDOWS\REGBK01.ZIP [Ver = | Size = 4620511 bytes | Modified Date = 8/12/2007 5:30:14 PM | Attr = ]
C:\WINDOWS\Registration [Folder | Modified Date = 8/20/2007 7:06:50 PM | Attr = ]
C:\WINDOWS\rootkitno.ini [Ver = | Size = 134 bytes | Modified Date = 8/20/2007 6:38:10 PM | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 8/12/2007 5:30:14 PM | Attr = ]
C:\WINDOWS\system32 [Folder | Modified Date = 8/20/2007 8:47:50 PM | Attr = ]
C:\WINDOWS\Tasks [Folder | Modified Date = 8/20/2007 8:03:20 PM | Attr = S]
C:\WINDOWS\Temp [Folder | Modified Date = 8/20/2007 11:26:30 PM | Attr = ]
C:\WINDOWS\ua2.dll [Ver = | Size = 77312 bytes | Modified Date = 8/14/2007 4:25:38 PM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 630 bytes | Modified Date = 8/12/2007 5:30:20 PM | Attr = ]
C:\WINDOWS\winsbak.reg [Ver = | Size = 18706 bytes | Modified Date = 7/27/2007 3:50:52 PM | Attr = ]
C:\WINDOWS\winsbak2.reg [Ver = | Size = 147790 bytes | Modified Date = 7/27/2007 3:50:52 PM | Attr = ]
C:\WINDOWS\winstart.bat [Ver = | Size = 2 bytes | Modified Date = 8/20/2007 6:27:42 PM | Attr = RHS]
C:\WINDOWS\WinSxS [Folder | Modified Date = 8/15/2007 11:59:22 AM | Attr = ]
C:\WINDOWS\System32\AUTOEXEC.NT [Ver = | Size = 1688 bytes | Modified Date = 8/20/2007 6:27:42 PM | Attr = ]
C:\WINDOWS\System32\avsda.dll Avira GmbH [Ver = 7.0.0.5 | Size = 69672 bytes | Modified Date = 8/20/2007 7:56:16 PM | Attr = ]
C:\WINDOWS\System32\BASSMOD.dll [Ver = | Size = 34308 bytes | Modified Date = 8/20/2007 8:14:54 PM | Attr = ]
C:\WINDOWS\System32\bdod.bin [Ver = | Size = 81984 bytes | Modified Date = 8/12/2007 5:32:20 PM | Attr = ]
C:\WINDOWS\System32\CatRoot2 [Folder | Modified Date = 8/20/2007 11:18:06 PM | Attr = ]
C:\WINDOWS\System32\compmgmt.msc [Ver = | Size = 49025 bytes | Modified Date = 7/26/2007 2:36:18 PM | Attr = ]
C:\WINDOWS\System32\config [Folder | Modified Date = 8/20/2007 5:22:52 PM | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2577 bytes | Modified Date = 8/20/2007 6:27:42 PM | Attr = ]
C:\WINDOWS\System32\d3d8caps.dat [Ver = | Size = 1100 bytes | Modified Date = 7/30/2007 3:27:34 PM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Modified Date = 8/18/2007 4:35:04 AM | Attr = ]
C:\WINDOWS\System32\dllcache [Folder | Modified Date = 8/15/2007 12:02:54 PM | Attr = RHS]
C:\WINDOWS\System32\drivers [Folder | Modified Date = 8/20/2007 11:26:28 PM | Attr = ]
C:\WINDOWS\System32\FLCSS.EXE [Folder | Modified Date = 7/27/2007 3:50:12 PM | Attr = ]
C:\WINDOWS\System32\initdebug.nfo [Ver = | Size = 45 bytes | Modified Date = 8/20/2007 8:47:52 PM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 53166 bytes | Modified Date = 8/20/2007 6:17:00 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 380918 bytes | Modified Date = 8/20/2007 6:17:00 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 439376 bytes | Modified Date = 8/20/2007 6:17:00 PM | Attr = ]
C:\WINDOWS\System32\Restore [Folder | Modified Date = 8/20/2007 7:06:06 PM | Attr = ]
C:\WINDOWS\System32\wbem [Folder | Modified Date = 8/20/2007 7:06:52 PM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1170 bytes | Modified Date = 8/20/2007 11:26:36 PM | Attr = ]
C:\WINDOWS\System32\drivers\avipbb.sys Avira GmbH [Ver = 1.00.01.09 | Size = 43584 bytes | Modified Date = 8/20/2007 7:56:14 PM | Attr = ]
C:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 8/20/2007 4:04:24 PM | Attr = ]
C:\WINDOWS\System32\drivers\ikfilesec.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Modified Date = 8/14/2007 5:02:00 PM | Attr = ]
C:\WINDOWS\System32\drivers\iksysflt.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Modified Date = 8/14/2007 5:02:02 PM | Attr = ]
C:\WINDOWS\System32\drivers\iksyssec.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Modified Date = 8/14/2007 5:02:04 PM | Attr = ]
C:\WINDOWS\System32\drivers\kcom.sys PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Modified Date = 8/14/2007 5:02:06 PM | Attr = ]
C:\WINDOWS\System32\drivers\ssmdrv.sys Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 8/20/2007 7:56:14 PM | Attr = ]

File String Scan (Non-Microsoft Only)
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:211ED887 (101 bytes)
@Alternate Data Stream - C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 (113 bytes)
[Umonitor , ]C:\Documents and Settings\Owner\Desktop\SETUP.PREVX2.1.0.2.61.2K2K3XP.x86AMD64.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\inst_tsp.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\killproc.exe (MicroWorld Technologies Inc.)
[Umonitor , ]C:\WINDOWS\pxinstall_log.txt ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
[Thawte Consulting , ]C:\WINDOWS\System32\itiimg3.dll (InterActual Technologies, Inc.)
[Thawte Consulting , ]C:\WINDOWS\System32\pxcpya64.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxhpinst.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxinsa64.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxinsi64.exe (Sonic Solutions)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[abetterinternet.com , ]C:\WINDOWS\System32\drivers\etc\hosts ()

< End of report >

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 August 2007 - 03:00 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum moonjokes :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Download Trend Micro HijackThis 2.0.2 to your desktop:
Double click on HJTInstall.exe,it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis.
When the install is complete,HijackThis will automatically launch.
When the license agreement appears,select "I Accept" and then click on the "Do a system scan only" button.
When the scan is complete,click on the "Save Log" button,then save it to your desktop.
Copy and paste the entire contents of that log into your next reply.
Posted Image
Posted Image

#3 wng_z3r0

wng_z3r0

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 22 August 2007 - 07:53 PM

Hi Richie, this is actually a continuation of this log:
http://www.bleepingcomputer.com/forums/ind...mp;#entry598980


Moonjokes, Can you please NOT run combofix at this time. Your computer is too unstable right now.
I have been looking over your bootlog file, and there's many things going wrong there.

Can you please try to tell me exactly what you have done to clean up your computer? I know you mentioned a registry cleaner, is this the one?
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe (Uniblue Software)


wng
There are 10 kinds of people in this world, those who understand binary #'s & those who dont
Just my 10 cents

HijackThis, Adaware, Spybot search and destroy, Zone Alarm firewall, Spyware Blaster, Type faster!!

Posted Image
Proud member of Alliance of Security Analysis Professionals since 2005




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users