Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Analyse, Highjackthis Log Wowfx.dll


  • Please log in to reply
18 replies to this topic

#1 zhengn

zhengn

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 January 2008 - 08:26 AM

Hi everyone. Recently, I have been experiencing problems with my computer. I believe I have a few viruses. Error messages come up whenever i open a program, saying that there is an error with the program. There is always a referral to wowfx.dll
Please help me analyse the log from HighJackThis, and if you can, find any other problems and help me fix them up. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:35 AM, on 9/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zhengn\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = westbourne.vic.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8754 bytes

BC AdBot (Login to Remove)

 


#2 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 January 2008 - 10:06 PM

Can anyone help?

#3 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 10 January 2008 - 08:41 AM

here is an updated version to anyone who can help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:33 AM, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zhengn\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = westbourne.vic.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8817 bytes

#4 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 January 2008 - 12:38 AM

Another edit: 15/1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:54 PM, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zhengn\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = westbourne.vic.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8866 bytes

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 18 January 2008 - 08:42 PM

Hello zhengn and welcome to the BC HijackThis forum. It looks like there is something in there but I don't think we are seeing it all. Let's look around a bit more.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 20 January 2008 - 08:01 AM

Hi,
Thanks for your reply OldTimer. I've followed your instructions and here is the log.

WinPFind35 logfile created on: 20/01/2008 11:50:58 PM
WinPFind35U Version Beta26 Folder = C:\Documents and Settings\zhengn\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

238.86 Mb Total Physical Memory | 18.57 Mb Available Physical Memory | 7.77% Memory free
924.49 Mb Paging File | 215.02 Mb Available in Paging File | 23.26% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.85 Gb Free Space | 53.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 2008ZHENGN
Current User Name: zhengn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 11:01:00 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 18/08/2003 9:51:02 AM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
ezsp_px.exe -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
pmproxy.exe -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\sdtrayapp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 7/01/2008 1:54:18 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 45056 bytes | Modified Date = 25/09/2003 10:19:10 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 11:51:02 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 19/01/2008 1:35:44 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2/09/2006 4:36:33 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 7/08/2006 4:03:02 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
(UTSCSI) USBest Service Zero [Win32_Own | Auto | Stopped] -> %System32%\UTSCSI.EXE -> [Ver = | Size = 0 bytes | Modified Date = 6/12/2007 9:41:24 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.26 | Size = 98912 bytes | Modified Date = 10/01/2003 5:51:34 PM | Attr = ]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.22 2.1.22 12/20/2002 13:07:32 | Size = 1164576 bytes | Modified Date = 20/12/2002 1:07:34 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(AR5211) Atheros AR5001 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 2.4.2.14 | Size = 324608 bytes | Modified Date = 14/09/2003 8:16:16 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 15/10/2004 2:50:20 PM | Attr = ]
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 29/09/2004 2:24:38 PM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 10/01/2004 3:28:18 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %System32%\drivers\CdaD10BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 20/05/2007 8:08:13 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 4/08/2004 12:07:18 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 4/08/2004 12:07:18 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 29/08/2002 11:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0000 built by: WinDDK | Size = 140800 bytes | Modified Date = 25/09/2002 6:09:12 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 12/09/2007 7:00:00 PM | Attr = ]
(EraserUtilDrvI4) EraserUtilDrvI4 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilDrvI4.sys -> File not found
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 16/10/2007 7:00:00 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 90907 bytes | Modified Date = 23/04/2003 10:10:06 AM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Modified Date = 4/10/2007 5:10:52 PM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Modified Date = 4/10/2007 5:10:54 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Modified Date = 4/10/2007 5:10:58 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(kalleny5812-ae6) kalleny5812-ae6 [Kernel | Auto | Stopped] -> %System32%\kalleny5812-ae6.sys -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) WPA Security Protocol (IEEE 802.1x) v2.2.0.0 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2,2,0,0 | Size = 11861 bytes | Modified Date = 25/11/2003 1:35:19 PM | Attr = ]
(meiudf) meiudf [File_System | System | Running] -> %System32%\drivers\meiudf.sys -> Matsubleepa Electric Industrial Co.,Ltd. [Ver = 3.0.8.0 | Size = 90416 bytes | Modified Date = 31/01/2003 7:45:56 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080107.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 17/12/2007 8:00:00 PM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080107.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 17/12/2007 8:00:00 PM | Attr = ]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %System32%\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 29/01/2003 4:35:00 PM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pciSd) pciSd [Kernel | On_Demand | Stopped] -> %System32%\drivers\tossdpci.sys -> TOSHIBA [Ver = 1.00.07.30210 | Size = 15143 bytes | Modified Date = 12/02/2003 9:03:54 AM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 29/08/2002 11:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.53a | Size = 17136 bytes | Modified Date = 3/06/2003 2:02:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 6/09/2006 2:41:20 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 6/09/2006 2:41:20 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 9:25:53 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3542 | Size = 541376 bytes | Modified Date = 28/01/2003 11:32:02 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 11/04/2006 5:13:34 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Modified Date = 18/09/2006 5:55:28 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 7/08/2006 4:02:22 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 7/08/2006 4:02:26 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 271728 bytes | Modified Date = 30/05/2003 8:56:22 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tsdhd.sys -> TOSHIBA Corporation [Ver = 2, 0, 4, 30514 | Size = 25888 bytes | Modified Date = 14/05/2003 5:38:32 PM | Attr = ]
(TVALD) Toshiba ACPI-Based Value Added Logical Device Driver [Kernel | Boot | Running] -> %System32%\drivers\TVALD.SYS -> Toshiba Corporation [Ver = V2, 0,1 | Size = 5300 bytes | Modified Date = 20/06/2002 11:53:28 PM | Attr = ]
(TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %System32%\drivers\TVALG.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 7 | Size = 5936 bytes | Modified Date = 13/09/2001 7:53:02 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(XDva009) XDva009 [Kernel | On_Demand | Stopped] -> %System32%\XDva009.sys -> File not found
(XDva032) XDva032 [Kernel | On_Demand | Stopped] -> %System32%\XDva032.sys -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 113504 bytes | Modified Date = 23/04/2003 10:15:06 AM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 78752 bytes | Modified Date = 23/04/2003 10:14:56 AM | Attr = ]
({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 [Kernel | On_Demand | Running] -> %System32%\drivers\wa301a.sys -> Intel Corporation [Ver = 4.13.10.3514 | Size = 33335 bytes | Modified Date = 23/04/2003 10:10:12 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
000StTHK -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00THotkey -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
ezShieldProtector for Px -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
PmProxy -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\sdtrayapp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 7/01/2008 1:54:18 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
taskmon -> %SystemRoot%\taskmon.exe -> File not found
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
TPSMain -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
Viewbar -> %ProgramFiles%\AGLOCO Viewbar\Viewbar.exe -> File not found
vptray -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Service Pack 1 -> %System32%\vedxg6ame4.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
< zhengn Startup Folder > -> C:\Documents and Settings\zhengn\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll -> [Ver = | Size = 18944 bytes | Modified Date = 6/12/2005 11:32:01 AM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
wowfx.dll -> %System32%\wowfx.dll -> [Ver = | Size = 18944 bytes | Modified Date = 6/12/2005 11:32:01 AM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 7/04/2003 12:06:48 AM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 27/09/2006 8:33:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\Wallpaper -> ->
< HOSTS File > (213869 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://intranet ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4033 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 12:47:54 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{03B02E66-A116-4424-BE36-DEE642CE3421} -> (Atheros AR5001X Mini PCI Wireless Network Adapter) ->
{2F7BBB47-2E44-47A4-A182-9EE5A226F871} -> (Atheros AR5001X+ Wireless Network Adapter) ->
{85A85B1E-F549-4BE0-9108-595A12ACADC0} -> (1394 Net Adapter) ->
{8B9AF8C4-BFC7-4827-920C-1745707722B6} -> (1394 Net Adapter) ->
{E91036C3-916E-4551-8582-D824B720A3B6} -> (Intel® PRO/100 VE Network Connection) ->
{FC3CB677-3C95-4D3E-9FBB-DA6743BC3D1A} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1A1F56AA-3401-46F9-B277-D57F3421F821}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/share...GamesLoader.cab[FunGamesLoader Object] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671[WUWebControl Class] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/...7956.6378819444[Reg Error: Key does not exist or could not be opened.] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->
{EA1B8527-E422-4909-825A-70BE0694F18E}[HKEY_LOCAL_MACHINE] -> https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab[PortfolioManagerWT ProfileManager Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 1:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 16/06/2005 4:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 1:56:44 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 26/04/2007 1:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 4/08/2004 1:56:48 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 784 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 4/08/2004 1:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 4/08/2004 1:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 29/08/2002 11:00:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5930 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 4/08/2004 1:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe -> C:\Program Files\BitTornado\btdownloadgui.exe [C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui] -> [Ver = | Size = 87552 bytes | Modified Date = 19/10/2006 12:30:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 14/10/2004 3:24:37 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe -> C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe [C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher] -> MAIET entertainment [Ver = 1, 0, 1, 9 | Size = 481280 bytes | Modified Date = 16/01/2007 3:00:38 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe -> C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe [C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe:*:Enabled:Gunz] -> MAIET entertainment [Ver = 1, 0, 0, 26 | Size = 2551808 bytes | Modified Date = 28/10/2007 8:56:04 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Anarchy\Moon Tycoon\MT.exe -> C:\Program Files\Anarchy\Moon Tycoon\MT.exe [C:\Program Files\Anarchy\Moon Tycoon\MT.exe:*:Enabled:Moon Tycoon] -> Unique Entertainment [Ver = 1.0 | Size = 1247233 bytes | Modified Date = 9/06/2004 12:05:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vedxga8me6.exe -> C:\WINDOWS\system32\vedxga8me6.exe [C:\WINDOWS\system32\vedxga8me6.exe:*:Enabled:vedxga8me6] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\taskmon.exe -> C:\WINDOWS\taskmon.exe [C:\WINDOWS\taskmon.exe:*:Enabled:enable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1C546FFE-2C59-41B5-B8CA-880D2EE9893F} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{13012300-D096-40D9-8CBA-BB5170513627} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{ECDC14A5-7B45-408B-8673-FC6637D6F254} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FC3CB677-3C95-4D3E-9FBB-DA6743BC3D1A} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4/08/2004 1:56:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 3:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 4/08/2004 1:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 3:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Cryptography\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Cryptography\AutoEnrollment\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Cryptography\AutoEnrollment\\AEPolicy -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Netlogon\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\LimitSystemRestoreCheckpointing -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\DisableMSI -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 19/04/2007 3:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 4/08/2004 1:56:56 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 4/08/2004 1:56:48 AM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ? ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\GPTWirelessPolicy\ -> ->
*DSWirelessPolicyPath* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\GPTWirelessPolicy\\DSWirelessPolicyPath ->
LDAP://CN=Westbourne Wireless Network Policy -> -> File not found
cn=Wireless -> -> File not found
cn=Windows -> -> File not found
cn=Microsoft -> -> File not found
CN=Machine -> -> File not found
cn={5ED20CAC-F689-4EBF-B2BB-1A0E63FB86F8} -> -> File not found
cn=policies -> -> File not found
cn=system -> -> File not found
DC=westbourne -> -> File not found
DC=vic -> -> File not found
DC=edu -> -> File not found
DC=au -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\GPTWirelessPolicy\\DSWirelessPolicyFlags -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\GPTWirelessPolicy\\DSWirelessPolicyName -> Westbourne Wireless Network Policy ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\GPTWirelessPolicy\\WirelessID -> {f0927563-115a-4e5a-9fa1-1abd331dc6a8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\ClassName -> msieee80211-Policy ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\name -> Westbourne Wireless Network Policy ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\WirelessName -> Westbourne Wireless Network Policy ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\WirelessID -> {f0927563-115a-4e5a-9fa1-1abd331dc6a8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\WirelessDataType -> 256 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\WirelessData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Wireless\Policy\Cache\Westbourne Wireless Network Policy\\whenChanged -> 27850008 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\\DisableFirstRunCustomize -> 1 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\\Enabled -> 2 ->


[Files/Folders - Created Within 30 days]
10.tmp -> %SystemDrive%\10.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:51 PM | Attr = ]
11.tmp -> %SystemDrive%\11.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:52 PM | Attr = ]
12.tmp -> %SystemDrive%\12.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:53 PM | Attr = ]
13.tmp -> %SystemDrive%\13.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:53 PM | Attr = ]
29.tmp -> %SystemDrive%\29.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:24:48 PM | Attr = ]
2A.tmp -> %SystemDrive%\2A.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:24:53 PM | Attr = ]
2B.tmp -> %SystemDrive%\2B.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:32 PM | Attr = ]
2C.tmp -> %SystemDrive%\2C.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:33 PM | Attr = ]
2D.tmp -> %SystemDrive%\2D.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:34 PM | Attr = ]
2E.tmp -> %SystemDrive%\2E.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:35 PM | Attr = ]
2F.tmp -> %SystemDrive%\2F.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:35 PM | Attr = ]
30.tmp -> %SystemDrive%\30.tmp -> [Ver = | Size = 0 bytes | Created Date = 8/01/2008 2:25:36 PM | Attr = ]
4.tmp -> %SystemDrive%\4.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:39 PM | Attr = ]
5.tmp -> %SystemDrive%\5.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:52:52 PM | Attr = ]
6.tmp -> %SystemDrive%\6.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:52:55 PM | Attr = ]
7.tmp -> %SystemDrive%\7.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:52:57 PM | Attr = ]
8.tmp -> %SystemDrive%\8.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:52:58 PM | Attr = ]
9.tmp -> %SystemDrive%\9.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:52:59 PM | Attr = ]
A.tmp -> %SystemDrive%\A.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:53:00 PM | Attr = ]
B.tmp -> %SystemDrive%\B.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:53:01 PM | Attr = ]
C.tmp -> %SystemDrive%\C.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 1:53:01 PM | Attr = ]
D.tmp -> %SystemDrive%\D.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:43 PM | Attr = ]
E.tmp -> %SystemDrive%\E.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:50 PM | Attr = ]
F.tmp -> %SystemDrive%\F.tmp -> [Ver = | Size = 0 bytes | Created Date = 7/01/2008 11:37:50 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Created Date = 7/01/2008 11:08:07 PM | Attr = HS]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Created Date = 3/01/2008 8:11:09 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
3_exception.nls -> %System32%\3_exception.nls -> [Ver = | Size = 0 bytes | Created Date = 13/01/2008 7:19:57 PM | Attr = ]
dllgh8jkd1q1.exe -> %System32%\dllgh8jkd1q1.exe -> [Ver = | Size = 11638 bytes | Created Date = 30/12/2007 8:23:50 PM | Attr = ]
dllgh8jkd1q2.exe -> %System32%\dllgh8jkd1q2.exe -> [Ver = | Size = 35702 bytes | Created Date = 30/12/2007 8:23:54 PM | Attr = ]
dllgh8jkd1q5.exe -> %System32%\dllgh8jkd1q5.exe -> [Ver = | Size = 16758 bytes | Created Date = 30/12/2007 8:23:55 PM | Attr = ]
dllgh8jkd1q6.exe -> %System32%\dllgh8jkd1q6.exe -> [Ver = | Size = 17782 bytes | Created Date = 30/12/2007 8:23:58 PM | Attr = ]
dllgh8jkd1q7.exe -> %System32%\dllgh8jkd1q7.exe -> [Ver = | Size = 18294 bytes | Created Date = 30/12/2007 8:23:59 PM | Attr = ]
dllgh8jkd1q8.exe -> %System32%\dllgh8jkd1q8.exe -> [Ver = | Size = 0 bytes | Created Date = 31/12/2007 11:17:20 AM | Attr = ]
ikhcore.cfg -> %System32%\ikhcore.cfg -> [Ver = | Size = 92 bytes | Created Date = 15/01/2008 6:13:30 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Created Date = 9/01/2008 11:43:12 PM | Attr = ]
pqftraig.tmp -> %System32%\pqftraig.tmp -> [Ver = | Size = 29 bytes | Created Date = 30/12/2007 8:52:32 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Created Date = 10/01/2008 11:50:59 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Created Date = 10/01/2008 11:51:02 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Created Date = 30/12/2007 7:50:45 PM | Attr = ]
wowfx.dll -> %System32%\wowfx.dll -> [Ver = | Size = 18944 bytes | Created Date = 30/12/2007 7:30:22 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 30/12/2007 11:55:06 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Created Date = 30/12/2007 2:23:41 PM | Attr = ]
windsk.dll -> %SystemRoot%\windsk.dll -> [Ver = | Size = 15872 bytes | Created Date = 30/12/2007 2:41:41 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Created Date = 30/12/2007 10:07:18 PM | Attr = ]
wsystmp_btf.exe -> %SystemRoot%\wsystmp_btf.exe -> [Ver = | Size = 29184 bytes | Created Date = 30/12/2007 8:23:15 PM | Attr = ]
wsystmp_cei.exe -> %SystemRoot%\wsystmp_cei.exe -> [Ver = | Size = 29184 bytes | Created Date = 7/01/2008 1:55:17 PM | Attr = ]
wsystmp_sen.exe -> %SystemRoot%\wsystmp_sen.exe -> [Ver = | Size = 47616 bytes | Created Date = 30/12/2007 7:50:31 PM | Attr = ]
wsystmp_uho.exe -> %SystemRoot%\wsystmp_uho.exe -> [Ver = | Size = 47616 bytes | Created Date = 7/01/2008 1:54:05 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Created Date = 3/01/2008 6:53:29 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 30/12/2007 9:00:04 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 3/01/2008 8:11:47 PM | Attr = ]
@Alternate Data Stream - 129 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Created Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Created Date = 30/12/2007 8:24:01 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 3/01/2008 8:10:36 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 9/01/2008 12:20:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 8/01/2008 11:58:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Created Date = 3/01/2008 6:22:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 30/12/2007 8:58:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 20/01/2008 11:44:15 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Created Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
10.tmp -> %SystemDrive%\10.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:51 PM | Attr = ]
11.tmp -> %SystemDrive%\11.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:52 PM | Attr = ]
12.tmp -> %SystemDrive%\12.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:53 PM | Attr = ]
13.tmp -> %SystemDrive%\13.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:53 PM | Attr = ]
29.tmp -> %SystemDrive%\29.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:24:48 PM | Attr = ]
2A.tmp -> %SystemDrive%\2A.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:24:53 PM | Attr = ]
2B.tmp -> %SystemDrive%\2B.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:32 PM | Attr = ]
2C.tmp -> %SystemDrive%\2C.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:33 PM | Attr = ]
2D.tmp -> %SystemDrive%\2D.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:34 PM | Attr = ]
2E.tmp -> %SystemDrive%\2E.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:35 PM | Attr = ]
2F.tmp -> %SystemDrive%\2F.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:35 PM | Attr = ]
30.tmp -> %SystemDrive%\30.tmp -> [Ver = | Size = 0 bytes | Modified Date = 8/01/2008 2:25:36 PM | Attr = ]
4.tmp -> %SystemDrive%\4.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:39 PM | Attr = ]
5.tmp -> %SystemDrive%\5.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:52:52 PM | Attr = ]
6.tmp -> %SystemDrive%\6.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:52:55 PM | Attr = ]
7.tmp -> %SystemDrive%\7.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:52:57 PM | Attr = ]
8.tmp -> %SystemDrive%\8.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:52:58 PM | Attr = ]
9.tmp -> %SystemDrive%\9.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:52:59 PM | Attr = ]
A.tmp -> %SystemDrive%\A.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:53:00 PM | Attr = ]
B.tmp -> %SystemDrive%\B.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:53:01 PM | Attr = ]
C.tmp -> %SystemDrive%\C.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 1:53:01 PM | Attr = ]
D.tmp -> %SystemDrive%\D.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:43 PM | Attr = ]
E.tmp -> %SystemDrive%\E.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:50 PM | Attr = ]
F.tmp -> %SystemDrive%\F.tmp -> [Ver = | Size = 0 bytes | Modified Date = 7/01/2008 11:37:50 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Modified Date = 10/01/2008 7:56:26 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 9/01/2008 12:00:13 AM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/01/2008 4:36:44 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 30/12/2007 9:04:31 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 213869 bytes | Modified Date = 30/12/2007 9:04:31 PM | Attr = R ]
000stthk.exe -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
3_exception.nls -> %System32%\3_exception.nls -> [Ver = | Size = 0 bytes | Modified Date = 13/01/2008 7:19:57 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 6/01/2008 9:43:53 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/01/2008 8:08:49 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 9/01/2008 11:37:52 PM | Attr = RHS]
dllgh8jkd1q1.exe -> %System32%\dllgh8jkd1q1.exe -> [Ver = | Size = 11638 bytes | Modified Date = 30/12/2007 8:23:50 PM | Attr = ]
dllgh8jkd1q2.exe -> %System32%\dllgh8jkd1q2.exe -> [Ver = | Size = 35702 bytes | Modified Date = 30/12/2007 8:23:53 PM | Attr = ]
dllgh8jkd1q5.exe -> %System32%\dllgh8jkd1q5.exe -> [Ver = | Size = 16758 bytes | Modified Date = 30/12/2007 8:23:55 PM | Attr = ]
dllgh8jkd1q6.exe -> %System32%\dllgh8jkd1q6.exe -> [Ver = | Size = 17782 bytes | Modified Date = 30/12/2007 8:23:58 PM | Attr = ]
dllgh8jkd1q7.exe -> %System32%\dllgh8jkd1q7.exe -> [Ver = | Size = 18294 bytes | Modified Date = 30/12/2007 8:23:59 PM | Attr = ]
dllgh8jkd1q8.exe -> %System32%\dllgh8jkd1q8.exe -> [Ver = | Size = 0 bytes | Modified Date = 31/12/2007 11:17:23 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 20/01/2008 11:42:15 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
ikhcore.cfg -> %System32%\ikhcore.cfg -> [Ver = | Size = 92 bytes | Modified Date = 15/01/2008 6:13:30 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/01/2008 8:45:56 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Modified Date = 9/01/2008 11:43:13 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59774 bytes | Modified Date = 3/01/2008 8:14:35 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 395534 bytes | Modified Date = 3/01/2008 8:14:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 462168 bytes | Modified Date = 3/01/2008 8:14:30 PM | Attr = ]
pqftraig.tmp -> %System32%\pqftraig.tmp -> [Ver = | Size = 29 bytes | Modified Date = 30/12/2007 8:52:32 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Modified Date = 15/01/2008 4:47:04 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 11:51:02 PM | Attr = ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 12:22:38 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10/01/2008 8:06:23 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 9/01/2008 2:48:57 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/01/2008 8:02:15 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/01/2008 11:16:07 PM | Attr = HS]
DUMP6d56.tmp -> %SystemRoot%\DUMP6d56.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:03:08 PM | Attr = ]
DUMP7352.tmp -> %SystemRoot%\DUMP7352.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 5:10:16 PM | Attr = ]
DUMP765f.tmp -> %SystemRoot%\DUMP765f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 7:59:23 PM | Attr = ]
DUMP85d3.tmp -> %SystemRoot%\DUMP85d3.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 2/01/2008 4:52:36 PM | Attr = ]
DUMP8d60.tmp -> %SystemRoot%\DUMP8d60.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 8:19:24 PM | Attr = ]
DUMP929d.tmp -> %SystemRoot%\DUMP929d.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 10:56:55 PM | Attr = ]
DUMP96e1.tmp -> %SystemRoot%\DUMP96e1.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:14:53 PM | Attr = ]
DUMPa22f.tmp -> %SystemRoot%\DUMPa22f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 30/12/2007 11:53:44 PM | Attr = ]
DUMPa994.tmp -> %SystemRoot%\DUMPa994.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 12:49:58 PM | Attr = ]
DUMPbd41.tmp -> %SystemRoot%\DUMPbd41.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 9:43:13 PM | Attr = ]
DUMPc9c6.tmp -> %SystemRoot%\DUMPc9c6.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 31/12/2007 12:20:49 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 15/01/2008 5:59:25 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 9/01/2008 11:36:00 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 9/01/2008 11:38:21 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/01/2008 9:36:01 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 10/01/2008 8:02:20 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 20/01/2008 11:42:17 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 15/01/2008 6:13:30 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 20/01/2008 11:52:55 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Modified Date = 30/12/2007 2:23:41 PM | Attr = ]
windsk.dll -> %SystemRoot%\windsk.dll -> [Ver = | Size = 15872 bytes | Modified Date = 30/12/2007 2:41:41 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Modified Date = 31/12/2007 12:18:57 PM | Attr = ]
wsystmp_btf.exe -> %SystemRoot%\wsystmp_btf.exe -> [Ver = | Size = 29184 bytes | Modified Date = 30/12/2007 8:23:19 PM | Attr = ]
wsystmp_cei.exe -> %SystemRoot%\wsystmp_cei.exe -> [Ver = | Size = 29184 bytes | Modified Date = 7/01/2008 1:55:24 PM | Attr = ]
wsystmp_sen.exe -> %SystemRoot%\wsystmp_sen.exe -> [Ver = | Size = 47616 bytes | Modified Date = 30/12/2007 7:50:39 PM | Attr = ]
wsystmp_uho.exe -> %SystemRoot%\wsystmp_uho.exe -> [Ver = | Size = 47616 bytes | Modified Date = 7/01/2008 1:54:09 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/01/2008 8:02:33 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 20/01/2008 11:34:18 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 31/12/2007 11:20:20 AM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 10/01/2008 8:09:04 PM | Attr = ]
@Alternate Data Stream - 129 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Modified Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Modified Date = 30/12/2007 8:24:18 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 3/01/2008 8:10:36 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3359798 bytes | Modified Date = 30/12/2007 6:45:41 AM | Attr = H ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 28/12/2007 12:12:14 AM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 8/01/2008 9:39:18 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 590 bytes | Modified Date = 15/01/2008 4:21:30 PM | Attr = ]
Stevenz -> %UserDocuments%\Stevenz -> [Folder | Modified Date = 8/01/2008 9:43:38 PM | Attr = ]
stuff -> %UserDocuments%\stuff -> [Folder | Modified Date = 8/01/2008 9:42:58 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 9/01/2008 12:21:16 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 8/01/2008 11:58:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Modified Date = 3/01/2008 6:22:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 30/12/2007 8:58:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 20/01/2008 11:44:27 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Modified Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8132 bytes | Modified Date = 26/06/2007 10:38:45 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 15/01/2008 6:12:46 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6738 bytes | Modified Date = 15/01/2008 6:12:45 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/12/2003 12:20:29 AM | Attr = ]

< End of report >

Thanks in advance,
Zhengn

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 20 January 2008 - 03:16 PM

Hi zhengn. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and then exit out of the program. We will run a scan a bit later in the fix.
Step #2

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Service Pack 1 -> %System32%\vedxg6ame4.exe
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YY -> wowfx.dll -> %System32%\wowfx.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vedxga8me6.exe -> C:\WINDOWS\system32\vedxga8me6.exe [C:\WINDOWS\system32\vedxga8me6.exe:*:Enabled:vedxga8me6]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\taskmon.exe -> C:\WINDOWS\taskmon.exe [C:\WINDOWS\taskmon.exe:*:Enabled:enable]
[Files/Folders - Created Within 30 days]
NY -> dllgh8jkd1q1.exe -> %System32%\dllgh8jkd1q1.exe
NY -> dllgh8jkd1q2.exe -> %System32%\dllgh8jkd1q2.exe
NY -> dllgh8jkd1q5.exe -> %System32%\dllgh8jkd1q5.exe
NY -> dllgh8jkd1q6.exe -> %System32%\dllgh8jkd1q6.exe
NY -> dllgh8jkd1q7.exe -> %System32%\dllgh8jkd1q7.exe
NY -> dllgh8jkd1q8.exe -> %System32%\dllgh8jkd1q8.exe
NY -> pqftraig.tmp -> %System32%\pqftraig.tmp
NY -> wowfx.dll -> %System32%\wowfx.dll
NY -> wsystmp_btf.exe -> %SystemRoot%\wsystmp_btf.exe
NY -> wsystmp_cei.exe -> %SystemRoot%\wsystmp_cei.exe
NY -> wsystmp_sen.exe -> %SystemRoot%\wsystmp_sen.exe
NY -> wsystmp_uho.exe -> %SystemRoot%\wsystmp_uho.exe
[Files/Folders - Modified Within 30 days]
NY -> dllgh8jkd1q1.exe -> %System32%\dllgh8jkd1q1.exe
NY -> dllgh8jkd1q2.exe -> %System32%\dllgh8jkd1q2.exe
NY -> dllgh8jkd1q5.exe -> %System32%\dllgh8jkd1q5.exe
NY -> dllgh8jkd1q6.exe -> %System32%\dllgh8jkd1q6.exe
NY -> dllgh8jkd1q7.exe -> %System32%\dllgh8jkd1q7.exe
NY -> dllgh8jkd1q8.exe -> %System32%\dllgh8jkd1q8.exe
NY -> pqftraig.tmp -> %System32%\pqftraig.tmp
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> windsk.dll -> %SystemRoot%\windsk.dll
NY -> wsystmp_btf.exe -> %SystemRoot%\wsystmp_btf.exe
NY -> wsystmp_cei.exe -> %SystemRoot%\wsystmp_cei.exe
NY -> wsystmp_sen.exe -> %SystemRoot%\wsystmp_sen.exe
NY -> wsystmp_uho.exe -> %SystemRoot%\wsystmp_uho.exe
[Extra Files]
c:\*.tmp
c:\windows\*.tmp
[Empty Temp Folders]
[Start Explorer]

Save the document to your desktop as wpf35fix.txt and close Notepad.

Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Once in Safe Mode start WinPFind35U. Open the wpf35.txt file you created earlier with NotePad and Copy/Paste the information from the file into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose No at this time.

Step #4

Start SUPERAntiSpyware.
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Reboot the machine normally and post the following back here:
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
      • File - Additional Folder Scans
    • Do not change any other settings.
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind35u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 21 January 2008 - 06:09 AM

Gday, just giving you an update of the log like you requested. It appears to be running much smoother but still a little slow. I'd like to mention that when I was running the fix, I was forced to restart the computer as it was not responding. Also, I could not find the SUPERAntiSpyware log or the WinPFind35u/MovedFiles Folder log. Thanks for the help. Please review this and let me know about what to do next. Thanks

WinPFind35 logfile created on: 21/01/2008 9:42:51 PM
WinPFind35U Version Beta26 Folder = C:\Documents and Settings\zhengn\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

238.86 Mb Total Physical Memory | 59.80 Mb Available Physical Memory | 25.04% Memory free
725.49 Mb Paging File | 209.27 Mb Available in Paging File | 28.84% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.17 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 2008ZHENGN
Current User Name: zhengn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 11:01:00 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 18/08/2003 9:51:02 AM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
ezsp_px.exe -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
pmproxy.exe -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 45056 bytes | Modified Date = 25/09/2003 10:19:10 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 19/01/2008 1:35:44 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2/09/2006 4:36:33 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 7/08/2006 4:03:02 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
(UTSCSI) USBest Service Zero [Win32_Own | Auto | Stopped] -> %System32%\UTSCSI.EXE -> [Ver = | Size = 0 bytes | Modified Date = 6/12/2007 9:41:24 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
000StTHK -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00THotkey -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
ezShieldProtector for Px -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
PmProxy -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\sdtrayapp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 7/01/2008 1:54:18 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
taskmon -> %SystemRoot%\taskmon.exe -> File not found
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
TPSMain -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
Viewbar -> %ProgramFiles%\AGLOCO Viewbar\Viewbar.exe -> File not found
vptray -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Service Pack 1 -> %System32%\vedxg6ame4.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
< zhengn Startup Folder > -> C:\Documents and Settings\zhengn\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll -> File not found
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
wowfx.dll -> wowfx.dll -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 7/04/2003 12:06:48 AM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 27/09/2006 8:33:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\Wallpaper -> ->
< HOSTS File > (213869 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://intranet ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4033 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 12:47:54 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{03B02E66-A116-4424-BE36-DEE642CE3421} -> (Atheros AR5001X Mini PCI Wireless Network Adapter) ->
{2F7BBB47-2E44-47A4-A182-9EE5A226F871} -> (Atheros AR5001X+ Wireless Network Adapter) ->
{85A85B1E-F549-4BE0-9108-595A12ACADC0} -> (1394 Net Adapter) ->
{8B9AF8C4-BFC7-4827-920C-1745707722B6} -> (1394 Net Adapter) ->
{E91036C3-916E-4551-8582-D824B720A3B6} -> (Intel® PRO/100 VE Network Connection) ->
{FC3CB677-3C95-4D3E-9FBB-DA6743BC3D1A} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1A1F56AA-3401-46F9-B277-D57F3421F821}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/share...GamesLoader.cab[FunGamesLoader Object] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671[WUWebControl Class] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/...7956.6378819444[Reg Error: Key does not exist or could not be opened.] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->
{EA1B8527-E422-4909-825A-70BE0694F18E}[HKEY_LOCAL_MACHINE] -> https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab[PortfolioManagerWT ProfileManager Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Created Date = 21/01/2008 8:36:19 PM | Attr = HS]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Created Date = 3/01/2008 8:11:09 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
gtsstgww.tmp -> %System32%\gtsstgww.tmp -> [Ver = | Size = 29 bytes | Created Date = 21/01/2008 8:38:06 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Created Date = 9/01/2008 11:43:12 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Created Date = 10/01/2008 11:50:59 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Created Date = 10/01/2008 11:51:02 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Created Date = 30/12/2007 7:50:45 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 30/12/2007 11:55:06 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Created Date = 30/12/2007 2:23:41 PM | Attr = ]
windsk.dll -> %SystemRoot%\windsk.dll -> [Ver = | Size = 15872 bytes | Created Date = 21/01/2008 7:48:03 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Created Date = 30/12/2007 10:07:18 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Created Date = 3/01/2008 6:53:29 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 30/12/2007 9:00:04 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 21/01/2008 6:57:58 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 3/01/2008 8:11:47 PM | Attr = ]
@Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Created Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Created Date = 30/12/2007 8:24:01 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 3/01/2008 8:10:36 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 21/01/2008 6:56:26 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 21/01/2008 6:56:47 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 9/01/2008 12:20:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 8/01/2008 11:58:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Created Date = 3/01/2008 6:22:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 30/12/2007 8:58:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 21/01/2008 6:39:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 20/01/2008 11:44:15 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Created Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Modified Date = 21/01/2008 9:27:07 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 21/01/2008 6:56:27 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 21/01/2008 9:27:16 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 30/12/2007 9:04:31 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 213869 bytes | Modified Date = 30/12/2007 9:04:31 PM | Attr = R ]
000stthk.exe -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 6/01/2008 9:43:53 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 21/01/2008 9:33:04 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 9/01/2008 11:37:52 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 21/01/2008 9:28:14 PM | Attr = ]
gtsstgww.tmp -> %System32%\gtsstgww.tmp -> [Ver = | Size = 29 bytes | Modified Date = 21/01/2008 8:38:06 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/01/2008 8:45:56 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Modified Date = 9/01/2008 11:43:13 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59774 bytes | Modified Date = 3/01/2008 8:14:35 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 395534 bytes | Modified Date = 3/01/2008 8:14:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 462168 bytes | Modified Date = 3/01/2008 8:14:30 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Modified Date = 15/01/2008 4:47:04 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 11:51:02 PM | Attr = ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 12:22:38 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 21/01/2008 9:31:04 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 9/01/2008 2:48:57 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21/01/2008 9:27:15 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/01/2008 11:16:07 PM | Attr = HS]
DUMP6d56.tmp -> %SystemRoot%\DUMP6d56.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:03:08 PM | Attr = ]
DUMP7352.tmp -> %SystemRoot%\DUMP7352.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 5:10:16 PM | Attr = ]
DUMP765f.tmp -> %SystemRoot%\DUMP765f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 7:59:23 PM | Attr = ]
DUMP85d3.tmp -> %SystemRoot%\DUMP85d3.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 2/01/2008 4:52:36 PM | Attr = ]
DUMP8d60.tmp -> %SystemRoot%\DUMP8d60.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 8:19:24 PM | Attr = ]
DUMP929d.tmp -> %SystemRoot%\DUMP929d.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 10:56:55 PM | Attr = ]
DUMP96e1.tmp -> %SystemRoot%\DUMP96e1.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:14:53 PM | Attr = ]
DUMPa22f.tmp -> %SystemRoot%\DUMPa22f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 30/12/2007 11:53:44 PM | Attr = ]
DUMPa994.tmp -> %SystemRoot%\DUMPa994.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 12:49:58 PM | Attr = ]
DUMPbd41.tmp -> %SystemRoot%\DUMPbd41.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 9:43:13 PM | Attr = ]
DUMPc9c6.tmp -> %SystemRoot%\DUMPc9c6.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 31/12/2007 12:20:49 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21/01/2008 6:47:43 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 9/01/2008 11:38:21 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 21/01/2008 6:57:35 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 21/01/2008 9:27:16 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 21/01/2008 6:57:53 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 21/01/2008 8:38:06 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 21/01/2008 9:31:59 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Modified Date = 30/12/2007 2:23:41 PM | Attr = ]
windsk.dll -> %SystemRoot%\windsk.dll -> [Ver = | Size = 15872 bytes | Modified Date = 21/01/2008 7:48:03 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Modified Date = 31/12/2007 12:18:57 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/01/2008 9:27:27 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 20/01/2008 11:34:18 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 31/12/2007 11:20:20 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 21/01/2008 6:57:58 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 21/01/2008 9:33:12 PM | Attr = ]
@Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Modified Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Modified Date = 30/12/2007 8:24:18 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 3/01/2008 8:10:36 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 21/01/2008 6:56:26 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3359798 bytes | Modified Date = 30/12/2007 6:45:41 AM | Attr = H ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 28/12/2007 12:12:14 AM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 8/01/2008 9:39:18 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 584 bytes | Modified Date = 21/01/2008 6:50:29 PM | Attr = ]
Stevenz -> %UserDocuments%\Stevenz -> [Folder | Modified Date = 8/01/2008 9:43:38 PM | Attr = ]
stuff -> %UserDocuments%\stuff -> [Folder | Modified Date = 8/01/2008 9:42:58 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 21/01/2008 6:56:48 PM | Attr = ]
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 9/01/2008 12:21:16 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 8/01/2008 11:58:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Modified Date = 3/01/2008 6:22:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 30/12/2007 8:58:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 21/01/2008 6:40:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 21/01/2008 7:17:56 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Modified Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 21/01/2008 6:50:08 PM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8132 bytes | Modified Date = 26/06/2007 10:38:45 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 21/01/2008 9:30:34 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5480 bytes | Modified Date = 21/01/2008 9:30:33 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/12/2003 12:20:29 AM | Attr = ]

< End of report >

Thanks very much.
zhengn

Edited by zhengn, 21 January 2008 - 06:15 AM.


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 21 January 2008 - 02:03 PM

Hi zhengn. Yeah, there is still some of the infection in there. Once WinPFind35 runs all the way through we'll know we've got it. Let's use a different tool along with WinPFind35. Some of the files might already be gone and that's Ok.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\vedxg6ame4.exe
c:\windows\system32\wowfx.dll
c:\windows\system32\gtsstgww.tmp
c:\windows\windsk.dll
 
registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh WinPFind35u log by using Add/Reply

5. Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Service Pack 1 -> %System32%\vedxg6ame4.exe
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> C:\WINDOWS\system32\wowfx.dll -> %System32%\wowfx.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> wowfx.dll -> wowfx.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> windsk.dll -> %SystemRoot%\windsk.dll
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
[Files/Folders - Modified Within 30 days]
NY -> gtsstgww.tmp -> %System32%\gtsstgww.tmp
NY -> windsk.dll -> %SystemRoot%\windsk.dll
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

6. Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Security Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


7. Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 21 January 2008 - 02:05 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 21 January 2008 - 09:15 PM

Hi, Thanks for the update. I've followed your instructions and everything seems ok now, but it was slow on starting up. Yesterday, after I had followed your instructions there seemed to be a Trojan Pandex. I'm not sure if that has been destroyed yet. Also, when I was running the fix, it seemed to have finished, but it was not responding again. This time I had to Ctrl-Alt-Del it and end task. I do however have the 3 logs this time.

EDIT: After I have followed all your instructions this has still come up Scan type: Auto-Protect Scan
Event: Security Risk Found!
Risk: Trojan.Pandex
File: C:\WINDOWS\system32\drivers\ip6fw.sys

It is supposed to have been cleaned by deletion but this has come up a few time is the past couple of days. Also, my Auto-Protect comes up with Static every so often.

Thanks

This is the Avenger Log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dljnigat

*******************

Script file located at: \??\C:\otqcenan.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\vedxg6ame4.exe not found!
Deletion of file c:\windows\system32\vedxg6ame4.exe failed!

Could not process line:
c:\windows\system32\vedxg6ame4.exe
Status: 0xc0000034



File c:\windows\system32\wowfx.dll not found!
Deletion of file c:\windows\system32\wowfx.dll failed!

Could not process line:
c:\windows\system32\wowfx.dll
Status: 0xc0000034

File c:\windows\system32\gtsstgww.tmp deleted successfully.
File c:\windows\windsk.dll deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2510B92-6ECA-4D10-88E1-B027F29786A1} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

This is the fix log

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Service Pack 1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\wowfx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:wowfx.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\windsk.dll not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\gtsstgww.tmp not found!
File C:\WINDOWS\windsk.dll not found!
[Empty Temp Folders]
C:\Documents and Settings\zhengn\Local Settings\Temp\ -> emptied.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini moved successfully.
File move failed. C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\8DSNSJO3\sabupdate[1].htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\8TS16F41\FriendRequestsIncoming[1].aspx moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\8TS16F41\SM-Exam-1-Qns-v1_0[1].pdf moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\G3KRMNYL\jump[1].htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\G3KRMNYL\sabupdate[1].htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\G3KRMNYL\SM-Exam-1-Solns-v1_0[1].pdf moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\G3KRMNYL\SM-Exam-2-Qns[1].pdf moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\G3KRMNYL\SM-Exam-2-Qns[2].pdf moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\MH781CZY\14120[1].jpg moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\MH781CZY\blue-iron[1].css moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\MH781CZY\pngfix_map[1].js moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\MVEFE12B\CAZMI17J.pl moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\MVEFE12B\SM-Exam-1-Qns-v1_0[1].pdf moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\VZR81MPM\CA6JSXCP.htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\VZR81MPM\tgp[1].htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\WZB7Y89X\index[1].htm moved successfully.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\ZA87R5WT\48307[1].jpg moved successfully.
File move failed. C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\ZA87R5WT\iframe[2].htm scheduled to be moved on reboot.
C:\Documents and Settings\zhengn\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta26 fix logfile created on 01222008_125131

And this is the scan log

WinPFind35 logfile created on: 22/01/2008 1:04:48 PM
WinPFind35U Version Beta26 Folder = C:\Documents and Settings\zhengn\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

238.86 Mb Total Physical Memory | 43.65 Mb Available Physical Memory | 18.28% Memory free
725.49 Mb Paging File | 168.96 Mb Available in Paging File | 23.29% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.15 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 2008ZHENGN
Current User Name: zhengn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 11:01:00 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 18/08/2003 9:51:02 AM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
ezsp_px.exe -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
pmproxy.exe -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\sdtrayapp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 7/01/2008 1:54:18 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 45056 bytes | Modified Date = 25/09/2003 10:19:10 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 19/01/2008 1:35:44 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 11:00:00 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19/07/2006 7:26:06 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19/07/2006 7:26:12 PM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSVCS.EXE -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 4/09/2003 12:00:18 AM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27/09/2006 8:33:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 23/05/2003 3:38:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 3/01/2008 6:53:18 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 2/09/2006 4:36:33 PM | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 27/09/2006 8:33:38 PM | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 2/10/2007 4:27:06 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 2/10/2007 4:27:12 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 7/08/2006 4:03:02 PM | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 4:50:10 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 5:13:38 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27/09/2006 8:33:32 PM | Attr = ]
(UTSCSI) USBest Service Zero [Win32_Own | Auto | Stopped] -> %System32%\UTSCSI.EXE -> [Ver = | Size = 0 bytes | Modified Date = 6/12/2007 9:41:24 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.26 | Size = 98912 bytes | Modified Date = 10/01/2003 5:51:34 PM | Attr = ]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.22 2.1.22 12/20/2002 13:07:32 | Size = 1164576 bytes | Modified Date = 20/12/2002 1:07:34 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(AR5211) Atheros AR5001 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 2.4.2.14 | Size = 324608 bytes | Modified Date = 14/09/2003 8:16:16 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 15/10/2004 2:50:20 PM | Attr = ]
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 29/09/2004 2:24:38 PM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 10/01/2004 3:28:18 PM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %System32%\drivers\CdaD10BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 20/05/2007 8:08:13 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 4/08/2004 12:07:18 AM | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 4/08/2004 12:07:18 AM | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 29/08/2002 11:00:00 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0000 built by: WinDDK | Size = 140800 bytes | Modified Date = 25/09/2002 6:09:12 AM | Attr = ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 395312 bytes | Modified Date = 12/09/2007 7:00:00 PM | Attr = ]
(EraserUtilDrvI4) EraserUtilDrvI4 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilDrvI4.sys -> File not found
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.3.3.4 | Size = 112688 bytes | Modified Date = 16/10/2007 7:00:00 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 90907 bytes | Modified Date = 23/04/2003 10:10:06 AM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Modified Date = 4/10/2007 5:10:52 PM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Modified Date = 4/10/2007 5:10:54 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Modified Date = 4/10/2007 5:10:58 PM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(kalleny5812-ae6) kalleny5812-ae6 [Kernel | Auto | Stopped] -> %System32%\kalleny5812-ae6.sys -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) WPA Security Protocol (IEEE 802.1x) v2.2.0.0 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2,2,0,0 | Size = 11861 bytes | Modified Date = 25/11/2003 1:35:19 PM | Attr = ]
(meiudf) meiudf [File_System | System | Running] -> %System32%\drivers\meiudf.sys -> Matsubleepa Electric Industrial Co.,Ltd. [Ver = 3.0.8.0 | Size = 90416 bytes | Modified Date = 31/01/2003 7:45:56 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080107.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 81232 bytes | Modified Date = 17/12/2007 8:00:00 PM | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080107.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.3.1.10 | Size = 865904 bytes | Modified Date = 17/12/2007 8:00:00 PM | Attr = ]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %System32%\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 29/01/2003 4:35:00 PM | Attr = R ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pciSd) pciSd [Kernel | On_Demand | Stopped] -> %System32%\drivers\tossdpci.sys -> TOSHIBA [Ver = 1.00.07.30210 | Size = 15143 bytes | Modified Date = 12/02/2003 9:03:54 AM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 29/08/2002 11:00:00 PM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.53a | Size = 17136 bytes | Modified Date = 3/06/2003 2:02:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 5:51:08 PM | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 PM | Attr = ]
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 6/09/2006 2:41:20 PM | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 6/09/2006 2:41:20 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 9:25:53 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3542 | Size = 541376 bytes | Modified Date = 28/01/2003 11:32:02 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 11/04/2006 5:13:34 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Modified Date = 18/09/2006 5:55:28 PM | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 7/08/2006 4:02:22 PM | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 7/08/2006 4:02:26 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 271728 bytes | Modified Date = 30/05/2003 8:56:22 PM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tsdhd.sys -> TOSHIBA Corporation [Ver = 2, 0, 4, 30514 | Size = 25888 bytes | Modified Date = 14/05/2003 5:38:32 PM | Attr = ]
(TVALD) Toshiba ACPI-Based Value Added Logical Device Driver [Kernel | Boot | Running] -> %System32%\drivers\TVALD.SYS -> Toshiba Corporation [Ver = V2, 0,1 | Size = 5300 bytes | Modified Date = 20/06/2002 11:53:28 PM | Attr = ]
(TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %System32%\drivers\TVALG.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 7 | Size = 5936 bytes | Modified Date = 13/09/2001 7:53:02 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(XDva009) XDva009 [Kernel | On_Demand | Stopped] -> %System32%\XDva009.sys -> File not found
(XDva032) XDva032 [Kernel | On_Demand | Stopped] -> %System32%\XDva032.sys -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 113504 bytes | Modified Date = 23/04/2003 10:15:06 AM | Attr = ]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3514 | Size = 78752 bytes | Modified Date = 23/04/2003 10:14:56 AM | Attr = ]
({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 [Kernel | On_Demand | Running] -> %System32%\drivers\wa301a.sys -> Intel Corporation [Ver = 4.13.10.3514 | Size = 33335 bytes | Modified Date = 23/04/2003 10:10:12 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
000StTHK -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00THotkey -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 11:20:10 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19/07/2006 7:26:04 PM | Attr = ]
ezShieldProtector for Px -> %System32%\EZSP_PX.EXE -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 20/08/2002 12:29:26 PM | Attr = R ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
PmProxy -> %ProgramFiles%\Analog Devices\SoundMAX\pmproxy.exe -> adi [Ver = 1, 0, 0, 18 | Size = 40960 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\sdtrayapp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 7/01/2008 1:54:18 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\syntpenh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\syntplpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/12/2007 7:50:47 PM | Attr = ]
taskmon -> %SystemRoot%\taskmon.exe -> File not found
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %System32%\TFNF5.exe -> Toshiba Corp. [Ver = 1. 0. 1. 0 | Size = 73728 bytes | Modified Date = 3/08/2001 5:08:28 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\touched.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 30/12/2007 7:50:48 PM | Attr = ]
TPSMain -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
Viewbar -> %ProgramFiles%\AGLOCO Viewbar\Viewbar.exe -> File not found
vptray -> %ProgramFiles%\Symantec AntiVirus\vptray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 30/12/2007 7:50:50 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Service Pack 1 -> %System32%\vedxg6ame4.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 4:46:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 2:06:28 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 3/01/2008 6:53:12 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 14/03/2003 1:38:12 PM | Attr = ]
< zhengn Startup Folder > -> C:\Documents and Settings\zhengn\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 24/11/2003 4:45:35 PM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
-> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 7/04/2003 12:06:48 AM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 27/09/2006 8:33:54 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SYSTEM\\Wallpaper -> ->
< HOSTS File > (213869 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://intranet ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4033 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 12:47:54 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 4:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{03B02E66-A116-4424-BE36-DEE642CE3421} -> (Atheros AR5001X Mini PCI Wireless Network Adapter) ->
{2F7BBB47-2E44-47A4-A182-9EE5A226F871} -> (Atheros AR5001X+ Wireless Network Adapter) ->
{85A85B1E-F549-4BE0-9108-595A12ACADC0} -> (1394 Net Adapter) ->
{8B9AF8C4-BFC7-4827-920C-1745707722B6} -> (1394 Net Adapter) ->
{E91036C3-916E-4551-8582-D824B720A3B6} -> (Intel® PRO/100 VE Network Connection) ->
{FC3CB677-3C95-4D3E-9FBB-DA6743BC3D1A} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1A1F56AA-3401-46F9-B277-D57F3421F821}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/share...GamesLoader.cab[FunGamesLoader Object] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] ->
{5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671[WUWebControl Class] ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/...7956.6378819444[Reg Error: Key does not exist or could not be opened.] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->
{EA1B8527-E422-4909-825A-70BE0694F18E}[HKEY_LOCAL_MACHINE] -> https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab[PortfolioManagerWT ProfileManager Class] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService ->
Rpcss -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 3:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [C:\WINDOWS\System32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 4/08/2004 1:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5979 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 4/08/2004 1:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe -> C:\Program Files\BitTornado\btdownloadgui.exe [C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui] -> [Ver = | Size = 87552 bytes | Modified Date = 19/10/2006 12:30:18 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 14/10/2004 3:24:37 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe -> C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe [C:\Documents and Settings\zhengn\My Documents\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher] -> MAIET entertainment [Ver = 1, 0, 1, 9 | Size = 481280 bytes | Modified Date = 16/01/2007 3:00:38 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe -> C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe [C:\Documents and Settings\zhengn\My Documents\Gunz\Gunz.exe:*:Enabled:Gunz] -> MAIET entertainment [Ver = 1, 0, 0, 26 | Size = 2551808 bytes | Modified Date = 28/10/2007 8:56:04 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 4/08/2004 1:56:50 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Anarchy\Moon Tycoon\MT.exe -> C:\Program Files\Anarchy\Moon Tycoon\MT.exe [C:\Program Files\Anarchy\Moon Tycoon\MT.exe:*:Enabled:Moon Tycoon] -> Unique Entertainment [Ver = 1.0 | Size = 1247233 bytes | Modified Date = 9/06/2004 12:05:30 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\vedxga8me6.exe -> C:\WINDOWS\system32\vedxga8me6.exe [C:\WINDOWS\system32\vedxga8me6.exe:*:Enabled:vedxga8me6] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\taskmon.exe -> C:\WINDOWS\taskmon.exe [C:\WINDOWS\taskmon.exe:*:Enabled:enable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1C546FFE-2C59-41B5-B8CA-880D2EE9893F} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{13012300-D096-40D9-8CBA-BB5170513627} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{ECDC14A5-7B45-408B-8673-FC6637D6F254} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FC3CB677-3C95-4D3E-9FBB-DA6743BC3D1A} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 1:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4/08/2004 1:56:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->


[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 22/01/2008 12:36:43 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Created Date = 21/01/2008 8:36:19 PM | Attr = HS]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Created Date = 3/01/2008 8:11:09 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 3/01/2008 8:11:10 PM | Attr = ]
6_exception.nls -> %System32%\6_exception.nls -> [Ver = | Size = 0 bytes | Created Date = 21/01/2008 10:48:01 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Created Date = 9/01/2008 11:43:12 PM | Attr = ]
nod32se.exe -> %System32%\nod32se.exe -> [Ver = | Size = 16384 bytes | Created Date = 21/01/2008 10:52:48 PM | Attr = ]
qfotaieg.tmp -> %System32%\qfotaieg.tmp -> [Ver = | Size = 29 bytes | Created Date = 22/01/2008 12:30:26 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Created Date = 10/01/2008 11:50:59 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Created Date = 10/01/2008 11:51:02 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Created Date = 30/12/2007 7:50:45 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 30/12/2007 11:55:06 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Created Date = 30/12/2007 2:23:41 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Created Date = 30/12/2007 10:07:18 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Created Date = 3/01/2008 6:53:29 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 30/12/2007 9:00:04 PM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 21/01/2008 6:57:58 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 3/01/2008 8:11:47 PM | Attr = ]
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Created Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Created Date = 30/12/2007 8:24:01 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Created Date = 3/01/2008 8:10:36 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 21/01/2008 6:56:26 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 21/01/2008 6:56:47 PM | Attr = ]
avenger.exe -> %UserDesktop%\avenger.exe -> [Ver = | Size = 130048 bytes | Created Date = 22/01/2008 12:21:57 PM | Attr = ]
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Created Date = 22/01/2008 12:19:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 9/01/2008 12:20:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 8/01/2008 11:58:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Created Date = 3/01/2008 6:22:00 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 30/12/2007 8:58:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 21/01/2008 6:39:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 20/01/2008 11:44:15 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Created Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 3/01/2008 6:53:37 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 22/01/2008 12:36:43 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 250531840 bytes | Modified Date = 22/01/2008 12:29:59 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 21/01/2008 6:56:27 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22/01/2008 12:32:04 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 30/12/2007 9:04:31 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 213869 bytes | Modified Date = 30/12/2007 9:04:31 PM | Attr = R ]
000stthk.exe -> %System32%\000stthk.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
00thotkey.exe -> %System32%\00thotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 30/12/2007 7:50:46 PM | Attr = ]
6_exception.nls -> %System32%\6_exception.nls -> [Ver = | Size = 0 bytes | Modified Date = 21/01/2008 10:48:01 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 6/01/2008 9:43:53 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 21/01/2008 10:23:21 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 22/01/2008 12:36:25 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 21/01/2008 10:23:28 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 22/01/2008 12:37:13 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 30/12/2007 7:50:49 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/01/2008 8:45:56 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 270 bytes | Modified Date = 9/01/2008 11:43:13 PM | Attr = ]
nod32se.exe -> %System32%\nod32se.exe -> [Ver = | Size = 16384 bytes | Modified Date = 21/01/2008 10:52:48 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 59774 bytes | Modified Date = 3/01/2008 8:14:35 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 395534 bytes | Modified Date = 3/01/2008 8:14:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 462168 bytes | Modified Date = 3/01/2008 8:14:30 PM | Attr = ]
qfotaieg.tmp -> %System32%\qfotaieg.tmp -> [Ver = | Size = 29 bytes | Modified Date = 22/01/2008 12:30:26 PM | Attr = ]
suspend.bin -> %System32%\suspend.bin -> [Ver = | Size = 80 bytes | Modified Date = 21/01/2008 10:53:11 PM | Attr = ]
suspend.exe -> %System32%\suspend.exe -> [Ver = | Size = 16384 bytes | Modified Date = 21/01/2008 10:53:15 PM | Attr = ]
tpsmain.exe -> %System32%\tpsmain.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 7/01/2008 1:54:16 PM | Attr = ]
users32.dat -> %System32%\users32.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/01/2008 12:22:38 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 22/01/2008 12:34:07 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 9/01/2008 2:48:57 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/01/2008 12:30:08 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/01/2008 11:16:07 PM | Attr = HS]
DUMP6d56.tmp -> %SystemRoot%\DUMP6d56.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:03:08 PM | Attr = ]
DUMP7352.tmp -> %SystemRoot%\DUMP7352.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 5:10:16 PM | Attr = ]
DUMP765f.tmp -> %SystemRoot%\DUMP765f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 7:59:23 PM | Attr = ]
DUMP85d3.tmp -> %SystemRoot%\DUMP85d3.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 2/01/2008 4:52:36 PM | Attr = ]
DUMP8d60.tmp -> %SystemRoot%\DUMP8d60.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 1/01/2008 8:19:24 PM | Attr = ]
DUMP929d.tmp -> %SystemRoot%\DUMP929d.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 10:56:55 PM | Attr = ]
DUMP96e1.tmp -> %SystemRoot%\DUMP96e1.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 11:14:53 PM | Attr = ]
DUMPa22f.tmp -> %SystemRoot%\DUMPa22f.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 30/12/2007 11:53:44 PM | Attr = ]
DUMPa994.tmp -> %SystemRoot%\DUMPa994.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 3/01/2008 12:49:58 PM | Attr = ]
DUMPbd41.tmp -> %SystemRoot%\DUMPbd41.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 7/01/2008 9:43:13 PM | Attr = ]
DUMPc9c6.tmp -> %SystemRoot%\DUMPc9c6.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 31/12/2007 12:20:49 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 22/01/2008 12:23:27 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 21/01/2008 10:24:21 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 21/01/2008 6:57:35 PM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 22/01/2008 12:30:32 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22/01/2008 12:36:26 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 22/01/2008 12:31:02 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22/01/2008 12:53:20 PM | Attr = ]
trayicon.exe -> %SystemRoot%\trayicon.exe -> [Ver = | Size = 34049 bytes | Modified Date = 30/12/2007 2:23:41 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 265 bytes | Modified Date = 31/12/2007 12:18:57 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22/01/2008 12:30:20 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 22/01/2008 11:36:15 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 31/12/2007 11:20:20 AM | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 21/01/2008 6:57:58 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 22/01/2008 12:36:19 PM | Attr = ]
EasySpywareCleaner.com -> %UserAppData%\EasySpywareCleaner.com -> [Folder | Modified Date = 6/01/2008 9:29:53 PM | Attr = ]
Install.dat -> %UserAppData%\Install.dat -> [Ver = | Size = 1177450 bytes | Modified Date = 30/12/2007 8:24:18 PM | Attr = ]
PC Tools -> %UserAppData%\PC Tools -> [Folder | Modified Date = 3/01/2008 8:10:36 PM | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 21/01/2008 6:56:26 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3359798 bytes | Modified Date = 30/12/2007 6:45:41 AM | Attr = H ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 28/12/2007 12:12:14 AM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 8/01/2008 9:39:18 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 590 bytes | Modified Date = 22/01/2008 12:08:11 PM | Attr = ]
Stevenz -> %UserDocuments%\Stevenz -> [Folder | Modified Date = 8/01/2008 9:43:38 PM | Attr = ]
stuff -> %UserDocuments%\stuff -> [Folder | Modified Date = 8/01/2008 9:42:58 PM | Attr = ]
Google Updater.lnk -> %AllUsersDesktop%\Google Updater.lnk -> [Ver = | Size = 890 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 21/01/2008 6:56:48 PM | Attr = ]
avenger.zip -> %UserDesktop%\avenger.zip -> [Ver = | Size = 127378 bytes | Modified Date = 22/01/2008 12:20:01 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 9/01/2008 12:21:16 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HiJackThis.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 8/01/2008 11:58:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_sfx.exe:Zone.Identifier
sdsetup.exe -> %UserDesktop%\sdsetup.exe -> PC Tools [Ver = 5.1.0.273 | Size = 15196432 bytes | Modified Date = 3/01/2008 6:22:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sdsetup.exe:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 30/12/2007 9:00:17 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 30/12/2007 8:58:47 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 21/01/2008 6:40:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 21/01/2008 7:17:56 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477315 bytes | Modified Date = 20/01/2008 11:43:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 3/01/2008 6:53:37 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 21/01/2008 6:50:08 PM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8132 bytes | Modified Date = 26/06/2007 10:38:45 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 22/01/2008 12:33:32 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5480 bytes | Modified Date = 22/01/2008 12:33:31 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/12/2003 12:20:29 AM | Attr = ]

< End of report >


Thanks,

Zhengn

Edited by zhengn, 21 January 2008 - 09:26 PM.


#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 21 January 2008 - 10:22 PM

Hi zhengn. Yeah, that's an old version of WinPFind35u. I need you to delete the file you downloaded and the folder it made and download the most current version as shown below. First,, print these instructions as we will be booting into Safe Mode and they will not be avaailable to you.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

We need to disable TeaTimer so it does not interfere with the changes we are going to make.
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> taskmon -> %SystemRoot%\taskmon.exe
YY -> Viewbar -> %ProgramFiles%\AGLOCO Viewbar\Viewbar.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Service Pack 1 -> %System32%\vedxg6ame4.exe
[Files/Folders - Created Within 30 days]
NY -> qfotaieg.tmp -> %System32%\qfotaieg.tmp
[Files/Folders - Modified Within 30 days]
NY -> qfotaieg.tmp -> %System32%\qfotaieg.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Extra Files]
C:\WINDOWS\system32\drivers\ip6fw.sys
[Empty Temp Folders]
[Reboot]

Save the document to your desktop as wpf35fix.txt and close Notepad.

Reboot in Safe Mode

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Now open the wpf35.txt file you created earlier and saved to the desktop with Notepad. Copy/Paste all the information in it into the window labeled Paste fix here and then click the Run Fix button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that you need to reboot. Go ahead and reboot normally.

Post the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log) I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 22 January 2008 - 12:10 AM

Hi OldTimer, Thanks for your quick reply.

I've followed your instructions and everything seems fine, only that it took a while to boot up. Also, I was just wondering if

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Now open the wpf35.txt file you created earlier and saved to the desktop with Notepad. Copy/Paste all the information in it into the window labeled Paste fix here and then click the Run Fix button.


was only to run the code or did I have to run 2 codes?


Anyway, here is the log

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\taskmon deleted successfully.
File C:\WINDOWS\taskmon.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Viewbar deleted successfully.
File C:\Program Files\AGLOCO Viewbar\Viewbar.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Service Pack 1 not found.
File C:\WINDOWS\System32\vedxg6ame4.exe not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\qfotaieg.tmp moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\qfotaieg.tmp not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
[Extra Files]
< C:\WINDOWS\system32\drivers\ip6fw.sys >
File/Folder C:\WINDOWS\system32\drivers\ip6fw.sys not found.
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta31 fix logfile created on 01222008_154204


Thanks,
Zhengn

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 22 January 2008 - 12:29 AM

Hi zhengn. That looks good. You did it correctly. Copy the information from the codebox and paste that information into wpf35.

After a fix it usually will take a bit longer to boot up. When emptying the temp folders we delete a number of files that the system recreates when it boots up. That would be normal.

If things are running well then go ahead and use the system for a few days to make sure it's stable. If it's good for a few days then let me know and we'll close this topic at that time.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 zhengn

zhengn
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 25 January 2008 - 06:54 AM

Hi, theres still this problem I have. My virus scanner keeps revealing some pandex trojan and trojan horse virus. It says its deleted it but it keeps coming up. Would you know anything about these viruses?

cheers for the help, i really appreciate it
zhengn

here is a hijack this log for analysis if you need it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:16 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zhengn\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116548197671
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = westbourne.vic.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = westbourne.vic.edu.au
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8953 bytes

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:55 AM

Posted 25 January 2008 - 10:22 AM

Hi zhengn. My guess would be that it is seeing something in the system restore. We need to clean those out.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

If your AV still picks something up run a full scan and post the results back here so I can see what it is finding.

Cheers.

OT

Edited by OldTimer, 25 January 2008 - 10:22 AM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users