Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader-acc Found With Malware Sweeper


  • This topic is locked This topic is locked
6 replies to this topic

#1 wewillwinit6times

wewillwinit6times

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 26 January 2008 - 08:08 AM

Hi there.

I recently downloaded PPMate from www.download.com but AVG anti-virus found a generic trojan horse I clicked on heal and went through with the install, I then decided to delete the application as i wasn't sure I could trust it, I also recently had the malware crush virus which I think I managed to get rid off.

Now the problem is when I run malware sweeper it keeps finding a downloader-acc called urlsearchhooks, it finds it under the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

I have also run both in normal and safe mode, spybot, ad-aware 2007, avg anti-virus/anti-spyware and avast and they don't detect a thing, I have also scanned my computer using McAfee Stinger and Panda Activescan and they have nothing.

I've also used ccleaner and registry cleaner and have comodo firewall installed.

Below is my hijackthis log and I hope this can be resolved as I'm still a concerned about the malware crush virus on my computer and if nothing else it would put my mind at ease that my computer isn't infected.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:47, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpoolfc.tv/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 13709 bytes

BC AdBot (Login to Remove)

 


#2 wewillwinit6times

wewillwinit6times
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 29 January 2008 - 06:40 PM

Hi again guys, sorry this is in no way a bump but I have been reading your HijackThis Tutorial and came across this part which is what has been worrying for the last few days:

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

Notice the CLSID, the numbers between the { }, have a _ at the end of it and they may sometimes difficult to remove with HijackThis. To fix this you will need to delete the particular registry entry manually by going to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

Then delete the CLSID entry under it that you would like to remove. Please leave the CLSID , CFBFAE00-17A6-11D0-99CB-00C04FD64497, as it is the valid default one.

Unless you recognize the software being used as the UrlSearchHook, you should generally Google it and after doing some research, allow HijackThis to fix it

------------------------------

Now the program I have mentioned called Malware Sweeper keeps finding the URLSearchHooks under LOCAL_MACHINE but there is no number registered under there but that number is under the above CURRENT_USER but with no _ at the end of it which would make it the valid one, also nothing has shown up on the hijackthis logfile which would leave me to believe that the program is either giving out false positives or that it is now showing stuff to entice me to buy the full product.

One quick question just to settle my mind, is the urlsearchhook meant to be under LOCAL MACHINE?

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:33 PM

Posted 31 January 2008 - 03:08 PM

Hello wewillwinit6times and welcome to the BC hijackThis form. To answer your question, URLSearchHooks can be under either HKLM or HKCU or both. It depends on if they are system wide or user specific.

Let's see what we can out about that. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 wewillwinit6times

wewillwinit6times
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 31 January 2008 - 03:41 PM

Thank you very much for your reply, here below is the logfile from winpfind35u:




WinPFind35 logfile created on: 31/01/2008 20:38:35
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Neil Hawkes.NEIL\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
1014.05 Mb Total Physical Memory | 274.91 Mb Available Physical Memory | 27.11% Memory free
2.38 Gb Paging File | 1.52 Gb Available in Paging File | 63.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.78 Gb Total Space | 47.21 Gb Free Space | 70.70% Space Free | Partition Type: NTFS
Drive D: | 7.73 Gb Total Space | 0.82 Gb Free Space | 10.67% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NEIL
Current User Name: Neil Hawkes
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04/12/2007 14:36:33 | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04/12/2007 13:00:16 | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15/01/2008 02:40:04 | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 18/01/2008 00:20:00 | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/01/2008 00:20:03 | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 18/01/2008 12:01:22 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =	]
cmdagent.exe -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 495360 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 19/01/2008 00:52:05 | Attr =	]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 14:41:28 | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04/12/2007 12:59:53 | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04/12/2007 12:59:01 | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 04/05/2006 05:58:26 | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:35 | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1015808 bytes | Modified Date = 15/09/2007 02:27:20 | Attr =	]
qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 23/06/2006 13:43:20 | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 22:11:42 | Attr =	]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 1 | Size = 135168 bytes | Modified Date = 02/06/2006 14:21:42 | Attr =	]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 20/12/2007 15:16:24 | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04/12/2007 13:00:23 | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 18/01/2008 12:01:22 | Attr =	]
cfp.exe -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 1.0.0.1 | Size = 1481472 bytes | Modified Date = 18/01/2008 23:01:40 | Attr =	]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 04/12/2007 21:03:00 | Attr =	]
hpqtoa~1.exe -> %ProgramFiles%\HPQ\Shared\HpqToaster.exe ->  [Ver = 1, 0, 0, 7 | Size = 491606 bytes | Modified Date = 24/12/2005 04:44:26 | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 10/05/2007 22:46:20 | Attr =	]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 98304 bytes | Modified Date = 24/01/2008 04:11:59 | Attr =	]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 94208 bytes | Modified Date = 14/08/2006 14:38:08 | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 114688 bytes | Modified Date = 14/08/2006 14:41:28 | Attr =	]
ad-watch2007.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.6 | Size = 2684280 bytes | Modified Date = 11/01/2008 10:57:30 | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 16/01/2008 23:05:57 | Attr =	]
googlewebaccwarden.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe ->  [Ver =  | Size = 1134592 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
googlewebaccclient.exe -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccClient.exe ->  [Ver =  | Size = 1888256 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 23/01/2008 15:17:15 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 31/01/2008 12:38:16 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]
(AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 98304 bytes | Modified Date = 08/05/2006 09:49:02 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 15/01/2008 02:40:04 | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04/12/2007 14:36:33 | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04/12/2007 13:00:16 | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04/12/2007 12:59:53 | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04/12/2007 12:59:01 | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 18/01/2008 00:20:00 | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/01/2008 00:20:03 | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 18/01/2008 12:01:22 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr =	]
(cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 495360 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 16/03/2006 04:00:00 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 23/01/2008 15:17:15 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 18/01/2008 13:31:52 | Attr =	]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 14:41:28 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 02:24:18 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr =	]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 19/01/2008 00:52:05 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 09:25:42 | Attr =	]
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 10/05/2007 22:46:20 | Attr =	]
Ad-Watch -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe -> Lavasoft AB [Ver = 7.0.2.6 | Size = 2684280 bytes | Modified Date = 11/01/2008 10:57:30 | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04/12/2007 13:00:23 | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 18/01/2008 12:01:22 | Attr =	]
COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe -> COMODO [Ver = 1.0.0.1 | Size = 1481472 bytes | Modified Date = 18/01/2008 23:01:40 | Attr =	]
Cpqset -> %ProgramFiles%\Hewlett-Packard\Default Settings\Cpqset.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 19/06/2006 09:50:40 | Attr =	]
High Definition Audio Property Page Shortcut -> %System32%\CHDAudPropShortcut.exe -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 02/06/2006 15:02:50 | Attr =	]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 114688 bytes | Modified Date = 14/08/2006 14:41:28 | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 16/02/2005 22:11:42 | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 04/05/2006 05:58:26 | Attr =	]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 114688 bytes | Modified Date = 14/08/2006 14:41:28 | Attr =	]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 94208 bytes | Modified Date = 14/08/2006 14:38:08 | Attr =	]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 98304 bytes | Modified Date = 24/01/2008 04:11:59 | Attr =	]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 94208 bytes | Modified Date = 14/08/2006 14:38:08 | Attr =	]
QlbCtrl -> HP Quick Launch Buttons\QlbCtrl.exe -> File not found
QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 23/06/2006 13:43:20 | Attr =	]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 04/12/2007 21:03:00 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:35 | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 1015808 bytes | Modified Date = 15/09/2007 02:27:20 | Attr =	]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 102400 bytes | Modified Date = 15/09/2007 02:29:10 | Attr =	]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 20/12/2007 15:16:24 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 16/01/2008 23:05:57 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 21:05:26 | Attr =	]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1070.1219.beta | Size = 124400 bytes | Modified Date = 14/01/2008 11:24:28 | Attr =	]
%AllUsersStartup%\Run Google Web Accelerator.lnk -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccWarden.exe ->  [Ver =  | Size = 1134592 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
< Neil Hawkes.NEIL Startup Folder > -> C:\Documents and Settings\Neil Hawkes.NEIL\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
 C:\WINDOWS\system32\guard32.dll -> %System32%\guard32.dll ->  [Ver =  | Size = 139008 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4670 | Size = 155648 bytes | Modified Date = 14/08/2006 14:37:00 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\RestrictRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (222272 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.liverpoolfc.tv/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4149 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4930 domain(s) found. -> 
www_liverpoolfc.tv [https] -> Trusted sites -> 
31 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr =	]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr =	]
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] ->  [Ver =  | Size = 311296 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 18/01/2008 13:31:52 | Attr = R  ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 29/01/2008 16:01:20 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr =	]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 18/01/2008 13:31:52 | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 311296 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 18/01/2008 13:31:52 | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] ->  [Ver =  | Size = 311296 bytes | Modified Date = 09/07/2007 22:24:38 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10/05/2007 22:47:03 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{2A98D82D-25AF-4C3F-BFE8-83E9684E01E5} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{4FA93D4E-CD5E-4340-B6AA-DF39CFB3429D} ->	(Broadcom 802.11b/g WLAN) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 04/12/2007 21:02:24 | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{14C1B87C-3342-445F-9B5E-365FF330A3AC}[HKEY_LOCAL_MACHINE] -> http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB[Hewlett-Packard Online Support Services] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 



[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 25/01/2008 18:04:29 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 18/01/2008 00:22:29 | Attr = RH ]
58990673e4e6da754c -> %SystemDrive%\58990673e4e6da754c ->  [Folder | Created Date = 14/01/2008 17:29:50 | Attr =	]
c0956b11bc70401b59 -> %SystemDrive%\c0956b11bc70401b59 ->  [Folder | Created Date = 31/01/2008 16:48:29 | Attr =	]
c0a80000.pac -> %SystemDrive%\c0a80000.pac ->  [Ver =  | Size = 864 bytes | Created Date = 30/01/2008 22:31:07 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 19/01/2008 00:02:37 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 14/01/2008 17:45:11 | Attr =	]
ConverterOutput -> %SystemDrive%\ConverterOutput ->  [Folder | Created Date = 16/01/2008 00:30:04 | Attr =	]
ERDNT -> %SystemDrive%\ERDNT ->  [Folder | Created Date = 23/01/2008 23:19:46 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063374848 bytes | Created Date = 27/01/2008 13:18:53 | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 14/01/2008 23:28:47 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 14/01/2008 23:28:47 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 23/01/2008 14:42:44 | Attr = RH ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 25/01/2008 15:30:41 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 14/01/2008 14:28:30 | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 14/01/2008 09:32:16 | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 21/01/2008 15:33:29 | Attr =	]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb ->  [Ver =  | Size = 217118 bytes | Created Date = 15/01/2008 15:53:29 | Attr =	]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb ->  [Ver =  | Size = 764868 bytes | Created Date = 15/01/2008 15:53:29 | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 15/01/2008 01:14:56 | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 15/01/2008 01:15:28 | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 15/01/2008 01:14:58 | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
dxmasf.dll -> %System32%\dllcache\dxmasf.dll ->  [Ver =  | Size = 498742 bytes | Created Date = 14/01/2008 18:55:39 | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 15/01/2008 01:15:27 | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 15/01/2008 01:15:19 | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 15/01/2008 01:15:27 | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 15/01/2008 01:13:15 | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 15/01/2008 01:13:17 | Attr =	]
jgdw400.dll -> %System32%\dllcache\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Created Date = 14/01/2008 18:54:37 | Attr =	]
jgpl400.dll -> %System32%\dllcache\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Created Date = 14/01/2008 18:54:37 | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 15/01/2008 01:15:38 | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 15/01/2008 01:13:19 | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 15/01/2008 01:15:28 | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 15/01/2008 01:15:29 | Attr =	]
quartz.dll -> %System32%\dllcache\quartz.dll ->  [Ver =  | Size = 1287680 bytes | Created Date = 14/01/2008 18:51:57 | Attr =	]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb ->  [Ver =  | Size = 1197294 bytes | Created Date = 15/01/2008 15:53:29 | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
103C_HP_NTBK_Presario C300 (RM442EA#ABU)_YN_0Pres_QCND6412BHC_E433921031_46_I30C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M1015_J80_7Intel_8Celeron M 420_91.6_#080114_N10EC8139_(RM442EA#ABU)_XMOBILE_CN10_Z_2F.05.MRK -> %System32%\drivers\103C_HP_NTBK_Presario C300 (RM442EA#ABU)_YN_0Pres_QCND6412BHC_E433921031_46_I30C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M1015_J80_7Intel_8Celeron M 420_91.6_#080114_N10EC8139_(RM442EA#ABU)_XMOBILE_CN10_Z_2F.05.MRK ->  [Ver =  | Size = 1717 bytes | Created Date = 14/01/2008 17:40:55 | Attr = RHS]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 17/01/2008 13:29:09 | Attr =	]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 17/01/2008 13:29:07 | Attr =	]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 17/01/2008 13:29:07 | Attr =	]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 17/01/2008 13:29:09 | Attr =	]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 17/01/2008 13:29:09 | Attr =	]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 18/01/2008 00:20:05 | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 18/01/2008 00:20:09 | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 18/01/2008 00:20:09 | Attr =	]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 20/01/2008 17:44:42 | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 18/01/2008 00:20:09 | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 18/01/2008 00:20:09 | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 18/01/2008 00:20:09 | Attr =	]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9336 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 9464 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
cmdGuard.sys -> %System32%\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.11.239 built by: WinDDK | Size = 81272 bytes | Created Date = 18/01/2008 23:01:43 | Attr =	]
cmdhlp.sys -> %System32%\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.11.239 built by: WinDDK | Size = 23672 bytes | Created Date = 18/01/2008 23:01:43 | Attr =	]
igxpmp32.sys -> %System32%\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4670 | Size = 1109568 bytes | Created Date = 24/01/2008 04:12:24 | Attr =	]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 3.0.11.239 | Size = 75384 bytes | Created Date = 18/01/2008 23:01:43 | Attr =	]
UMDF -> %System32%\drivers\UMDF ->  [Folder | Created Date = 15/01/2008 15:52:05 | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 15/01/2008 15:52:07 | Attr =  H ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 15/01/2008 15:57:34 | Attr =  H ]
a15.tbl -> %System32%\a15.tbl ->  [Ver =  | Size = 1460 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
a234.tbl -> %System32%\a234.tbl ->  [Ver =  | Size = 44370 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
ac3filter.ax -> %System32%\ac3filter.ax ->  [Ver = 0.68b | Size = 172032 bytes | Created Date = 16/01/2008 00:28:45 | Attr =	]
acode.tbl -> %System32%\acode.tbl ->  [Ver =  | Size = 44370 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 17/01/2008 18:38:52 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
actskin4.ocx -> %System32%\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 17/01/2008 13:29:02 | Attr =	]
ACTSKN43.OCX -> %System32%\ACTSKN43.OCX ->  [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
actsplash.ocx -> %System32%\actsplash.ocx -> SoftShape Development [Ver = 1, 0, 2, 2 | Size = 188416 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Created Date = 17/01/2008 23:42:14 | Attr =	]
arphr.tbl -> %System32%\arphr.tbl ->  [Ver =  | Size = 110566 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
arptr.tbl -> %System32%\arptr.tbl ->  [Ver =  | Size = 16312 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
array30.tab -> %System32%\array30.tab ->  [Ver =  | Size = 146126 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
arrayhw.tab -> %System32%\arrayhw.tab ->  [Ver =  | Size = 18600 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
AS-Exp2.ocx -> %System32%\AS-Exp2.ocx -> Ariad Software [Ver = 2.00.0055 | Size = 265753 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 17/01/2008 18:39:33 | Attr =	]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 17/01/2008 13:29:02 | Attr =	]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 17/01/2008 13:29:07 | Attr =	]
big5.nls -> %System32%\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
bopomofo.nls -> %System32%\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
c_10001.nls -> %System32%\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_10002.nls -> %System32%\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
c_10003.nls -> %System32%\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
c_10004.nls -> %System32%\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_10005.nls -> %System32%\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_10008.nls -> %System32%\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 15/01/2008 01:15:28 | Attr =	]
c_10021.nls -> %System32%\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_1361.nls -> %System32%\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
c_20000.nls -> %System32%\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20290.nls -> %System32%\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20932.nls -> %System32%\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20936.nls -> %System32%\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
c_20949.nls -> %System32%\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 15/01/2008 01:14:58 | Attr =	]
c_21027.nls -> %System32%\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
C_28596.NLS -> %System32%\C_28596.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_708.nls -> %System32%\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_720.nls -> %System32%\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_862.nls -> %System32%\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
c_864.nls -> %System32%\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 14/01/2008 17:34:36 | Attr =	]
dayiphr.tbl -> %System32%\dayiphr.tbl ->  [Ver =  | Size = 520 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
dayiptr.tbl -> %System32%\dayiptr.tbl ->  [Ver =  | Size = 700 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 04/01/2008 21:57:10 | Attr =	]
DivXCodecVersionChecker.exe -> %System32%\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Created Date = 04/01/2008 21:56:48 | Attr =	]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Created Date = 08/01/2008 01:16:38 | Attr =	]
DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 04/01/2008 21:57:04 | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 04/01/2008 21:59:04 | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Created Date = 04/01/2008 21:59:04 | Attr =	]
DivXWMPExtType.dll -> %System32%\DivXWMPExtType.dll ->  [Ver =  | Size = 12288 bytes | Created Date = 04/01/2008 21:56:24 | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 04/01/2008 21:57:12 | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 04/01/2008 21:57:10 | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 04/01/2008 21:57:10 | Attr =	]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 04/01/2008 21:57:22 | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 04/01/2008 21:57:22 | Attr =	]
dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 04/01/2008 21:57:14 | Attr =	]
dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 04/01/2008 21:57:14 | Attr =	]
dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 04/01/2008 21:57:16 | Attr =	]
dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 04/01/2008 21:57:14 | Attr =	]
dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 04/01/2008 21:57:14 | Attr =	]
dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 04/01/2008 21:57:14 | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 04/01/2008 21:57:22 | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Created Date = 04/01/2008 21:57:22 | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 14/01/2008 19:20:39 | Attr =	]
FA Cup Winners 2006.scr -> %System32%\FA Cup Winners 2006.scr -> Axialis Software [Ver = 3, 6, 3, 0 | Size = 1248275 bytes | Created Date = 14/01/2008 21:04:23 | Attr =	]
ffdshow.ax -> %System32%\ffdshow.ax ->  [Ver = 1, 0, 0, 1 | Size = 1761280 bytes | Created Date = 16/01/2008 00:28:46 | Attr =	]
Flash.ocx -> %System32%\Flash.ocx -> Macromedia, Inc. [Ver = 8,0,22,0 | Size = 1435272 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
guard32.dll -> %System32%\guard32.dll ->  [Ver =  | Size = 139008 bytes | Created Date = 18/01/2008 23:01:43 | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 17/01/2008 18:38:56 | Attr =	]
igfxCoIn_v4670.dll -> %System32%\igfxCoIn_v4670.dll ->  [Ver =  | Size = 192512 bytes | Created Date = 24/01/2008 04:12:22 | Attr =	]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4670 | Size = 155648 bytes | Created Date = 24/01/2008 04:20:38 | Attr =	]
IGUltraGrid20.ocx -> %System32%\IGUltraGrid20.ocx -> Infragistics, Inc. [Ver = 2.01.0007 | Size = 1140472 bytes | Created Date = 17/01/2008 12:29:07 | Attr =	]
igxpdv32.dll -> %System32%\igxpdv32.dll -> Intel Corporation [Ver = 6.14.10.4670 | Size = 1304320 bytes | Created Date = 24/01/2008 04:12:24 | Attr =	]
igxpdx32.dll -> %System32%\igxpdx32.dll -> Intel Corporation [Ver = 6.14.10.4670 | Size = 2076160 bytes | Created Date = 24/01/2008 04:12:22 | Attr =	]
igxpgd32.dll -> %System32%\igxpgd32.dll -> Intel Corporation [Ver = 6.14.10.4670 | Size = 140288 bytes | Created Date = 24/01/2008 04:12:24 | Attr =	]
igxprd32.dll -> %System32%\igxprd32.dll -> Intel Corporation [Ver = 6.14.10.4670 | Size = 48128 bytes | Created Date = 24/01/2008 04:12:25 | Attr =	]
igxpun.exe -> %System32%\igxpun.exe -> Intel(R) Corporation [Ver = 1, 0, 25, 0 | Size = 397312 bytes | Created Date = 24/01/2008 04:12:19 | Attr =	]
IScrNB.bmp -> %System32%\IScrNB.bmp ->  [Ver =  | Size = 121232 bytes | Created Date = 24/01/2008 04:12:19 | Attr =	]
IScrNBR.bmp -> %System32%\IScrNBR.bmp ->  [Ver =  | Size = 121232 bytes | Created Date = 24/01/2008 04:12:19 | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 14/01/2008 18:54:06 | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 14/01/2008 18:54:06 | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 14/01/2008 18:54:06 | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 14/01/2008 18:54:06 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 25/01/2008 13:55:44 | Attr =	]
korwbrkr.lex -> %System32%\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 15/01/2008 01:15:38 | Attr =	]
ksc.nls -> %System32%\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 15/01/2008 01:15:22 | Attr =	]
Lang -> %System32%\Lang ->  [Folder | Created Date = 24/01/2008 04:12:19 | Attr =	]
lcphrase.tbl -> %System32%\lcphrase.tbl ->  [Ver =  | Size = 211938 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
lcptr.tbl -> %System32%\lcptr.tbl ->  [Ver =  | Size = 24114 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
libavcodec.dll -> %System32%\libavcodec.dll ->  [Ver =  | Size = 2255360 bytes | Created Date = 16/01/2008 00:28:45 | Attr =	]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 04/01/2008 21:58:42 | Attr =	]
libmpeg2_ff.dll -> %System32%\libmpeg2_ff.dll ->  [Ver =  | Size = 112640 bytes | Created Date = 16/01/2008 00:28:46 | Attr =	]
libmplayer.dll -> %System32%\libmplayer.dll ->  [Ver =  | Size = 395776 bytes | Created Date = 16/01/2008 00:28:46 | Attr =	]
Liverpool FC Champions League Winners 2005.scr -> %System32%\Liverpool FC Champions League Winners 2005.scr -> Axialis Software [Ver = 3, 6, 0, 0 | Size = 1457701 bytes | Created Date = 19/01/2008 21:06:59 | Attr =	]
LogFiles -> %System32%\LogFiles ->  [Folder | Created Date = 15/01/2008 02:24:47 | Attr =	]
md5.dll -> %System32%\md5.dll ->						[Ver = 1, 0, 0, 0 | Size = 10752 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
msdayi.tbl -> %System32%\msdayi.tbl ->  [Ver =  | Size = 116285 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
noise.jpn -> %System32%\noise.jpn ->  [Ver =  | Size = 2060 bytes | Created Date = 15/01/2008 01:15:38 | Attr =	]
noise.kor -> %System32%\noise.kor ->  [Ver =  | Size = 1486 bytes | Created Date = 15/01/2008 01:15:38 | Attr =	]
OGACheckControl.dll -> %System32%\OGACheckControl.dll ->  [Ver =  | Size = 676224 bytes | Created Date = 16/01/2008 19:12:11 | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 17/01/2008 18:38:55 | Attr =	]
phon.tbl -> %System32%\phon.tbl ->  [Ver =  | Size = 4071 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
phoncode.tbl -> %System32%\phoncode.tbl ->  [Ver =  | Size = 43242 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
phonptr.tbl -> %System32%\phonptr.tbl ->  [Ver =  | Size = 2714 bytes | Created Date = 15/01/2008 01:15:33 | Attr =	]
PINTLPAD.HLP -> %System32%\PINTLPAD.HLP ->  [Ver =  | Size = 14821 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
PINTLPAE.HLP -> %System32%\PINTLPAE.HLP ->  [Ver =  | Size = 16254 bytes | Created Date = 15/01/2008 01:15:32 | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 16/01/2008 21:01:25 | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 16/01/2008 21:01:27 | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 16/01/2008 21:01:27 | Attr =	]
prc.nls -> %System32%\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 15/01/2008 01:15:28 | Attr =	]
prcp.nls -> %System32%\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 15/01/2008 01:15:29 | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 14/01/2008 18:50:22 | Attr =	]
ProgressBar4.ocx -> %System32%\ProgressBar4.ocx -> Ariad Software [Ver = 4.01.0007 | Size = 89088 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
pthreadGC2.dll -> %System32%\pthreadGC2.dll -> Open Source Software community project [Ver = 2, 8, 0, 0 | Size = 60273 bytes | Created Date = 14/01/2008 22:40:22 | Attr =	]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Created Date = 15/01/2008 18:39:13 | Attr =	]
pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Created Date = 14/01/2008 21:31:48 | Attr =	]
pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Created Date = 15/01/2008 18:39:13 | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 04/01/2008 21:58:50 | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 10/01/2008 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 10/01/2008 15:27:46 | Attr =	]
RegistryGenius.lie -> %System32%\RegistryGenius.lie ->  [Ver =  | Size = 42 bytes | Created Date = 23/01/2008 23:43:58 | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Created Date = 16/01/2008 21:01:34 | Attr =	]
rrMon.sys -> %System32%\rrMon.sys -> Resplendence [Ver = 2.01 built by: WinDDK | Size = 31024 bytes | Created Date = 25/01/2008 03:39:59 | Attr =	]
rrsec.dll -> %System32%\rrsec.dll ->  [Ver =  | Size = 119728 bytes | Created Date = 25/01/2008 03:39:48 | Attr =	]
rrsec2k.exe -> %System32%\rrsec2k.exe ->  [Ver =  | Size = 97240 bytes | Created Date = 25/01/2008 03:39:47 | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 14/01/2008 18:45:23 | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 04/01/2008 21:58:42 | Attr =	]
threadapi.tlb -> %System32%\threadapi.tlb ->  [Ver =  | Size = 11012 bytes | Created Date = 17/01/2008 12:29:06 | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3640 bytes | Created Date = 17/01/2008 04:04:22 | Attr =	]
TomsMoComp_ff.dll -> %System32%\TomsMoComp_ff.dll ->  [Ver =  | Size = 262144 bytes | Created Date = 16/01/2008 00:28:46 | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 17/01/2008 18:38:56 | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 19/01/2008 00:06:21 | Attr =	]
WINPY.MB -> %System32%\WINPY.MB ->  [Ver =  | Size = 1783864 bytes | Created Date = 15/01/2008 01:15:29 | Attr =	]
WINSP.MB -> %System32%\WINSP.MB ->  [Ver =  | Size = 1564868 bytes | Created Date = 15/01/2008 01:15:29 | Attr =	]
WINZM.MB -> %System32%\WINZM.MB ->  [Ver =  | Size = 1223500 bytes | Created Date = 15/01/2008 01:15:29 | Attr =	]
x264-uninstall.exe -> %System32%\x264-uninstall.exe ->  [Ver =  | Size = 55949 bytes | Created Date = 14/01/2008 22:31:27 | Attr =	]
x264vfw.dll -> %System32%\x264vfw.dll ->  [Ver =  | Size = 580114 bytes | Created Date = 15/01/2008 14:03:38 | Attr =	]
XceedBkp.dll -> %System32%\XceedBkp.dll -> Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 1.0.108.0 | Size = 423784 bytes | Created Date = 17/01/2008 12:29:07 | Attr =	]
XceedCry.dll -> %System32%\XceedCry.dll -> Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Created Date = 17/01/2008 12:29:07 | Attr =	]
xjis.nls -> %System32%\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 15/01/2008 01:14:57 | Attr =	]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Created Date = 23/01/2008 20:31:21 | Attr =	]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 17/01/2008 18:39:33 | Attr =	]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 14/01/2008 11:15:37 | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 14/01/2008 11:15:23 | Attr =  H ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 19/01/2008 00:10:32 | Attr =	]
ff_x264.dll -> %SystemRoot%\ff_x264.dll ->  [Ver =  | Size = 506880 bytes | Created Date = 14/01/2008 22:40:22 | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 14/01/2008 11:15:46 | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 14/01/2008 11:16:25 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 31/01/2008 16:49:29 | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 31/01/2008 16:48:52 | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 14/01/2008 11:14:20 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 25/01/2008 15:30:33 | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 17/01/2008 01:37:43 | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 21/01/2008 13:24:22 | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 14/01/2008 09:36:21 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 17/01/2008 01:44:58 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 23/01/2008 22:49:40 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 23/01/2008 22:49:40 | Attr =  H ]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 23/01/2008 14:43:41 | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 15/01/2008 22:51:59 | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 14/01/2008 11:16:03 | Attr =	]
WinAVI Video Converter 9.0 -> %SystemRoot%\WinAVI Video Converter 9.0 ->  [Folder | Created Date = 14/01/2008 23:35:37 | Attr =	]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 25/01/2008 18:04:29 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 25/01/2008 04:52:06 | Attr = RH ]
58990673e4e6da754c -> %SystemDrive%\58990673e4e6da754c ->  [Folder | Modified Date = 20/01/2008 13:20:49 | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 209 bytes | Modified Date = 27/01/2008 13:27:24 | Attr =  HS]
c0956b11bc70401b59 -> %SystemDrive%\c0956b11bc70401b59 ->  [Folder | Modified Date = 31/01/2008 16:51:03 | Attr =	]
c0a80000.pac -> %SystemDrive%\c0a80000.pac ->  [Ver =  | Size = 864 bytes | Modified Date = 30/01/2008 22:31:07 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 25/01/2008 15:39:17 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 30/01/2008 23:27:06 | Attr =	]
ConverterOutput -> %SystemDrive%\ConverterOutput ->  [Folder | Modified Date = 16/01/2008 00:30:04 | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 14/01/2008 17:40:09 | Attr =	]
ERDNT -> %SystemDrive%\ERDNT ->  [Folder | Modified Date = 23/01/2008 23:23:42 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063374848 bytes | Modified Date = 31/01/2008 13:01:27 | Attr =  HS]
hp -> %SystemDrive%\hp ->  [Folder | Modified Date = 14/01/2008 17:41:22 | Attr =	]
hpqp.ini -> %SystemDrive%\hpqp.ini ->  [Ver =  | Size = 313 bytes | Modified Date = 31/01/2008 13:03:24 | Attr =	]
I386 -> %SystemDrive%\I386 ->  [Folder | Modified Date = 25/01/2008 15:59:01 | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 14/01/2008 23:28:47 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 14/01/2008 23:28:47 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 23/01/2008 14:42:44 | Attr = RH ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 31/01/2008 16:50:04 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 25/01/2008 15:38:52 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 14/01/2008 22:20:29 | Attr =  HS]
SwSetup -> %SystemDrive%\SwSetup ->  [Folder | Modified Date = 24/01/2008 04:11:51 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 27/01/2008 13:21:46 | Attr =  HS]
system.sav -> %SystemDrive%\system.sav ->  [Folder | Modified Date = 25/01/2008 15:59:01 | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 25/01/2008 14:52:06 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 31/01/2008 16:50:18 | Attr =	]
XP_TV.ini -> %SystemDrive%\XP_TV.ini ->  [Ver =  | Size = 41 bytes | Modified Date = 31/01/2008 13:03:13 | Attr =	]
103C_HP_NTBK_Presario C300 (RM442EA#ABU)_YN_0Pres_QCND6412BHC_E433921031_46_I30C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M1015_J80_7Intel_8Celeron M 420_91.6_#080114_N10EC8139_(RM442EA#ABU)_XMOBILE_CN10_Z_2F.05.MRK -> %System32%\drivers\103C_HP_NTBK_Presario C300 (RM442EA#ABU)_YN_0Pres_QCND6412BHC_E433921031_46_I30C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M1015_J80_7Intel_8Celeron M 420_91.6_#080114_N10EC8139_(RM442EA#ABU)_XMOBILE_CN10_Z_2F.05.MRK ->  [Ver =  | Size = 1717 bytes | Modified Date = 14/01/2008 17:40:59 | Attr = RHS]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 18/01/2008 00:20:05 | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 18/01/2008 00:20:09 | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 18/01/2008 00:20:09 | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 18/01/2008 12:01:23 | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 18/01/2008 12:01:21 | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 18/01/2008 00:20:09 | Attr =	]
cmdGuard.sys -> %System32%\drivers\cmdGuard.sys -> COMODO [Ver = 3.0.11.239 built by: WinDDK | Size = 81272 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
cmdhlp.sys -> %System32%\drivers\cmdhlp.sys -> COMODO [Ver = 3.0.11.239 built by: WinDDK | Size = 23672 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 31/01/2008 16:21:15 | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 222272 bytes | Modified Date = 31/01/2008 16:21:15 | Attr =	]
hosts.20080117-232246.backup -> %System32%\drivers\etc\hosts.20080117-232246.backup ->  [Ver =  | Size = 732 bytes | Modified Date = 17/01/2008 22:43:19 | Attr =	]
hosts.20080118-000142.backup -> %System32%\drivers\etc\hosts.20080118-000142.backup ->  [Ver =  | Size = 222977 bytes | Modified Date = 17/01/2008 23:22:46 | Attr = R  ]
hosts.20080125-131410.backup -> %System32%\drivers\etc\hosts.20080125-131410.backup ->  [Ver =  | Size = 31 bytes | Modified Date = 25/01/2008 05:51:53 | Attr =	]
inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 3.0.11.239 | Size = 75384 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
UMDF -> %System32%\drivers\UMDF ->  [Folder | Modified Date = 15/01/2008 15:57:34 | Attr =	]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 15/01/2008 15:52:07 | Attr =  H ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 15/01/2008 15:57:34 | Attr =  H ]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 38392 bytes | Modified Date = 14/01/2008 17:39:00 | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 15/01/2008 01:28:34 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 25/01/2008 02:22:40 | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 15/01/2008 15:57:32 | Attr =	]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 17/01/2008 23:42:14 | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 31/01/2008 16:50:51 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 31/01/2008 16:49:11 | Attr =	]
Com -> %System32%\Com ->  [Folder | Modified Date = 14/01/2008 19:09:20 | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 20/01/2008 13:43:35 | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 19/01/2008 17:06:26 | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 15/01/2008 01:28:53 | Attr =	]
DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 04/01/2008 21:57:10 | Attr =	]
DivXCodecVersionChecker.exe -> %System32%\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 6, 7, 0, 1 | Size = 156992 bytes | Modified Date = 04/01/2008 21:56:48 | Attr =	]
divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 08/01/2008 01:16:38 | Attr =	]
DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 04/01/2008 21:57:04 | Attr =	]
DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 04/01/2008 21:59:04 | Attr =	]
divxsm.tlb -> %System32%\divxsm.tlb ->  [Ver =  | Size = 4816 bytes | Modified Date = 04/01/2008 21:59:04 | Attr =	]
DivXWMPExtType.dll -> %System32%\DivXWMPExtType.dll ->  [Ver =  | Size = 12288 bytes | Modified Date = 04/01/2008 21:56:24 | Attr =	]
divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 04/01/2008 21:57:12 | Attr =	]
divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 04/01/2008 21:57:10 | Attr =	]
divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 04/01/2008 21:57:10 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 31/01/2008 16:49:25 | Attr = RHS]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 04/01/2008 21:57:22 | Attr =	]
dpl100.dll.manifest -> %System32%\dpl100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 04/01/2008 21:57:22 | Attr =	]
dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 04/01/2008 21:57:14 | Attr =	]
dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 04/01/2008 21:57:14 | Attr =	]
dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 04/01/2008 21:57:16 | Attr =	]
dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 04/01/2008 21:57:14 | Attr =	]
dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 04/01/2008 21:57:14 | Attr =	]
dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 04/01/2008 21:57:14 | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 30/01/2008 23:26:43 | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 24/01/2008 04:12:22 | Attr =	]
dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 04/01/2008 21:57:22 | Attr =	]
dtu100.dll.manifest -> %System32%\dtu100.dll.manifest ->  [Ver =  | Size = 416 bytes | Modified Date = 04/01/2008 21:57:22 | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 31/01/2008 16:50:07 | Attr =	]
FA Cup Winners 2006.scr -> %System32%\FA Cup Winners 2006.scr -> Axialis Software [Ver = 3, 6, 3, 0 | Size = 1248275 bytes | Modified Date = 18/01/2008 02:36:31 | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 375264 bytes | Modified Date = 24/01/2008 01:49:17 | Attr =	]
guard32.dll -> %System32%\guard32.dll ->  [Ver =  | Size = 139008 bytes | Modified Date = 18/01/2008 23:01:41 | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 25/01/2008 02:16:59 | Attr =	]
ias -> %System32%\ias ->  [Folder | Modified Date = 15/01/2008 01:29:13 | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 15/01/2008 01:29:13 | Attr =	]
igfxext.exe -> %System32%\igfxext.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 110592 bytes | Modified Date = 24/01/2008 04:11:55 | Attr =	]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 98304 bytes | Modified Date = 24/01/2008 04:11:59 | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 15/01/2008 01:29:17 | Attr =	]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 25/01/2008 13:55:44 | Attr =	]
Lang -> %System32%\Lang ->  [Folder | Modified Date = 24/01/2008 04:12:19 | Attr =	]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 04/01/2008 21:58:42 | Attr =	]
Liverpool FC Champions League Winners 2005.scr -> %System32%\Liverpool FC Champions League Winners 2005.scr -> Axialis Software [Ver = 3, 6, 0, 0 | Size = 1457701 bytes | Modified Date = 21/01/2008 18:51:54 | Attr =	]
LogFiles -> %System32%\LogFiles ->  [Folder | Modified Date = 15/01/2008 15:52:05 | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 14/01/2008 21:20:44 | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 15/01/2008 01:29:31 | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 20/01/2008 13:49:14 | Attr =	]
msmq -> %System32%\msmq ->  [Folder | Modified Date = 15/01/2008 01:29:38 | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 15/01/2008 01:29:49 | Attr =	]
npp -> %System32%\npp ->  [Folder | Modified Date = 15/01/2008 01:29:51 | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 15/01/2008 15:57:32 | Attr =	]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 14/01/2008 17:34:37 | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 25/01/2008 02:16:37 | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 81654 bytes | Modified Date = 31/01/2008 16:50:17 | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 473722 bytes | Modified Date = 31/01/2008 16:50:17 | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 558832 bytes | Modified Date = 31/01/2008 16:50:17 | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 16/01/2008 21:01:25 | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 16/01/2008 21:01:27 | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 16/01/2008 21:01:27 | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 14/01/2008 18:50:22 | Attr =	]
pthreadGC2.dll -> %System32%\pthreadGC2.dll -> Open Source Software community project [Ver = 2, 8, 0, 0 | Size = 60273 bytes | Modified Date = 08/01/2008 21:33:56 | Attr =	]
Px.dll -> %System32%\Px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
PxMas.dll -> %System32%\PxMas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Modified Date = 04/01/2008 21:58:48 | Attr =	]
PxSFS.DLL -> %System32%\PxSFS.DLL -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
PxWave.dll -> %System32%\PxWave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Modified Date = 04/01/2008 21:58:50 | Attr =	]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 15:27:44 | Attr =	]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 15:27:46 | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 15/01/2008 01:30:03 | Attr =	]
RegistryGenius.lie -> %System32%\RegistryGenius.lie ->  [Ver =  | Size = 42 bytes | Modified Date = 23/01/2008 23:43:58 | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 24/01/2008 04:12:40 | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 27/01/2008 13:21:46 | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Modified Date = 16/01/2008 21:01:34 | Attr =	]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 15/01/2008 01:30:08 | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 14/01/2008 18:45:23 | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 15/01/2008 01:30:13 | Attr =	]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 04/01/2008 21:58:42 | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3640 bytes | Modified Date = 21/01/2008 15:04:01 | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 25/01/2008 02:17:10 | Attr =	]
URTTemp -> %System32%\URTTemp ->  [Folder | Modified Date = 15/01/2008 01:30:16 | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 18/01/2008 21:43:52 | Attr =	]
VXBLOCK.dll -> %System32%\VXBLOCK.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 04/01/2008 21:58:46 | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 24/01/2008 20:09:17 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 30/01/2008 23:25:38 | Attr =	]
x264-uninstall.exe -> %System32%\x264-uninstall.exe ->  [Ver =  | Size = 55949 bytes | Modified Date = 14/01/2008 23:13:03 | Attr =	]
x264vfw.dll -> %System32%\x264vfw.dll ->  [Ver =  | Size = 580114 bytes | Modified Date = 15/01/2008 14:03:38 | Attr =	]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Modified Date = 24/01/2008 00:49:37 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 24/01/2008 00:44:59 | Attr =  H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 15/01/2008 01:23:40 | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 14/01/2008 11:15:37 | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 14/01/2008 11:15:23 | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 20/01/2008 13:36:58 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 25/01/2008 22:14:11 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 31/01/2008 13:01:32 | Attr =   S]
CREATOR -> %SystemRoot%\CREATOR ->  [Folder | Modified Date = 15/01/2008 01:24:30 | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 15/01/2008 01:24:31 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 26/01/2008 18:08:20 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 26/01/2008 12:42:12 | Attr =   S]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 25/01/2008 15:59:01 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 19/01/2008 00:17:21 | Attr =	]
ff_x264.dll -> %SystemRoot%\ff_x264.dll ->  [Ver =  | Size = 506880 bytes | Modified Date = 08/01/2008 21:33:56 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 23/01/2008 15:08:37 | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 18/01/2008 21:36:05 | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 14/01/2008 19:20:32 | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 14/01/2008 15:09:05 | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 15/01/2008 01:26:17 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 31/01/2008 16:49:31 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 31/01/2008 16:50:19 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 30/01/2008 23:27:06 | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 31/01/2008 16:48:52 | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 15/01/2008 01:27:08 | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 25/01/2008 22:14:12 | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 25/01/2008 15:59:01 | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 15/01/2008 01:27:31 | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 14/01/2008 11:14:20 | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 17/01/2008 01:37:43 | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 15/01/2008 01:27:31 | Attr = R  ]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 15/01/2008 01:28:14 | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 21/01/2008 13:24:22 | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 31/01/2008 20:37:22 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 27/01/2008 13:27:11 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 23/01/2008 22:49:40 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 27/01/2008 13:20:40 | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 31/01/2008 13:02:30 | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 25/01/2008 15:59:01 | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 20/01/2008 04:51:04 | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 23/01/2008 14:48:56 | Attr =	]
SMINST -> %SystemRoot%\SMINST ->  [Folder | Modified Date = 16/01/2008 22:40:50 | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 25/01/2008 17:34:34 | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 15/01/2008 01:28:34 | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 15/01/2008 22:51:59 | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 18/01/2008 00:19:38 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 27/01/2008 13:27:24 | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 31/01/2008 16:50:17 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 25/01/2008 21:40:46 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 31/01/2008 17:14:36 | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 15/01/2008 01:30:33 | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 14/01/2008 11:16:04 | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 15/01/2008 01:30:33 | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 641 bytes | Modified Date = 27/01/2008 13:27:24 | Attr =	]
WinAVI Video Converter 9.0 -> %SystemRoot%\WinAVI Video Converter 9.0 ->  [Folder | Modified Date = 14/01/2008 23:35:37 | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 320 bytes | Modified Date = 14/01/2008 21:21:05 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 24/01/2008 02:45:03 | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 15/01/2008 15:52:37 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 31/01/2008 13:01:42 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 25/01/2008 19:20:39 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 25/01/2008 19:20:39 | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8294 bytes | Modified Date = 17/01/2008 03:13:36 | Attr =	]
Perflib_Perfdata_920.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_920.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 31/01/2008 16:50:24 | Attr =	]
2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 23/01/2008 01:50:26 | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 23/01/2008 01:53:58 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 368640 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 446464 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
lsse.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Spyware\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 25/01/2008 17:52:01 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 25/01/2008 17:52:01 | Attr =	]
daas_s.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.12471 | Size = 500120 bytes | Modified Date = 07/05/2007 16:38:46 | Attr =	]
DFFPI.DLL -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL -> F-Secure Corporation [Ver = 1.02.37 | Size = 151552 bytes | Modified Date = 25/01/2008 17:52:01 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 486912 bytes | Modified Date = 25/01/2008 17:52:01 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.19.12380 | Size = 113152 bytes | Modified Date = 25/01/2008 17:52:01 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
fsbld.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 25/01/2008 17:52:08 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.50.13330.18100 | Size = 68096 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
FSHKE.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FSHKE.dll -> F-Secure Corporation [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
FSLFPI.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll -> F-Secure Corporation [Ver = 2.04.02 | Size = 237664 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
lsse.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 25/01/2008 17:51:13 | Attr =	]
segrules.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\segrules.dat ->  [Ver =  | Size = 707 bytes | Modified Date = 25/01/2008 17:47:13 | Attr =	]
ext.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 439 bytes | Modified Date = 25/01/2008 17:51:47 | Attr =	]
fshke.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\fshke.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 25/01/2008 17:51:48 | Attr =	]
orion.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\orion.dat ->  [Ver =  | Size = 702073 bytes | Modified Date = 25/01/2008 17:47:34 | Attr =	]
orioneng.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\orioneng.dat ->  [Ver =  | Size = 1325 bytes | Modified Date = 25/01/2008 17:47:34 | Attr =	]
orionfin.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\orionfin.dat ->  [Ver =  | Size = 1599 bytes | Modified Date = 25/01/2008 17:47:34 | Attr =	]
perf.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 25/01/2008 18:57:17 | Attr =	]
sae.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 25/01/2008 17:51:47 | Attr =	]
sai.dat -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 25/01/2008 17:51:47 | Attr =	]
FS@swdb.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Spyware\FS@swdb.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 25/01/2008 17:51:45 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 25/01/2008 17:51:47 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 25/01/2008 17:49:32 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 25/01/2008 17:52:08 | Attr =	]
FS@hkeng.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hkeng.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 25/01/2008 17:51:48 | Attr =	]
FS@libra.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@libra.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 25/01/2008 17:49:39 | Attr =	]
FS@ols3bin.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols3bin.ini ->  [Ver =  | Size = 174 bytes | Modified Date = 25/01/2008 17:52:02 | Attr =	]
FS@orion.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@orion.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 25/01/2008 17:47:34 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 25/01/2008 17:51:13 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Neil Hawkes.NEIL\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2499 bytes | Modified Date = 25/01/2008 17:49:32 | Attr =	]
Perflib_Perfdata_78c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_78c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 30/01/2008 17:45:38 | Attr =	]
Perflib_Perfdata_790.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_790.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/01/2008 13:29:00 | Attr =	]
Perflib_Perfdata_7a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 28/01/2008 23:38:41 | Attr =	]
Perflib_Perfdata_7e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 25/01/2008 19:22:04 | Attr =	]
Perflib_Perfdata_ce0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ce0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/01/2008 15:02:50 | Attr =	]
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:33 PM

Posted 31 January 2008 - 04:18 PM

Hi wewillwinit6times. The only problems I see inthe log is that there are multiple anvi-virus applications running (AVG and Avast). Running more than 1 anti-virus application at the same time can cause file access and resource issues and if there is an infection the multiple programs can actually block each other from dealing with the infected file(s). I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems.

There are no URLSearchHooks settings so I do not know what Malware Sweeper is finding. The only information I could find ont he program would lead me to believe it should be uninstalled. See this link for more information and do as you see fit: http://www.2-spyware.com/review-malware-sweeper.html

All in all I'd say you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 wewillwinit6times

wewillwinit6times
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 31 January 2008 - 04:27 PM

Thank you very much for your help and clearing the problem up for me, I'm delighted my pc is clean as it has been worrying me a little for the last couple of weeks.

I don't think I will be using malware sweeper anymore either and yes I will delete one of the anti-virus as I don't want it too cause a problem if I have trouble in the future (fingers crossed I won't though).

Thank you again for your help, this will be the first place to come next time if I need future assistance.

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:33 PM

Posted 01 February 2008 - 10:24 AM

You are very welcome wewillwinit6times, I'm glad that we could help. As this issue apperas to be resolved I will now close this topic. If you have any malware realted issues in teh future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users