Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Centreing Around Hotmail And Google


  • Please log in to reply
20 replies to this topic

#1 spree

spree

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 31 January 2008 - 12:28 PM

Hi, I'm a new user here, found you through a google search for "hipointltd.com"

My problem started on sunday, whenever I did anything within hotmail I got various messages on screen telling me I had viruses on my system and to download xpantivirus to solve it, also Symantec was popping up with messages about programmes it had managed to quarantine. This then progressed into google, whereby 9 out of 10 times if I clicked on a link after a search it would take me to "hipointltd.com" or other sites that were not the intended link, if i refreshed the page then the link worked properly.

Also, Symantec virus scan has been damaged as whenever I try to start a scan the following message appears
"Could not start scan. Scan engine returned error 0x20000058"

I have followed the preparation guide for use before a hijackthis log and now here I am, hope you can help

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:16, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\smc.exe
D:\PROGRA~1\avgrssvc.exe
D:\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\avgamsvr.exe
D:\PROGRA~1\avgupsvc.exe
D:\PROGRA~1\avgrssvc.exe
D:\PROGRA~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\avgcc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\avgfwsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SmcService] D:\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aqa.webex.com/client/T23L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99F74348-CEB5-4DE8-9174-ADF311FC484D}: NameServer = 193.36.79.100 193.36.79.101
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\PROGRA~1\avgfwsrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - G:\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\smc.exe

--
End of file - 8095 bytes

Edited by spree, 31 January 2008 - 12:34 PM.


BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 06 February 2008 - 04:20 PM

Hello spree and welcome to the BC HijackThis forum. Let's see what else we can find.

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 February 2008 - 10:27 AM

WinPFind35 logfile created on: 08/02/2008 15:23:09

WinPFind35U Version Beta46	 Folder = C:\Documents and Settings\Dan Stevenson\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

511.48 Mb Total Physical Memory | 158.01 Mb Available Physical Memory | 30.89% Memory free

1.22 Gb Paging File | 0.79 Gb Available in Paging File | 65.18% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 7.64 Gb Total Space | 1.05 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Drive D: | 7.84 Gb Total Space | 6.67 Gb Free Space | 84.97% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: DAN-STEVENSON

Current User Name: Dan Stevenson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

aawservice.exe -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]

avgamsvr.exe -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

avgupsvc.exe -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]

avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

avgemc.exe -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]

rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]

avgfwsrv.exe -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]

soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 04:42:52 | Attr =	]

vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]

teatimer.exe -> D:\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = RHS]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 07/02/2008 13:47:38 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]

(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

(AVGFwSrv) AVG Firewall [Win32_Own | Auto | Running] -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> G:\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr =	]

(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS.exe -> File not found

(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]

(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 17/08/2001 21:36:54 | Attr =	]

(ServiceLayer) ServiceLayer [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr =	]

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> %System32%\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr =	]

(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> %System32%\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 17/02/2004 10:38:06 | Attr = R  ]

(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511 | Size = 391680 bytes | Modified Date = 13/11/2003 11:25:26 | Attr =	]

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6230 built by: WinDDK | Size = 4027840 bytes | Modified Date = 08/03/2007 13:34:46 | Attr = R  ]

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6497 | Size = 874496 bytes | Modified Date = 07/12/2004 22:06:42 | Attr =	]

(ATITool) ATITool [Kernel | System | Running] -> D:\Program Files\ATITool\atitool.sys ->  [Ver =  | Size = 17408 bytes | Modified Date = 10/01/2005 21:59:58 | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

(AvgMfx86) AVG Minifilter x86 Resident Driver [File_System | System | Running] -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 23:07:18 | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 23:07:18 | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 7.2.17.0 built by: WinDDK | Size = 125952 bytes | Modified Date = 14/08/2003 06:46:48 | Attr =	]

(EzInstall) EzInstall [Kernel | On_Demand | Stopped] -> E:\ezinstall\EzInstall.sys -> File not found

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 15:44:04 | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 218112 bytes | Modified Date = 19/06/2002 19:57:12 | Attr =	]

(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 29184 bytes | Modified Date = 19/06/2002 19:57:14 | Attr =	]

(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080205.017\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 05/02/2008 09:00:00 | Attr =	]

(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080205.017\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 05/02/2008 09:00:00 | Attr =	]

(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 22/02/2007 09:15:56 | Attr =	]

(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]

(nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]

(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %System32%\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 29/08/2006 14:56:18 | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]

(Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Stopped] -> %System32%\drivers\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Modified Date = 17/08/2001 12:28:14 | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 03/11/2005 03:00:00 | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr =	]

(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> System32\DRIVERS\ser2pl.sys -> File not found

(SI3114r) SiI-3114 SATARaid Controller [Kernel | Boot | Running] -> %System32%\drivers\SI3114r.sys -> Silicon Image, Inc [Ver = 1, 0, 0, 7 | Size = 97857 bytes | Modified Date = 09/02/2004 14:27:04 | Attr =	]

(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %System32%\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.8 | Size = 10240 bytes | Modified Date = 15/10/2003 09:28:16 | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(slabbus) USB Data Cable driver (WDM) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\slabbus.sys -> File not found

(slabser) USB Data Cable Drivers [Kernel | On_Demand | Stopped] -> system32\DRIVERS\slabser.sys -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\ss_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Modified Date = 30/08/2005 16:57:18 | Attr =	]

(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\ss_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8304 bytes | Modified Date = 30/08/2005 16:58:56 | Attr =	]

(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\ss_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Modified Date = 30/08/2005 16:59:00 | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.0.0.13 | Size = 73224 bytes | Modified Date = 17/10/2004 12:38:26 | Attr =	]

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(Teefer) Teefer for NT [Kernel | Boot | Running] -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 18:17:02 | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(Vmodem) XP Vmodem [Kernel | Boot | Running] -> %System32%\drivers\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Modified Date = 17/08/2001 12:28:14 | Attr =	]

(Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> %System32%\drivers\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Modified Date = 17/08/2001 12:28:16 | Attr =	]

(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found

(Vvoice) XP Vvoice [Kernel | Boot | Running] -> %System32%\drivers\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Modified Date = 17/08/2001 12:28:16 | Attr =	]

(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 20/02/2006 16:59:28 | Attr = R  ]

(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 20/02/2006 16:59:32 | Attr = R  ]

(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mdm.sys -> MCCI [Ver = V4.34 | Size = 94064 bytes | Modified Date = 20/02/2006 16:59:34 | Attr = R  ]

(w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810mgmt.sys -> MCCI [Ver = V4.34 | Size = 85408 bytes | Modified Date = 20/02/2006 16:59:34 | Attr = R  ]

(w810obex) Sony Ericsson W810 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\w810obex.sys -> MCCI [Ver = V4.34 | Size = 83344 bytes | Modified Date = 20/02/2006 16:59:36 | Attr = R  ]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:38 | Attr =	]

(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %System32%\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:40 | Attr =	]

(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %System32%\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:42 | Attr =	]

(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %System32%\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:44 | Attr =	]

(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 18:18:46 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]

AVG7_CC -> D:\Program Files\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 25/01/2008 16:35:14 | Attr =	]

FRYMXINS -> %ProgramFiles%\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5010 | Size = 53248 bytes | Modified Date = 30/06/2003 20:10:00 | Attr =	]

iTunesHelper -> G:\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr =	]

QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 | Attr =	]

SmcService -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]

SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 04:42:52 | Attr =	]

SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr =	]

vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]

< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 

 ->  -> File not found

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

SpybotSD TeaTimer -> D:\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = RHS]

< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> 

%AllUsersStartup%\Kodak EasyShare software.lnk -> H:\Kodak\Kodak EasyShare software\bin\EasyShare.exe ->  [Ver = 5, 3, 33, 27 | Size = 180224 bytes | Modified Date = 07/06/2006 06:26:28 | Attr =	]

 -> %AllUsersStartup%\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]

< Dan Stevenson Startup Folder > -> C:\Documents and Settings\Dan Stevenson\Start Menu\Programs\Startup -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe																																																										  "C:\Program Files\Common Files\System\svchost.exe" -> explorer.exe																																																										  "%CommonProgramFiles%\System\svchost.exe -> File not found

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 07/12/2004 22:01:10 | Attr =	]

avgwlntf -> %System32%\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

NavLogon -> %System32%\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 30/07/2002 10:33:00 | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.wanadoo.co.uk -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.wanadoo.co.uk/iesearch/default.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> <local> -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

  .[msn] -> My Computer -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 12:02:04 | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{FDEA2C12-A476-A13C-2B4C-A3BD546315C2} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\vd3_sys.dat [] ->  [Ver =  | Size = 56832 bytes | Modified Date = 25/01/2008 11:37:28 | Attr = RHS]

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> File not found

{8B68564D-53FD-4293-B80C-993A9F3988EE} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll [Wanadoo] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Search with Wanadoo -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 13:56:24 | Attr =	]

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

image_azv ->  -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{5C140A5F-D96B-40BD-845D-5BB5C8404312} ->	(Intel(R) PRO/1000 CT Network Connection) -> 

{E4180AA6-5C23-46C5-8DE3-9A5E5CB09839} ->	(1394 Net Adapter) -> 

{E7A89C84-3024-41FD-B77B-2914D2385CFE} ->	() -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000025 -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 

{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 

{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> 

{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://aqa.webex.com/client/T23L/webex/ieatgpc.cab[GpcContainer Class] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 00:56:48 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 788 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 51502 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 

-> Reg Error: Key does not exist or could not be opened. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5C140A5F-D96B-40BD-845D-5BB5C8404312} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E4180AA6-5C23-46C5-8DE3-9A5E5CB09839} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 00:56:48 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 25/01/2008 17:32:54 | Attr = RH ]

HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Created Date = 31/01/2008 17:16:31 | Attr =	]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 25/01/2008 16:35:18 | Attr =	]

Teefer.sys -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 31/01/2008 14:12:06 | Attr =	]

wg3n.sys -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 31/01/2008 14:12:06 | Attr =	]

wg4n.sys -> %System32%\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 31/01/2008 14:12:07 | Attr =	]

wg5n.sys -> %System32%\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 31/01/2008 14:12:07 | Attr =	]

wg6n.sys -> %System32%\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 31/01/2008 14:12:08 | Attr =	]

wpsdrvnt.sys -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 31/01/2008 14:12:04 | Attr =	]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Created Date = 25/01/2008 16:35:20 | Attr =	]

avgwlntf.dll -> %System32%\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Created Date = 25/01/2008 16:35:20 | Attr =	]

SSSensor.dll -> %System32%\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 31/01/2008 14:11:59 | Attr =	]

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 30/01/2008 18:35:29 | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

[Files Created - Additional Folder Scans - Non-Microsoft Only]

avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Created Date = 25/01/2008 16:35:09 | Attr =	]

Dan Stevenson -> %AllUsersAppData%\Dan Stevenson ->  [Folder | Created Date = 10/01/2008 22:10:36 | Attr =	]

Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Created Date = 25/01/2008 16:35:09 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 30/01/2008 14:13:36 | Attr =	]

Program Files -> %AllUsersAppData%\Program Files ->  [Folder | Created Date = 04/02/2008 22:19:51 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 30/01/2008 16:51:07 | Attr =	]

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Created Date = 25/01/2008 16:35:22 | Attr =	]

1 C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp -> 

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1336 bytes | Created Date = 30/01/2008 14:13:45 | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1336 bytes | Created Date = 30/01/2008 14:13:45 | Attr =	]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 498 bytes | Created Date = 25/01/2008 16:35:20 | Attr =	]

OMS Manual.lnk -> %AllUsersDesktop%\OMS Manual.lnk ->  [Ver =  | Size = 1482 bytes | Created Date = 04/02/2008 22:19:14 | Attr =	]

OMS.lnk -> %AllUsersDesktop%\OMS.lnk ->  [Ver =  | Size = 2287 bytes | Created Date = 04/02/2008 22:19:14 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 31/01/2008 17:16:33 | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 31/01/2008 17:16:11 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier

Preparation Guide For Use Before Posting A Hijackthis Log.htm -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.htm ->  [Ver =  | Size = 58450 bytes | Created Date = 30/01/2008 14:21:07 | Attr =	]

Preparation Guide For Use Before Posting A Hijackthis Log_files -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log_files ->  [Folder | Created Date = 30/01/2008 14:21:09 | Attr =	]

Problems Centreing Around Hotmail And Google.htm -> %UserDesktop%\Problems Centreing Around Hotmail And Google.htm ->  [Ver =  | Size = 63114 bytes | Created Date = 08/02/2008 10:39:20 | Attr =	]

Problems Centreing Around Hotmail And Google_files -> %UserDesktop%\Problems Centreing Around Hotmail And Google_files ->  [Folder | Created Date = 08/02/2008 10:39:20 | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 688 bytes | Created Date = 30/01/2008 16:51:14 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 08/02/2008 15:21:34 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478955 bytes | Created Date = 08/02/2008 10:40:00 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

Kodak EasyShare software.lnk -> %AllUsersStartup%\Kodak EasyShare software.lnk ->  [Ver =  | Size = 1585 bytes | Created Date = 04/02/2008 13:56:42 | Attr =	]

update.exe -> %AllUsersStartup%\update.exe ->  [Ver =  | Size = 93925 bytes | Created Date = 25/01/2008 11:37:29 | Attr = RHS]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 30/01/2008 14:11:59 | Attr =	]



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 08/02/2008 13:44:09 | Attr = RH ]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 21/01/2008 19:32:49 | Attr = RHS]

HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 31/01/2008 17:16:32 | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 31/01/2008 17:17:38 | Attr = R  ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 07/02/2008 20:50:10 | Attr =	]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 30/01/2008 16:53:11 | Attr =	]

hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]

hosts.msn -> %System32%\drivers\etc\hosts.msn ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

avgwlntf.dll -> %System32%\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 04/02/2008 14:00:37 | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 08/02/2008 14:29:53 | Attr =	]

color -> %System32%\color ->  [Folder | Modified Date = 04/02/2008 13:58:30 | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 08/02/2008 14:30:05 | Attr = RHS]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 04/02/2008 13:59:12 | Attr =	]

perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 58712 bytes | Modified Date = 08/02/2008 14:32:10 | Attr =	]

perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 392604 bytes | Modified Date = 08/02/2008 14:32:10 | Attr =	]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 458340 bytes | Modified Date = 08/02/2008 14:32:10 | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2300 bytes | Modified Date = 08/02/2008 14:29:01 | Attr =	]

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 30/01/2008 18:40:05 | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 08/02/2008 14:27:32 | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 04/02/2008 14:41:03 | Attr =   S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 04/02/2008 14:00:27 | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 04/02/2008 14:07:45 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 07/02/2008 20:20:08 | Attr =  HS]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 504 bytes | Modified Date = 04/02/2008 22:19:16 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 08/02/2008 15:21:36 | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 25/01/2008 16:33:45 | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 256 bytes | Modified Date = 21/01/2008 19:32:49 | Attr =	]

system32 -> %System32% ->  [Folder | Modified Date = 08/02/2008 14:32:10 | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 08/02/2008 15:20:52 | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 520 bytes | Modified Date = 21/01/2008 19:32:49 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 08/02/2008 14:27:52 | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 08/02/2008 14:29:01 | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 08/02/2008 14:29:01 | Attr =	]

data.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 23/01/2007 11:30:45 | Attr =	]

msetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\msetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 352256 bytes | Modified Date = 29/08/2003 13:46:01 | Attr = R  ]

swsetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swsetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 176128 bytes | Modified Date = 29/08/2003 13:45:57 | Attr = R  ]

21 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 

Setup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 52, 164, 0 | Size = 73728 bytes | Modified Date = 12/01/1999 11:42:20 | Attr = R  ]

_ISDel.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 27/10/1998 12:06:48 | Attr = R  ]

AcroRd32.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 27/03/2001 21:44:58 | Attr = R  ]

swinstres.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swinstres.dll ->  [Ver = 12, 1000, 0, 0 | Size = 45056 bytes | Modified Date = 29/08/2003 14:18:35 | Attr = R  ]

swmires.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swmires.dll ->  [Ver = 12, 1000, 0, 0 | Size = 1744896 bytes | Modified Date = 29/08/2003 14:13:20 | Attr = R  ]

21 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 

_Setup.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 29/09/1998 16:34:56 | Attr = R  ]

AceLite.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AceLite.dll -> Adobe Systems, Incorporated [Ver = 1.02.00 | Size = 397312 bytes | Modified Date = 28/02/2001 09:29:36 | Attr = R  ]

ACROFX32.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\ACROFX32.DLL ->  [Ver =  | Size = 53248 bytes | Modified Date = 12/05/2000 18:30:02 | Attr = R  ]

Agm.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Agm.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1138688 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]

Bib.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Bib.dll -> Adobe Systems, Incorporated [Ver = 1.0.20 | Size = 147456 bytes | Modified Date = 20/01/2001 22:13:36 | Attr = R  ]

CoolType.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\CoolType.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1441792 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]

msvcp60.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 401462 bytes | Modified Date = 01/12/1999 00:40:28 | Attr = R  ]

msvcrt.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8397.0 | Size = 266293 bytes | Modified Date = 11/02/1999 03:33:58 | Attr = R  ]

oleaut32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\oleaut32.dll -> Microsoft Corporation [Ver = 2.30.4261 | Size = 598288 bytes | Modified Date = 18/06/1998 11:33:08 | Attr = R  ]

WHA Library.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\WHA Library.dll -> Adobe Systems Incorporated [Ver = 0.2.0.0 | Size = 167936 bytes | Modified Date = 15/03/2001 06:14:38 | Attr = R  ]

nppdf32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Browser\nppdf32.dll -> Adobe Systems Inc. [Ver = 5.0.0.2001031500 | Size = 103312 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]

NPDocBox.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 14/03/2001 04:52:06 | Attr = R  ]

QT2.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT2.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 24576 bytes | Modified Date = 15/03/2001 06:00:24 | Attr = R  ]

QT3.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT3.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 32768 bytes | Modified Date = 15/03/2001 06:00:42 | Attr = R  ]

QT4.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT4.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 36864 bytes | Modified Date = 15/03/2001 06:01:02 | Attr = R  ]

Uninst.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Uninstall\Uninst.dll -> Adobe Systems, Inc. [Ver = 4.0.11 | Size = 81920 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]

NPSVGVw.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\NPSVGVw.dll -> Adobe Systems Inc. [Ver = 2, 0, 0, 55 | Size = 299059 bytes | Modified Date = 14/03/2001 14:10:56 | Attr = R  ]

SVGControl.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGControl.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 491574 bytes | Modified Date = 14/03/2001 14:14:00 | Attr = R  ]

SVGRSRC.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGRSRC.DLL ->  [Ver =  | Size = 12288 bytes | Modified Date = 14/03/2001 14:06:24 | Attr = R  ]

SVGView.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGView.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 1597491 bytes | Modified Date = 14/03/2001 14:07:52 | Attr = R  ]

lang.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\lang.dat ->  [Ver =  | Size = 23541 bytes | Modified Date = 12/01/1999 10:34:42 | Attr = R  ]

os.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\os.dat ->  [Ver =  | Size = 450 bytes | Modified Date = 27/07/1998 17:41:06 | Attr = R  ]

Abcpy.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Abcpy.ini ->  [Ver =  | Size = 3026 bytes | Modified Date = 04/04/2001 14:57:10 | Attr = R  ]

SETUP.INI -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SETUP.INI ->  [Ver =  | Size = 103 bytes | Modified Date = 28/03/2001 15:30:20 | Attr = R  ]

SVGViewer.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGViewer.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 09/03/2001 11:13:50 | Attr = R  ]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 16/01/2005 22:00:49 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\J30YZFVV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNSCPODD\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\XLPDFZD8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\YI4HLR76\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Modified Date = 25/01/2008 17:32:18 | Attr =	]

Dan Stevenson -> %AllUsersAppData%\Dan Stevenson ->  [Folder | Modified Date = 10/01/2008 22:22:15 | Attr =	]

Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Modified Date = 25/01/2008 16:35:09 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 30/01/2008 14:14:18 | Attr =	]

Program Files -> %AllUsersAppData%\Program Files ->  [Folder | Modified Date = 04/02/2008 22:19:51 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 30/01/2008 17:13:23 | Attr =	]

AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 08/02/2008 12:47:21 | Attr =	]

1 C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp -> 

Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 25/01/2008 16:33:47 | Attr =   S]

Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 08/02/2008 10:48:04 | Attr =	]

1 C:\Documents and Settings\Dan Stevenson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Application Data\*.tmp -> 

ESBK.mb -> %AllUsersDocuments%\ESBK.mb ->  [Ver =  | Size = 5273600 bytes | Modified Date = 08/02/2008 14:31:28 | Attr = R  ]

ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb ->  [Ver =  | Size = 10787840 bytes | Modified Date = 08/02/2008 14:31:28 | Attr = R  ]

My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 20/01/2008 20:16:11 | Attr = R  ]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 30/01/2008 14:13:45 | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 30/01/2008 14:13:45 | Attr =	]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 498 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk ->  [Ver =  | Size = 1923 bytes | Modified Date = 07/02/2008 20:20:08 | Attr =	]

Kodak EasyShare.lnk -> %AllUsersDesktop%\Kodak EasyShare.lnk ->  [Ver =  | Size = 1577 bytes | Modified Date = 04/02/2008 13:56:42 | Attr =	]

OMS Manual.lnk -> %AllUsersDesktop%\OMS Manual.lnk ->  [Ver =  | Size = 1482 bytes | Modified Date = 04/02/2008 22:19:14 | Attr =	]

OMS.lnk -> %AllUsersDesktop%\OMS.lnk ->  [Ver =  | Size = 2287 bytes | Modified Date = 07/02/2008 21:22:53 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 31/01/2008 17:17:40 | Attr =	]

HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 31/01/2008 17:16:22 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HJTInstall.exe:Zone.Identifier

Preparation Guide For Use Before Posting A Hijackthis Log.htm -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log.htm ->  [Ver =  | Size = 58450 bytes | Modified Date = 30/01/2008 14:21:16 | Attr =	]

Preparation Guide For Use Before Posting A Hijackthis Log_files -> %UserDesktop%\Preparation Guide For Use Before Posting A Hijackthis Log_files ->  [Folder | Modified Date = 30/01/2008 14:21:16 | Attr =	]

Problems Centreing Around Hotmail And Google.htm -> %UserDesktop%\Problems Centreing Around Hotmail And Google.htm ->  [Ver =  | Size = 63114 bytes | Modified Date = 08/02/2008 10:39:22 | Attr =	]

Problems Centreing Around Hotmail And Google_files -> %UserDesktop%\Problems Centreing Around Hotmail And Google_files ->  [Folder | Modified Date = 08/02/2008 10:39:21 | Attr =	]

Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 688 bytes | Modified Date = 30/01/2008 16:51:14 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 08/02/2008 15:21:34 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478955 bytes | Modified Date = 08/02/2008 10:40:05 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier

Kodak EasyShare software.lnk -> %AllUsersStartup%\Kodak EasyShare software.lnk ->  [Ver =  | Size = 1585 bytes | Modified Date = 04/02/2008 13:56:42 | Attr =	]

update.exe -> %AllUsersStartup%\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]

Kodak -> %CommonProgramFiles%\Kodak ->  [Folder | Modified Date = 04/02/2008 13:59:51 | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 04/02/2008 22:19:13 | Attr =	]

System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 25/01/2008 11:37:28 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 30/01/2008 14:11:59 | Attr =	]



< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 18 February 2008 - 02:29 PM

Hi spree. I apologize for not getting back to you sooner. I was not informed that you had responded.

Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
YY ->  -> %AllUsersStartup%\update.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> explorer.exe																																																										  "C:\Program Files\Common Files\System\svchost.exe" -> explorer.exe																																																										  "%CommonProgramFiles%\System\svchost.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {FDEA2C12-A476-A13C-2B4C-A3BD546315C2} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\vd3_sys.dat []
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> update.exe -> %AllUsersStartup%\update.exe
[Extra Files]
C:\Program Files\Common Files\System\svchost.exe
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Addition: Before you run the fix delete your current copy of WinPFind35 and download the latest version. It has been updated a few times since you downloaded the version that you have.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Edited by OldTimer, 18 February 2008 - 02:33 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 February 2008 - 07:18 AM

Hi Old Timer, the win32 fix is taking longer than i expected it to and/or crashing. Am I doing something wrong?

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 19 February 2008 - 09:12 AM

Hi spree. What are you referring to by the win32 fix?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 February 2008 - 09:54 AM

Hi OT, I meant the run fix in WinPFind35U, i tried to work around it (I got a not responding message reffering to it)

WinPFind35.Txt

WinPFind35 logfile created on: 19/02/2008 14:49:09
WinPFind35U Version Beta52	 Folder = C:\Documents and Settings\Dan Stevenson\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
511.48 Mb Total Physical Memory | 194.68 Mb Available Physical Memory | 38.06% Memory free
1.22 Gb Paging File | 0.74 Gb Available in Paging File | 60.72% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.64 Gb Total Space | 1.02 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
Drive D: | 7.84 Gb Total Space | 6.67 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 68.36 Gb Total Space | 36.53 Gb Free Space | 53.44% Space Free | Partition Type: NTFS
Drive H: | 68.82 Gb Total Space | 48.38 Gb Free Space | 70.29% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: DAN-STEVENSON
Current User Name: Dan Stevenson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]
avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]
aawservice.exe -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]
avgamsvr.exe -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]
avgupsvc.exe -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]
avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]
avgemc.exe -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]
rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]
avgfwsrv.exe -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]
dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]
avgcc.exe -> D:\Program Files\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 25/01/2008 16:35:14 | Attr =	]
vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 16/02/2008 13:03:26 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]
(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]
(AVGFwSrv) AVG Firewall [Win32_Own | Auto | Running] -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> G:\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr =	]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]
(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 17/08/2001 21:36:54 | Attr =	]
(ServiceLayer) ServiceLayer [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr =	]
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 17/02/2004 10:38:06 | Attr = R  ]
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511 | Size = 391680 bytes | Modified Date = 13/11/2003 11:25:26 | Attr =	]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6230 built by: WinDDK | Size = 4027840 bytes | Modified Date = 08/03/2007 13:34:46 | Attr = R  ]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6497 | Size = 874496 bytes | Modified Date = 07/12/2004 22:06:42 | Attr =	]
(ATITool) ATITool [Kernel | System | Running] -> D:\Program Files\ATITool\atitool.sys ->  [Ver =  | Size = 17408 bytes | Modified Date = 10/01/2005 21:59:58 | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
(AvgMfx86) AVG Minifilter x86 Resident Driver [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 23:07:18 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 23:07:18 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1000325.sys -> Intel Corporation [Ver = 7.2.17.0 built by: WinDDK | Size = 125952 bytes | Modified Date = 14/08/2003 06:46:48 | Attr =	]
(EzInstall) EzInstall [Kernel | On_Demand | Stopped] -> E:\ezinstall\EzInstall.sys -> File not found
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 15:44:04 | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 218112 bytes | Modified Date = 19/06/2002 19:57:12 | Attr =	]
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.0.0.14 | Size = 29184 bytes | Modified Date = 19/06/2002 19:57:14 | Attr =	]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080205.017\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 05/02/2008 09:00:00 | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080205.017\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 05/02/2008 09:00:00 | Attr =	]
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 22/02/2007 09:15:56 | Attr =	]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]
(nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]
(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 09:15:14 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 29/08/2006 14:56:18 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]
(Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Modified Date = 17/08/2001 12:28:14 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 03/11/2005 03:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> D:\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> D:\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> D:\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr =	]
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> System32\DRIVERS\ser2pl.sys -> File not found
(SI3114r) SiI-3114 SATARaid Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SI3114r.sys -> Silicon Image, Inc [Ver = 1, 0, 0, 7 | Size = 97857 bytes | Modified Date = 09/02/2004 14:27:04 | Attr =	]
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.8 | Size = 10240 bytes | Modified Date = 15/10/2003 09:28:16 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(slabbus) USB Data Cable driver (WDM) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\slabbus.sys -> File not found
(slabser) USB Data Cable Drivers [Kernel | On_Demand | Stopped] -> system32\DRIVERS\slabser.sys -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ss_bus.sys -> MCCI [Ver = V4.34 | Size = 58320 bytes | Modified Date = 30/08/2005 16:57:18 | Attr =	]
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ss_mdfl.sys -> MCCI [Ver = V4.34 | Size = 8304 bytes | Modified Date = 30/08/2005 16:58:56 | Attr =	]
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ss_mdm.sys -> MCCI [Ver = V4.34 | Size = 94000 bytes | Modified Date = 30/08/2005 16:59:00 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.0.0.13 | Size = 73224 bytes | Modified Date = 17/10/2004 12:38:26 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 18:17:02 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(Vmodem) XP Vmodem [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Modified Date = 17/08/2001 12:28:14 | Attr =	]
(Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Modified Date = 17/08/2001 12:28:16 | Attr =	]
(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found
(Vvoice) XP Vvoice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Modified Date = 17/08/2001 12:28:16 | Attr =	]
(w810bus) Sony Ericsson W810 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w810bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 20/02/2006 16:59:28 | Attr = R  ]
(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w810mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 20/02/2006 16:59:32 | Attr = R  ]
(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w810mdm.sys -> MCCI [Ver = V4.34 | Size = 94064 bytes | Modified Date = 20/02/2006 16:59:34 | Attr = R  ]
(w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w810mgmt.sys -> MCCI [Ver = V4.34 | Size = 85408 bytes | Modified Date = 20/02/2006 16:59:34 | Attr = R  ]
(w810obex) Sony Ericsson W810 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w810obex.sys -> MCCI [Ver = V4.34 | Size = 83344 bytes | Modified Date = 20/02/2006 16:59:36 | Attr = R  ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:38 | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:40 | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:42 | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:44 | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 18:18:46 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]
AVG7_CC -> D:\Program Files\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 25/01/2008 16:35:14 | Attr =	]
FRYMXINS -> %ProgramFiles%\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5010 | Size = 53248 bytes | Modified Date = 30/06/2003 20:10:00 | Attr =	]
QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 | Attr =	]
SmcService -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]
SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 04:42:52 | Attr =	]
SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr =	]
vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
 ->  -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> D:\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = RHS]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> 
 -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]
< Dan Stevenson Startup Folder > -> C:\Documents and Settings\Dan Stevenson\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> D:\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe																																																										  "C:\Program Files\Common Files\System\svchost.exe" -> explorer.exe																																																										  "%CommonProgramFiles%\System\svchost.exe -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> D:\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr =	]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 07/12/2004 22:01:10 | Attr =	]
avgwlntf -> %SystemRoot%\system32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
NavLogon -> %SystemRoot%\system32\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 30/07/2002 10:33:00 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.wanadoo.co.uk -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.wanadoo.co.uk/iesearch/default.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 
  .[msn] -> My Computer -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 12:02:04 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> File not found
{8B68564D-53FD-4293-B80C-993A9F3988EE} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll [Wanadoo] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found
Search with Wanadoo -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 13:56:24 | Attr =	]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
image_azv ->  -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5C140A5F-D96B-40BD-845D-5BB5C8404312} ->	(Intel(R) PRO/1000 CT Network Connection) -> 
{E4180AA6-5C23-46C5-8DE3-9A5E5CB09839} ->	(1394 Net Adapter) -> 
{E7A89C84-3024-41FD-B77B-2914D2385CFE} ->	() -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://aqa.webex.com/client/T23L/webex/ieatgpc.cab[GpcContainer Class] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 00:56:48 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 792 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23/08/2001 12:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 51906 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 00:56:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 
-> Reg Error: Key does not exist or could not be opened. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5C140A5F-D96B-40BD-845D-5BB5C8404312} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E4180AA6-5C23-46C5-8DE3-9A5E5CB09839} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 00:56:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04/08/2004 00:56:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04/08/2004 00:56:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 04:39:49 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 25/01/2008 17:32:54 | Attr = RH ]
HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 31/01/2008 17:16:32 | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 18:17:02 | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:38 | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:40 | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:42 | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:44 | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 18:18:46 | Attr =	]
avgfwafu.dll -> %SystemRoot%\System32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
avgwlntf.dll -> %SystemRoot%\System32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 15/10/2004 18:32:10 | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 30/01/2008 18:35:29 | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg7 -> %AllUsersProfile%\Application Data\avg7 ->  [Folder | Created Date = 25/01/2008 16:35:09 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 25/01/2008 16:35:09 | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 30/01/2008 14:13:36 | Attr =	]
Program Files -> %AllUsersProfile%\Application Data\Program Files ->  [Folder | Created Date = 04/02/2008 22:19:51 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 30/01/2008 16:51:07 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 19/02/2008 11:56:01 | Attr =	]
AVG7 -> %AppData%\AVG7 ->  [Folder | Created Date = 25/01/2008 16:35:22 | Attr =	]
1 C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp -> 
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 19/02/2008 11:48:28 | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 30/01/2008 14:13:45 | Attr =	]
AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 498 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
OMS Manual.lnk -> %AllUsersProfile%\Desktop\OMS Manual.lnk ->  [Ver =  | Size = 1482 bytes | Modified Date = 04/02/2008 22:19:14 | Attr =	]
OMS.lnk -> %AllUsersProfile%\Desktop\OMS.lnk ->  [Ver =  | Size = 2287 bytes | Modified Date = 13/02/2008 09:30:02 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 406 bytes | Modified Date = 19/02/2008 11:48:36 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 31/01/2008 17:17:40 | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 31/01/2008 17:16:22 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
Preparation Guide For Use Before Posting A Hijackthis Log.htm -> %UserProfile%\Desktop\Preparation Guide For Use Before Posting A Hijackthis Log.htm ->  [Ver =  | Size = 58450 bytes | Modified Date = 30/01/2008 14:21:16 | Attr =	]
Preparation Guide For Use Before Posting A Hijackthis Log_files -> %UserProfile%\Desktop\Preparation Guide For Use Before Posting A Hijackthis Log_files ->  [Folder | Created Date = 30/01/2008 14:21:09 | Attr =	]
Problems Centreing Around Hotmail And Google.htm -> %UserProfile%\Desktop\Problems Centreing Around Hotmail And Google.htm ->  [Ver =  | Size = 208852 bytes | Modified Date = 19/02/2008 12:25:14 | Attr =	]
Problems Centreing Around Hotmail And Google_files -> %UserProfile%\Desktop\Problems Centreing Around Hotmail And Google_files ->  [Folder | Created Date = 19/02/2008 12:25:13 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 688 bytes | Modified Date = 30/01/2008 16:51:14 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 19/02/2008 12:00:26 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 19/02/2008 12:00:11 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
update.exe -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 30/01/2008 14:11:59 | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 15/02/2008 13:57:10 | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 12/02/2008 17:39:42 | Attr = RHS]
HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 31/01/2008 17:16:32 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 31/01/2008 17:17:38 | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 19/02/2008 11:33:15 | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 30/01/2008 16:53:11 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]
hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]
avgfwafu.dll -> %SystemRoot%\System32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
avgwlntf.dll -> %SystemRoot%\System32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 04/02/2008 14:00:37 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 19/02/2008 12:23:25 | Attr =	]
color -> %SystemRoot%\System32\color ->  [Folder | Modified Date = 04/02/2008 13:58:30 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 19/02/2008 12:23:40 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 13/02/2008 10:07:18 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 58712 bytes | Modified Date = 19/02/2008 14:47:39 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 392604 bytes | Modified Date = 19/02/2008 14:47:39 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 458340 bytes | Modified Date = 19/02/2008 14:47:39 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2300 bytes | Modified Date = 19/02/2008 14:44:11 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/02/2008 09:47:27 | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 30/01/2008 18:40:05 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 19/02/2008 14:42:54 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 04/02/2008 14:41:03 | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 04/02/2008 14:00:27 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/02/2008 10:07:12 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/02/2008 15:00:54 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 19/02/2008 11:48:38 | Attr =  HS]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 504 bytes | Modified Date = 04/02/2008 22:19:16 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 19/02/2008 12:12:09 | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 25/01/2008 16:33:45 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 256 bytes | Modified Date = 12/02/2008 17:39:42 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 19/02/2008 14:47:39 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 19/02/2008 14:44:12 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 520 bytes | Modified Date = 12/02/2008 17:39:42 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 19/02/2008 14:43:13 | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 19/02/2008 14:44:55 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 19/02/2008 14:44:55 | Attr =	]
data.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 23/01/2007 11:30:45 | Attr =	]
msetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\msetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 352256 bytes | Modified Date = 29/08/2003 13:46:01 | Attr = R  ]
SSUPDATE.EXE -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 21/06/2007 14:07:10 | Attr =	]
swsetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swsetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 176128 bytes | Modified Date = 29/08/2003 13:45:57 | Attr = R  ]
24 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 
Setup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 52, 164, 0 | Size = 73728 bytes | Modified Date = 12/01/1999 11:42:20 | Attr = R  ]
_ISDel.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 27/10/1998 12:06:48 | Attr = R  ]
AcroRd32.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 27/03/2001 21:44:58 | Attr = R  ]
epurcukver20.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\epurcukver20.dll -> eBay Inc. [Ver = 1, 0, 3, 1 | Size = 159744 bytes | Modified Date = 15/09/2005 15:18:50 | Attr =	]
swinstres.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swinstres.dll ->  [Ver = 12, 1000, 0, 0 | Size = 45056 bytes | Modified Date = 29/08/2003 14:18:35 | Attr = R  ]
swmires.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swmires.dll ->  [Ver = 12, 1000, 0, 0 | Size = 1744896 bytes | Modified Date = 29/08/2003 14:13:20 | Attr = R  ]
24 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 
_Setup.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 29/09/1998 16:34:56 | Attr = R  ]
AceLite.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AceLite.dll -> Adobe Systems, Incorporated [Ver = 1.02.00 | Size = 397312 bytes | Modified Date = 28/02/2001 09:29:36 | Attr = R  ]
ACROFX32.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\ACROFX32.DLL ->  [Ver =  | Size = 53248 bytes | Modified Date = 12/05/2000 18:30:02 | Attr = R  ]
Agm.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Agm.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1138688 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]
Bib.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Bib.dll -> Adobe Systems, Incorporated [Ver = 1.0.20 | Size = 147456 bytes | Modified Date = 20/01/2001 22:13:36 | Attr = R  ]
CoolType.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\CoolType.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1441792 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]
msvcp60.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 401462 bytes | Modified Date = 01/12/1999 00:40:28 | Attr = R  ]
msvcrt.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8397.0 | Size = 266293 bytes | Modified Date = 11/02/1999 03:33:58 | Attr = R  ]
oleaut32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\oleaut32.dll -> Microsoft Corporation [Ver = 2.30.4261 | Size = 598288 bytes | Modified Date = 18/06/1998 11:33:08 | Attr = R  ]
WHA Library.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\WHA Library.dll -> Adobe Systems Incorporated [Ver = 0.2.0.0 | Size = 167936 bytes | Modified Date = 15/03/2001 06:14:38 | Attr = R  ]
nppdf32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Browser\nppdf32.dll -> Adobe Systems Inc. [Ver = 5.0.0.2001031500 | Size = 103312 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]
NPDocBox.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 14/03/2001 04:52:06 | Attr = R  ]
QT2.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT2.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 24576 bytes | Modified Date = 15/03/2001 06:00:24 | Attr = R  ]
QT3.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT3.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 32768 bytes | Modified Date = 15/03/2001 06:00:42 | Attr = R  ]
QT4.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT4.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 36864 bytes | Modified Date = 15/03/2001 06:01:02 | Attr = R  ]
Uninst.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Uninstall\Uninst.dll -> Adobe Systems, Inc. [Ver = 4.0.11 | Size = 81920 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]
NPSVGVw.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\NPSVGVw.dll -> Adobe Systems Inc. [Ver = 2, 0, 0, 55 | Size = 299059 bytes | Modified Date = 14/03/2001 14:10:56 | Attr = R  ]
SVGControl.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGControl.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 491574 bytes | Modified Date = 14/03/2001 14:14:00 | Attr = R  ]
SVGRSRC.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGRSRC.DLL ->  [Ver =  | Size = 12288 bytes | Modified Date = 14/03/2001 14:06:24 | Attr = R  ]
SVGView.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGView.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 1597491 bytes | Modified Date = 14/03/2001 14:07:52 | Attr = R  ]
EPS_PicLookup.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\EPS_PicLookup.dat ->  [Ver =  | Size = 121 bytes | Modified Date = 17/02/2008 21:30:13 | Attr =	]
24 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 
lang.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\lang.dat ->  [Ver =  | Size = 23541 bytes | Modified Date = 12/01/1999 10:34:42 | Attr = R  ]
os.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\os.dat ->  [Ver =  | Size = 450 bytes | Modified Date = 27/07/1998 17:41:06 | Attr = R  ]
Abcpy.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Abcpy.ini ->  [Ver =  | Size = 3026 bytes | Modified Date = 04/04/2001 14:57:10 | Attr = R  ]
SETUP.INI -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SETUP.INI ->  [Ver =  | Size = 103 bytes | Modified Date = 28/03/2001 15:30:20 | Attr = R  ]
SVGViewer.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGViewer.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 09/03/2001 11:13:50 | Attr = R  ]
desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 16/01/2005 22:00:49 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\J30YZFVV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNSCPODD\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\XLPDFZD8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]
desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\YI4HLR76\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg7 -> %AllUsersProfile%\Application Data\avg7 ->  [Folder | Modified Date = 25/01/2008 17:32:18 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 25/01/2008 16:35:09 | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 30/01/2008 14:14:18 | Attr =	]
Program Files -> %AllUsersProfile%\Application Data\Program Files ->  [Folder | Modified Date = 04/02/2008 22:19:51 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 30/01/2008 17:13:23 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 19/02/2008 11:56:01 | Attr =	]
AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 19/02/2008 10:23:07 | Attr =	]
1 C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Application Data\*.tmp -> 
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 25/01/2008 16:33:47 | Attr =   S]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 19/02/2008 11:48:28 | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 10/02/2008 13:31:24 | Attr =	]
1 C:\Documents and Settings\Dan Stevenson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Application Data\*.tmp -> 
ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb ->  [Ver =  | Size = 5273600 bytes | Modified Date = 12/02/2008 17:38:17 | Attr = R  ]
ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb ->  [Ver =  | Size = 10787840 bytes | Modified Date = 12/02/2008 17:38:17 | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 20/01/2008 20:16:11 | Attr = R  ]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1336 bytes | Modified Date = 30/01/2008 14:13:45 | Attr =	]
AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 498 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 1923 bytes | Modified Date = 19/02/2008 10:29:36 | Attr =	]
Kodak EasyShare.lnk -> %AllUsersProfile%\Desktop\Kodak EasyShare.lnk ->  [Ver =  | Size = 1577 bytes | Modified Date = 04/02/2008 13:56:42 | Attr =	]
OMS Manual.lnk -> %AllUsersProfile%\Desktop\OMS Manual.lnk ->  [Ver =  | Size = 1482 bytes | Modified Date = 04/02/2008 22:19:14 | Attr =	]
OMS.lnk -> %AllUsersProfile%\Desktop\OMS.lnk ->  [Ver =  | Size = 2287 bytes | Modified Date = 13/02/2008 09:30:02 | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 406 bytes | Modified Date = 19/02/2008 11:48:36 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 31/01/2008 17:17:40 | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 31/01/2008 17:16:22 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
Preparation Guide For Use Before Posting A Hijackthis Log.htm -> %UserProfile%\Desktop\Preparation Guide For Use Before Posting A Hijackthis Log.htm ->  [Ver =  | Size = 58450 bytes | Modified Date = 30/01/2008 14:21:16 | Attr =	]
Preparation Guide For Use Before Posting A Hijackthis Log_files -> %UserProfile%\Desktop\Preparation Guide For Use Before Posting A Hijackthis Log_files ->  [Folder | Modified Date = 30/01/2008 14:21:16 | Attr =	]
Problems Centreing Around Hotmail And Google.htm -> %UserProfile%\Desktop\Problems Centreing Around Hotmail And Google.htm ->  [Ver =  | Size = 208852 bytes | Modified Date = 19/02/2008 12:25:14 | Attr =	]
Problems Centreing Around Hotmail And Google_files -> %UserProfile%\Desktop\Problems Centreing Around Hotmail And Google_files ->  [Folder | Modified Date = 19/02/2008 12:25:14 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 688 bytes | Modified Date = 30/01/2008 16:51:14 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 19/02/2008 12:01:02 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 19/02/2008 12:00:11 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
update.exe -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]
Kodak -> %CommonProgramFiles%\Kodak ->  [Folder | Modified Date = 04/02/2008 13:59:51 | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 04/02/2008 22:19:13 | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 19/02/2008 14:40:53 | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 19/02/2008 11:47:24 | Attr =	]

< End of report >


#8 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 February 2008 - 09:56 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/19/2008 at 02:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3405
Trace Rules Database Version: 1397

Scan type : Complete Scan
Total Scan Time : 02:00:28

Memory items scanned : 387
Memory threats detected : 0
Registry items scanned : 6188
Registry threats detected : 6
File items scanned : 68976
File threats detected : 9

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}
HKCR\CLSID\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}
HKCR\CLSID\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}
HKCR\CLSID\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}\InprocServer32
HKCR\CLSID\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\SYSTEM\VD3_SYS.DAT
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDEA2C12-A476-A13C-2B4C-A3BD546315C2}

Adware.Tracking Cookie
C:\Documents and Settings\Dan Stevenson\Cookies\dan stevenson@youporn[2].txt
C:\Documents and Settings\Dan Stevenson\Cookies\dan stevenson@adopt.euroclick[2].txt
C:\Documents and Settings\Dan Stevenson\Cookies\dan stevenson@ads-dev.youporn[2].txt
C:\Documents and Settings\Dan Stevenson\Cookies\dan stevenson@monstercockbleepfest[1].txt
C:\Documents and Settings\Dan Stevenson\Cookies\dan stevenson@ads.bleepingcomputer[1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
\WA7P\Quar
\WA7P

Trojan.WindowsUpdate
C:\PROGRAM FILES\COMMON FILES\SYSTEM\SVCHOST.EXE

Edited by spree, 19 February 2008 - 09:57 AM.


#9 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 February 2008 - 10:01 AM

I can't seem to find a .log file in the WinPFind3u/MovedFiles folder

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 19 February 2008 - 10:28 AM

Hi spree. No, there wouldn't be a .log file if it did not finish properly. Let's start round 2 lol.

Step #1

We need to disable TeaTimer so it does not interfere with the changes we are going to make.
  • Start Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools and then click on Resident.
  • Uncheck Resident TeaTimer and choose OK for any further prompts.
  • Restart your computer.
Step #2

Launch Notepad, and copy/paste the text in the quotebox below into the new document. Save it to your desktop as regfix.reg :

REGEDIT4
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"


Locate regfix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

Restart your computer.

Step #3

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\update.exe
Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Step #4

Post the resultrs from jotti and a new WinPFind35 scan. Just use the default options for the WinPFind35 scan.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 February 2008 - 07:41 AM

Hi OT

Jotti's results

File: update.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 80e1cad7d7d469bb3b1466f27ba2f2af
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 21 Feb 2008 12:38:44 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.DownLoader.origin
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found Malware.BVWD
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Edited by spree, 21 February 2008 - 07:42 AM.


#12 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 February 2008 - 07:43 AM

WinPFind35 logfile created on: 21/02/2008 12:42:39

WinPFind35U Version Beta52	 Folder = C:\Documents and Settings\Dan Stevenson\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.48 Mb Total Physical Memory | 252.88 Mb Available Physical Memory | 49.44% Memory free

1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.13% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 7.64 Gb Total Space | 1.00 Gb Free Space | 13.06% Space Free | Partition Type: NTFS

Drive D: | 7.84 Gb Total Space | 6.67 Gb Free Space | 85.02% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 68.36 Gb Total Space | 36.49 Gb Free Space | 53.38% Space Free | Partition Type: NTFS

Drive H: | 68.82 Gb Total Space | 48.38 Gb Free Space | 70.29% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded



Computer Name: DAN-STEVENSON

Current User Name: Dan Stevenson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

aawservice.exe -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]

avgamsvr.exe -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

avgupsvc.exe -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]

avgrssvc.exe -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

avgemc.exe -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]

rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]

avgfwsrv.exe -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr =	]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]

soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 04:42:52 | Attr =	]

avgcc.exe -> D:\Program Files\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 25/01/2008 16:35:14 | Attr =	]

vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 16/02/2008 13:03:26 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 04/01/2008 13:27:08 | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 07/12/2004 21:59:24 | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> D:\Program Files\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> D:\Program Files\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 25/01/2008 16:35:16 | Attr =	]

(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> D:\Program Files\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/01/2008 16:35:13 | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> D:\Program Files\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

(AVGFwSrv) AVG Firewall [Win32_Own | Auto | Running] -> D:\Program Files\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.500 | Size = 838656 bytes | Modified Date = 25/01/2008 16:35:15 | Attr =	]

(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30/07/2002 10:36:00 | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> G:\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr =	]

(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found

(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30/07/2002 10:40:44 | Attr =	]

(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 17/08/2001 21:36:54 | Attr =	]

(ServiceLayer) ServiceLayer [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr =	]

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5134 | Size = 344064 bytes | Modified Date = 07/12/2004 21:10:00 | Attr =	]

AVG7_CC -> D:\Program Files\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 25/01/2008 16:35:14 | Attr =	]

FRYMXINS -> %ProgramFiles%\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5010 | Size = 53248 bytes | Modified Date = 30/06/2003 20:10:00 | Attr =	]

QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 | Attr =	]

SmcService -> D:\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr =	]

SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 04:42:52 | Attr =	]

SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr =	]

vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 77824 bytes | Modified Date = 30/07/2002 10:35:04 | Attr =	]

< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 

 ->  -> File not found

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> 

 -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe ->  [Ver =  | Size = 93925 bytes | Modified Date = 25/01/2008 11:37:29 | Attr = RHS]

< Dan Stevenson Startup Folder > -> C:\Documents and Settings\Dan Stevenson\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> D:\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

!SASWinLogon -> D:\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr =	]

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 07/12/2004 22:01:10 | Attr =	]

avgwlntf -> %SystemRoot%\system32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

NavLogon -> %SystemRoot%\system32\NavLogon.dll ->  [Ver =  | Size = 45056 bytes | Modified Date = 30/07/2002 10:33:00 | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

< HOSTS File > (224466 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.wanadoo.co.uk -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.wanadoo.co.uk/iesearch/default.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

33 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 

  .[msn] -> My Computer -> 

32 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 12:02:04 | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> File not found

{8B68564D-53FD-4293-B80C-993A9F3988EE} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll [Wanadoo] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 09/01/2008 15:01:48 | Attr =	]

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> D:\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr =	]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll -> File not found

Search with Wanadoo -> %SystemDrive%\PROGRA~1\Wanadoo\WSBar\WSBar.dll -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 13:56:24 | Attr =	]

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

image_azv ->  -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{5C140A5F-D96B-40BD-845D-5BB5C8404312} ->	(Intel(R) PRO/1000 CT Network Connection) -> 

{E4180AA6-5C23-46C5-8DE3-9A5E5CB09839} ->	(1394 Net Adapter) -> 

{E7A89C84-3024-41FD-B77B-2914D2385CFE} ->	() -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 

{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 

{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 

{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab[Java Plug-in 1.4.2] -> 

{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> 

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://aqa.webex.com/client/T23L/webex/ieatgpc.cab[GpcContainer Class] -> 

DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 







[Files/Folders - Created Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 25/01/2008 17:32:54 | Attr = RH ]

HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 31/01/2008 17:16:32 | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 15/10/2004 18:17:02 | Attr =	]

wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:38 | Attr =	]

wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:40 | Attr =	]

wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:42 | Attr =	]

wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 15/10/2004 18:32:44 | Attr =	]

wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 15/10/2004 18:18:46 | Attr =	]

avgfwafu.dll -> %SystemRoot%\System32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

avgwlntf.dll -> %SystemRoot%\System32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 15/10/2004 18:32:10 | Attr =	]

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 30/01/2008 18:35:29 | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 



[Files/Folders - Modified Within 30 days]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 15/02/2008 13:57:10 | Attr = RH ]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 12/02/2008 17:39:42 | Attr = RHS]

HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 31/01/2008 17:16:32 | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 31/01/2008 17:17:38 | Attr = R  ]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 21/02/2008 12:14:47 | Attr =	]

avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 25/01/2008 16:35:18 | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 30/01/2008 16:53:11 | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]

hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn ->  [Ver =  | Size = 224466 bytes | Modified Date = 30/01/2008 16:53:11 | Attr = R  ]

avgfwafu.dll -> %SystemRoot%\System32\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.464 | Size = 110592 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

avgwlntf.dll -> %SystemRoot%\System32\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 25/01/2008 16:35:20 | Attr =	]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 04/02/2008 14:00:37 | Attr =	]

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 21/02/2008 12:26:26 | Attr =	]

color -> %SystemRoot%\System32\color ->  [Folder | Modified Date = 04/02/2008 13:58:30 | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 21/02/2008 12:26:43 | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 13/02/2008 10:07:18 | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 58712 bytes | Modified Date = 21/02/2008 12:29:09 | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 392604 bytes | Modified Date = 21/02/2008 12:29:09 | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 458340 bytes | Modified Date = 21/02/2008 12:29:09 | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2300 bytes | Modified Date = 21/02/2008 12:25:37 | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/02/2008 09:47:27 | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 30/01/2008 18:40:05 | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 21/02/2008 12:24:21 | Attr =   S]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 04/02/2008 14:41:03 | Attr =   S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 04/02/2008 14:00:27 | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/02/2008 10:07:12 | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/02/2008 15:00:54 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 19/02/2008 11:48:38 | Attr =  HS]

ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 504 bytes | Modified Date = 04/02/2008 22:19:16 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 21/02/2008 12:22:53 | Attr =	]

system -> %SystemRoot%\system ->  [Folder | Modified Date = 25/01/2008 16:33:45 | Attr =	]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 256 bytes | Modified Date = 12/02/2008 17:39:42 | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 21/02/2008 12:29:09 | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 21/02/2008 12:25:44 | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 520 bytes | Modified Date = 12/02/2008 17:39:42 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 21/02/2008 12:24:48 | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 21/02/2008 12:26:24 | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5470 bytes | Modified Date = 21/02/2008 12:26:25 | Attr =	]

data.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 23/01/2007 11:30:45 | Attr =	]

msetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\msetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 352256 bytes | Modified Date = 29/08/2003 13:46:01 | Attr = R  ]

SSUPDATE.EXE -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 21/06/2007 14:07:10 | Attr =	]

swsetup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swsetup.exe -> SolidWorks Corporation [Ver = 12, 1000, 0, 0 | Size = 176128 bytes | Modified Date = 29/08/2003 13:45:57 | Attr = R  ]

25 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 

Setup.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 5, 52, 164, 0 | Size = 73728 bytes | Modified Date = 12/01/1999 11:42:20 | Attr = R  ]

_ISDel.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_ISDel.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 27648 bytes | Modified Date = 27/10/1998 12:06:48 | Attr = R  ]

AcroRd32.exe -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.1.2001032700 | Size = 3870784 bytes | Modified Date = 27/03/2001 21:44:58 | Attr = R  ]

epurcukver20.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\epurcukver20.dll -> eBay Inc. [Ver = 1, 0, 3, 1 | Size = 159744 bytes | Modified Date = 15/09/2005 15:18:50 | Attr =	]

swinstres.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swinstres.dll ->  [Ver = 12, 1000, 0, 0 | Size = 45056 bytes | Modified Date = 29/08/2003 14:18:35 | Attr = R  ]

swmires.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\swmires.dll ->  [Ver = 12, 1000, 0, 0 | Size = 1744896 bytes | Modified Date = 29/08/2003 14:13:20 | Attr = R  ]

25 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 

_Setup.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 5, 50, 134, 0 | Size = 34816 bytes | Modified Date = 29/09/1998 16:34:56 | Attr = R  ]

AceLite.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\AceLite.dll -> Adobe Systems, Incorporated [Ver = 1.02.00 | Size = 397312 bytes | Modified Date = 28/02/2001 09:29:36 | Attr = R  ]

ACROFX32.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\ACROFX32.DLL ->  [Ver =  | Size = 53248 bytes | Modified Date = 12/05/2000 18:30:02 | Attr = R  ]

Agm.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Agm.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1138688 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]

Bib.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Bib.dll -> Adobe Systems, Incorporated [Ver = 1.0.20 | Size = 147456 bytes | Modified Date = 20/01/2001 22:13:36 | Attr = R  ]

CoolType.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\CoolType.dll -> Adobe Systems, Incorporated [Ver = 4.04.26 | Size = 1441792 bytes | Modified Date = 14/03/2001 10:06:02 | Attr = R  ]

msvcp60.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcp60.dll -> Microsoft Corporation [Ver = 6.00.8168.0 | Size = 401462 bytes | Modified Date = 01/12/1999 00:40:28 | Attr = R  ]

msvcrt.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8397.0 | Size = 266293 bytes | Modified Date = 11/02/1999 03:33:58 | Attr = R  ]

oleaut32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\oleaut32.dll -> Microsoft Corporation [Ver = 2.30.4261 | Size = 598288 bytes | Modified Date = 18/06/1998 11:33:08 | Attr = R  ]

WHA Library.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\WHA Library.dll -> Adobe Systems Incorporated [Ver = 0.2.0.0 | Size = 167936 bytes | Modified Date = 15/03/2001 06:14:38 | Attr = R  ]

nppdf32.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Browser\nppdf32.dll -> Adobe Systems Inc. [Ver = 5.0.0.2001031500 | Size = 103312 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]

NPDocBox.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 14/03/2001 04:52:06 | Attr = R  ]

QT2.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT2.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 24576 bytes | Modified Date = 15/03/2001 06:00:24 | Attr = R  ]

QT3.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT3.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 32768 bytes | Modified Date = 15/03/2001 06:00:42 | Attr = R  ]

QT4.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\plug_ins\Movie\QT4.dll -> Adobe Systems, Inc. [Ver = 5.0.0.0 | Size = 36864 bytes | Modified Date = 15/03/2001 06:01:02 | Attr = R  ]

Uninst.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Reader\Uninstall\Uninst.dll -> Adobe Systems, Inc. [Ver = 4.0.11 | Size = 81920 bytes | Modified Date = 26/02/2001 21:48:44 | Attr = R  ]

NPSVGVw.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\NPSVGVw.dll -> Adobe Systems Inc. [Ver = 2, 0, 0, 55 | Size = 299059 bytes | Modified Date = 14/03/2001 14:10:56 | Attr = R  ]

SVGControl.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGControl.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 491574 bytes | Modified Date = 14/03/2001 14:14:00 | Attr = R  ]

SVGRSRC.DLL -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGRSRC.DLL ->  [Ver =  | Size = 12288 bytes | Modified Date = 14/03/2001 14:06:24 | Attr = R  ]

SVGView.dll -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGView.dll -> Adobe Systems Incorporated [Ver = 2, 0, 0, 55 | Size = 1597491 bytes | Modified Date = 14/03/2001 14:07:52 | Attr = R  ]

EPS_PicLookup.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\EPS_PicLookup.dat ->  [Ver =  | Size = 121 bytes | Modified Date = 17/02/2008 21:30:13 | Attr =	]

25 C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\*.tmp -> 

lang.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\lang.dat ->  [Ver =  | Size = 23541 bytes | Modified Date = 12/01/1999 10:34:42 | Attr = R  ]

os.dat -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\os.dat ->  [Ver =  | Size = 450 bytes | Modified Date = 27/07/1998 17:41:06 | Attr = R  ]

Abcpy.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\Abcpy.ini ->  [Ver =  | Size = 3026 bytes | Modified Date = 04/04/2001 14:57:10 | Attr = R  ]

SETUP.INI -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SETUP.INI ->  [Ver =  | Size = 103 bytes | Modified Date = 28/03/2001 15:30:20 | Attr = R  ]

SVGViewer.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\pft317~tmp\SVG Files\SVGViewer.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 09/03/2001 11:13:50 | Attr = R  ]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 16/01/2005 22:00:49 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\J30YZFVV\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNSCPODD\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\XLPDFZD8\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]

desktop.ini -> C:\Documents and Settings\Dan Stevenson\Local Settings\Temp\Temporary Internet Files\Content.IE5\YI4HLR76\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 25/08/2007 08:19:41 | Attr =  HS]



< End of report >


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 21 February 2008 - 10:08 AM

Hi spree. I don't like the looks of that update.exe file. Let's move it out of there.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
YY ->  -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 spree

spree
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 February 2008 - 11:08 AM

Hi OT

I tried to run the fix in WinPFind35U, but after a few minutes it went to Not Responding, I checked the tea-timer and it is disabled, could the infection be causing this?

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:42 PM

Posted 21 February 2008 - 02:33 PM

Hi spree. I think that might be the reason. Let's use something else to remove that file.

Step #1
Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%AllUsersProfile%\Start Menu\Programs\Startup\update.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
YY ->  -> %AllUsersProfile%\Start Menu\Programs\Startup\update.exe

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users