Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser & Laptop Very Slow Cannot Update Any Protection


  • Please log in to reply
3 replies to this topic

#1 mrpugowski

mrpugowski

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 20 December 2006 - 04:58 PM

Hi thanks for taking the time to look at my problem.
My browser runs very slow and laptop generally, I am unable to Turn on my sygate firewall, I did not turn it off.
My Computer goes to hibernate or similar I did not set this up.
Any off your suggested scans and my own protection - Ad Aware / Spybot / Avg Free would not update. Panda scaned but did not offer a way to fix problems apart from a paid fix. House call could not get definitions.
I have used a system tool called Advance windows care v2 recently and made some minor changes to programs that start up, all safe I think.
Generally my system seems strange and slow.

Logfile of HijackThis v1.99.1
Scan saved at 08:22:33, on 21/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\IP Operator\IPOperator.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\ANDREW\Local Settings\Temporary Internet Files\Content.IE5\O7K95OCO\stng260[1].exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\HJT\analyse.exe
C:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [batterymiser] C:\Program Files\Battery miser\batterymiser.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [IPOperator] "C:\Program Files\IP Operator\IPOperator.exe" -aUtOsTaRtFrOmReG
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SobrietyCheck.lnk = C:\Program Files\SobrietyCheck\sober.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://images.internetphotosdirect.co.uk/s...on/uploader.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


Thanks
Andrew

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 23 December 2006 - 12:55 PM

Hello mrpugowski and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. Let's try a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mrpugowski

mrpugowski
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 23 December 2006 - 09:16 PM

WinPFind3 logfile created on: 24/12/2006 12:09:47
WinPFind3U by OldTimer - Version 1.0.1 Folder = C:\Documents and Settings\ANDREW\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5700.6)


[Processes - Non-Microsoft Only]
agrsmmsg.exe -> C:\Windows\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.28 2.1.28 03/31/2003 13:54:16 | Size = 88267 bytes | Modified Date = 31/03/2003 15:54:18 | Attr = R ]
avgamsvr.exe -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 18/12/2006 17:37:04 | Attr = ]
avgcc.exe -> C:\Program Files\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 18/12/2006 17:37:04 | Attr = ]
avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 18/12/2006 17:37:14 | Attr = ]
avgupsvc.exe -> C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/12/2006 17:37:22 | Attr = ]
batterymiser.exe -> C:\Program Files\Battery miser\batterymiser.exe -> LG Electronics Inc. [Ver = 3, 14, 0, 0 | Size = 253952 bytes | Modified Date = 24/03/2004 05:46:44 | Attr = ]
freeram xp pro.exe -> C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe -> YourWare Solutions ™ [Ver = 1.5.1.0 | Size = 1591808 bytes | Modified Date = 13/12/2006 00:56:08 | Attr = ]
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 18/10/2006 11:57:16 | Attr = ]
guard.exe -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 01:13:20 | Attr = ]
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 5.0.1.4 | Size = 323584 bytes | Modified Date = 16/09/2005 08:42:52 | Attr = ]
ipoperator.exe -> C:\Program Files\IP Operator\IPOperator.exe -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 03/03/2004 08:29:10 | Attr = ]
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 5.0.1.4 | Size = 274432 bytes | Modified Date = 16/09/2005 08:43:06 | Attr = ]
logmein.exe -> C:\Program Files\LogMeIn\LogMeIn.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 1622768 bytes | Modified Date = 06/10/2006 19:55:16 | Attr = ]
logmeinsystray.exe -> C:\Program Files\LogMeIn\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 303864 bytes | Modified Date = 06/10/2006 19:55:48 | Attr = ]
picasamediadetector.exe -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 11/11/2006 07:11:12 | Attr = ]
ramaint.exe -> C:\Program Files\LogMeIn\ramaint.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 62200 bytes | Modified Date = 06/10/2006 19:55:54 | Attr = ]
regsrvc.exe -> C:\Windows\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 21/06/2003 01:54:18 | Attr = ]
s24evmon.exe -> C:\Windows\system32\S24EvMon.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 303171 bytes | Modified Date = 21/06/2003 01:55:22 | Attr = ]
smc.exe -> C:\Program Files\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.5.00.2710 | Size = 2532576 bytes | Modified Date = 13/08/2004 20:05:56 | Attr = ]
syntplpr.exe -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.7.1 11Sep03 | Size = 110592 bytes | Modified Date = 12/09/2003 17:19:00 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\ANDREW\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.1.0 | Size = 302592 bytes | Modified Date = 21/12/2006 20:20:08 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 01:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 18/12/2006 17:37:04 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/12/2006 17:37:22 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 18/12/2006 17:37:14 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 18:56:48 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 5.0.1.4 | Size = 323584 bytes | Modified Date = 16/09/2005 08:42:52 | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> C:\Program Files\LogMeIn\ramaint.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 62200 bytes | Modified Date = 06/10/2006 19:55:54 | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> C:\Program Files\LogMeIn\LogMeIn.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 1622768 bytes | Modified Date = 06/10/2006 19:55:16 | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> C:\Windows\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 21/06/2003 01:54:18 | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> C:\Windows\system32\S24EvMon.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 303171 bytes | Modified Date = 21/06/2003 01:55:22 | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> C:\Program Files\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.5.00.2710 | Size = 2532576 bytes | Modified Date = 13/08/2004 20:05:56 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG -> C:\Windows\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.28 2.1.28 03/31/2003 13:54:16 | Size = 88267 bytes | Modified Date = 31/03/2003 15:54:18 | Attr = R ]
AVG7_CC -> C:\Program Files\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 18/12/2006 17:37:04 | Attr = ]
batterymiser -> C:\Program Files\Battery miser\batterymiser.exe -> LG Electronics Inc. [Ver = 3, 14, 0, 0 | Size = 253952 bytes | Modified Date = 24/03/2004 05:46:44 | Attr = ]
IPOperator -> C:\Program Files\IP Operator\IPOperator.exe -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 03/03/2004 08:29:10 | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 5.0.1.4 | Size = 274432 bytes | Modified Date = 16/09/2005 08:43:06 | Attr = ]
KernelFaultCheck -> -> File not found
LogMeIn GUI -> C:\Program Files\LogMeIn\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 303864 bytes | Modified Date = 06/10/2006 19:55:48 | Attr = ]
Picasa Media Detector -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 11/11/2006 07:11:12 | Attr = ]
SmcService -> C:\Program Files\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.5.00.2710 | Size = 2532576 bytes | Modified Date = 13/08/2004 20:05:56 | Attr = ]
SynTPLpr -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.7.1 11Sep03 | Size = 110592 bytes | Modified Date = 12/09/2003 17:19:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FreeRAM XP -> C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe -> YourWare Solutions ™ [Ver = 1.5.1.0 | Size = 1591808 bytes | Modified Date = 13/12/2006 00:56:08 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 29/09/2006 01:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> C:\Windows\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2285 | Size = 319488 bytes | Modified Date = 02/10/2003 16:18:00 | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSimpleStartMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceStartMenuLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=54729 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://news.bbc.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 02:56:50 | Attr = ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 65 | Size = 726568 bytes | Modified Date = 11/12/2006 20:38:28 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 12:38:04 | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 12:38:04 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12/10/2006 12:38:04 | Attr = R ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{1F958B09-3312-7f0e-9723-4C1324C57B20} -> 8197 - Reg Data - Value does not exist ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8195 - Uninstall BitDefender Online Scanner v8 ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8196 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]
{1F958B09-3312-7f0e-9723-4C1324C57B20} -> C:\Program Files\Internet Radio\Radio.exe [ButtonText: Internet Radio by Endicosoft.com] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07} -> Reg Data - Value does not exist [ButtonText: Skype] -> File not found
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 7.7.1 11Sep03 | Size = 5750784 bytes | Modified Date = 12/09/2003 17:11:00 | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} [HKLM] -> C:\Program Files\Logitech\Video\Namespc2.dll [My Logitech Pictures] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 135168 bytes | Modified Date = 08/06/2005 16:25:52 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\Windows\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 31/03/2003 23:00:00 | Attr = ]
{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 2916 | Size = 45124 bytes | Modified Date = 01/03/2004 20:57:48 | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/12/2006 17:37:16 | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/12/2006 17:37:16 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> E:\iTunesMiniPlayer.dll [iTunes] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Modified Date = 28/10/2004 08:03:32 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 22:40:48 | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/12/2006 17:37:16 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 22:40:48 | Attr = ]
{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 2916 | Size = 45124 bytes | Modified Date = 01/03/2004 20:57:48 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\Windows\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.2285 | Size = 204800 bytes | Modified Date = 02/10/2003 16:36:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/12/2006 17:37:16 | Attr = ]
{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} [HKLM] -> C:\Program Files\JetAudio\JetFlExt.dll [jetAudio] -> JetAudio, Inc. [Ver = 6, 0, 0, 2916 | Size = 45124 bytes | Modified Date = 01/03/2004 20:57:48 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 03:20:02 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{57BB8EE4-D276-4018-8AE5-DE206549C657} -> () ->
{75E42F07-C995-48FB-BB6F-31284D76D26F} -> (D-Link DSL-302G Modem) ->
{78D27B29-2CA2-4E0C-AA21-683AD32D3B7A} -> (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter) ->
{A88E4DFD-CE74-4F1E-B596-4C7E8924B81C} -> (1394 Net Adapter) ->
{B06DE302-6885-4306-A0BE-FC87C34DBE53} -> (3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) ->
{D39087B8-3F27-461D-B325-D591A3429DE4} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.2a | Size = 33280 bytes | Modified Date = 25/08/2006 12:31:04 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> C:\Program Files\Common Files\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 01/11/2006 15:21:20 | Attr = R ]


[Files - Created Wihin 30 days]
.rnd -> C:\.rnd -> [Ver = | Size = 1024 bytes | Created Date = 18/12/2006 22:40:13 | Attr = ]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 518508544 bytes | Created Date = 02/01/1601 14:00:00 | Attr = HS]
newfiles.txt -> C:\newfiles.txt -> [Ver = | Size = 27193 bytes | Created Date = 30/11/2006 18:41:50 | Attr = ]
runkeys.txt -> C:\runkeys.txt -> [Ver = | Size = 21986 bytes | Created Date = 30/11/2006 18:40:17 | Attr = ]
ctor.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69715 bytes | Created Date = 25/11/2006 12:30:40 | Attr = ]
DotNetInstaller.exe -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.50.0.42618 | Size = 5632 bytes | Created Date = 25/11/2006 12:30:40 | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Created Date = 25/11/2006 12:30:35 | Attr = ]
iKernel.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 757760 bytes | Created Date = 25/11/2006 12:30:39 | Attr = ]
iscript.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 274432 bytes | Created Date = 25/11/2006 12:30:40 | Attr = ]
iuser.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 204800 bytes | Created Date = 25/11/2006 12:30:40 | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Created Date = 25/11/2006 12:30:35 | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Created Date = 28/11/2006 21:10:53 | Attr = ]
COM+.log -> C:\WINDOWS\COM+.log -> [Ver = | Size = 1450 bytes | Created Date = 13/12/2006 00:13:29 | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 10258 bytes | Created Date = 18/12/2006 06:46:35 | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 30794 bytes | Created Date = 18/12/2006 06:46:24 | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 4994 bytes | Created Date = 18/12/2006 06:46:31 | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Created Date = 18/12/2006 06:46:44 | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Created Date = 18/12/2006 06:46:44 | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 14257 bytes | Created Date = 18/12/2006 06:47:46 | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 14436 bytes | Created Date = 17/12/2006 17:36:09 | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 12920 bytes | Created Date = 18/12/2006 06:52:55 | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 14007 bytes | Created Date = 17/12/2006 17:36:44 | Attr = ]
KB929120.log -> C:\WINDOWS\KB929120.log -> [Ver = | Size = 13925 bytes | Created Date = 17/12/2006 17:37:12 | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 1545 bytes | Created Date = 18/12/2006 06:46:46 | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 6232 bytes | Created Date = 18/12/2006 06:46:38 | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 14580 bytes | Created Date = 18/12/2006 06:46:21 | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 1710 bytes | Created Date = 18/12/2006 06:46:50 | Attr = ]
pavsig.txt -> C:\WINDOWS\pavsig.txt -> [Ver = | Size = 32 bytes | Created Date = 29/11/2006 22:03:51 | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 24/12/2006 00:24:49 | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 24/12/2006 00:24:49 | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 5952 bytes | Created Date = 28/11/2006 21:10:21 | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 60 bytes | Created Date = 18/12/2006 06:46:34 | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 117348 bytes | Created Date = 29/11/2006 22:02:50 | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 18/12/2006 06:46:35 | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Created Date = 28/11/2006 21:10:28 | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 11795 bytes | Created Date = 18/12/2006 06:46:43 | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 1977 bytes | Created Date = 18/12/2006 06:45:54 | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 252 bytes | Created Date = 28/11/2006 21:10:30 | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Created Date = 28/11/2006 21:10:28 | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 194981 bytes | Created Date = 28/11/2006 20:49:02 | Attr = ]
java.exe -> C:\WINDOWS\System32\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 02/12/2006 06:10:32 | Attr = ]
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 02/12/2006 06:10:32 | Attr = ]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 02/12/2006 06:10:32 | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8599 bytes | Created Date = 02/12/2006 06:09:17 | Attr = ]
LMIinit.dll -> C:\WINDOWS\System32\LMIinit.dll -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 11504 bytes | Created Date = 18/12/2006 22:40:18 | Attr = ]
LMIport.dll -> C:\WINDOWS\System32\LMIport.dll -> 3am Labs, Inc. [Ver = 0.2.0.0 | Size = 13040 bytes | Created Date = 18/12/2006 22:40:41 | Attr = ]
locate.com -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Created Date = 30/11/2006 18:41:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WINDOWS\System32\locate.com:Zone.Identifier ->
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 3532 bytes | Created Date = 18/12/2006 06:52:44 | Attr = ]
AvgAsCln.sys -> C:\WINDOWS\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 27/11/2006 22:15:36 | Attr = ]
avgclean.sys -> C:\WINDOWS\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 18/12/2006 16:37:23 | Attr = ]
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Created Date = 18/12/2006 16:37:22 | Attr = ]

[Files - Modified Wihin 30 days]
.rnd -> C:\.rnd -> [Ver = | Size = 1024 bytes | Modified Date = 18/12/2006 23:40:16 | Attr = ]
boot.ini -> C:\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 21/12/2006 01:10:46 | Attr = RHS]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 518508544 bytes | Modified Date = 24/12/2006 01:23:00 | Attr = HS]
newfiles.txt -> C:\newfiles.txt -> [Ver = | Size = 27193 bytes | Modified Date = 02/12/2006 15:41:34 | Attr = ]
runkeys.txt -> C:\runkeys.txt -> [Ver = | Size = 21986 bytes | Modified Date = 02/12/2006 08:40:34 | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Modified Date = 25/11/2006 13:30:36 | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Modified Date = 25/11/2006 13:30:36 | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 24/12/2006 01:23:38 | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 24/12/2006 01:23:02 | Attr = S]
COM+.log -> C:\WINDOWS\COM+.log -> [Ver = | Size = 1450 bytes | Modified Date = 13/12/2006 01:13:40 | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 10258 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 30794 bytes | Modified Date = 18/12/2006 07:55:44 | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 4994 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 18/12/2006 07:52:54 | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 14257 bytes | Modified Date = 18/12/2006 07:51:52 | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 14436 bytes | Modified Date = 18/12/2006 07:47:00 | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 12920 bytes | Modified Date = 18/12/2006 07:55:44 | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 14007 bytes | Modified Date = 18/12/2006 07:47:42 | Attr = ]
KB929120.log -> C:\WINDOWS\KB929120.log -> [Ver = | Size = 13925 bytes | Modified Date = 18/12/2006 07:52:54 | Attr = ]
ModemLog_Agere Systems AC'97 Modem.txt -> C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -> [Ver = | Size = 3698 bytes | Modified Date = 24/12/2006 01:23:34 | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 1545 bytes | Modified Date = 18/12/2006 07:55:44 | Attr = ]
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 21/12/2006 19:37:44 | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 6232 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 14580 bytes | Modified Date = 18/12/2006 07:55:44 | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 1710 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
pavsig.txt -> C:\WINDOWS\pavsig.txt -> [Ver = | Size = 32 bytes | Modified Date = 24/12/2006 01:58:10 | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 24/12/2006 01:24:50 | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 24/12/2006 01:24:50 | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 5952 bytes | Modified Date = 24/12/2006 01:20:30 | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 60 bytes | Modified Date = 21/12/2006 00:40:32 | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 117348 bytes | Modified Date = 21/12/2006 18:18:34 | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Modified Date = 18/12/2006 07:46:36 | Attr = ]
Sti_Trace.log -> C:\WINDOWS\Sti_Trace.log -> [Ver = | Size = 0 bytes | Modified Date = 28/11/2006 22:10:30 | Attr = ]
system.ini -> C:\WINDOWS\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 21/12/2006 01:10:46 | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 11795 bytes | Modified Date = 18/12/2006 07:55:46 | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 1977 bytes | Modified Date = 18/12/2006 07:47:30 | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 252 bytes | Modified Date = 24/12/2006 01:23:58 | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 24/12/2006 01:24:04 | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 642 bytes | Modified Date = 21/12/2006 01:10:46 | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 194981 bytes | Modified Date = 21/12/2006 19:41:28 | Attr = ]
Help.ico -> C:\WINDOWS\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 24/12/2006 01:58:02 | Attr = ]
jupdate-1.5.0_10-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_10-b03.log -> [Ver = | Size = 8599 bytes | Modified Date = 02/12/2006 07:10:30 | Attr = ]
locate.com -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 30/11/2006 19:41:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> C:\WINDOWS\System32\locate.com:Zone.Identifier ->
pavas.ico -> C:\WINDOWS\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 24/12/2006 01:58:02 | Attr = ]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 47326 bytes | Modified Date = 13/12/2006 00:41:10 | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 368548 bytes | Modified Date = 13/12/2006 00:41:12 | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 367494 bytes | Modified Date = 13/12/2006 00:41:10 | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 3532 bytes | Modified Date = 18/12/2006 07:52:46 | Attr = ]
Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 24/12/2006 01:58:02 | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 24/12/2006 01:23:58 | Attr = ]
avg7core.sys -> C:\WINDOWS\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 18/12/2006 17:37:30 | Attr = ]
avg7rsw.sys -> C:\WINDOWS\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 18/12/2006 17:37:30 | Attr = ]
avg7rsxp.sys -> C:\WINDOWS\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7,1,0,398 | Size = 28416 bytes | Modified Date = 18/12/2006 17:37:24 | Attr = ]
avgclean.sys -> C:\WINDOWS\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 18/12/2006 17:37:24 | Attr = ]
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.416 | Size = 18240 bytes | Modified Date = 18/12/2006 17:37:24 | Attr = ]
avgtdi.sys -> C:\WINDOWS\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 18/12/2006 17:37:24 | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 04/03/2005 04:09:40 | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 09/11/2006 15:38:38 | Attr = ]
WSUD , -> C:\Program Files\Common Files\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 12/01/1999 11:29:28 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> C:\WINDOWS\lpt$vpn.594 -> [Ver = | Size = 14814185 bytes | Modified Date = 22/04/2005 15:01:26 | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\RMAgentOutput.dll -> [Ver = | Size = 25157 bytes | Modified Date = 09/04/2005 04:11:30 | Attr = ]
UPX! , UPX0 , -> C:\WINDOWS\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 10/01/2005 17:17:24 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> C:\WINDOWS\VPTNFILE.594 -> [Ver = | Size = 14814185 bytes | Modified Date = 22/04/2005 15:01:26 | Attr = ]
UPX! , aspack , -> C:\WINDOWS\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 18/02/2005 19:40:14 | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 31/03/2003 23:00:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\LMIinit.dll -> LogMeIn, Inc. [Ver = 2.30.559 | Size = 11504 bytes | Modified Date = 06/10/2006 19:56:04 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\LMImirr.dll -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 23024 bytes | Modified Date = 06/10/2006 19:56:04 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\LMImirr2.dll -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 9584 bytes | Modified Date = 06/10/2006 19:56:06 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\LMIport.dll -> 3am Labs, Inc. [Ver = 0.2.0.0 | Size = 13040 bytes | Modified Date = 06/10/2006 19:56:06 | Attr = ]
UPX! , -> C:\WINDOWS\System32\locate.com -> [Ver = | Size = 11254 bytes | Modified Date = 30/11/2006 19:41:44 | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 31/03/2003 23:00:00 | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 31/03/2003 23:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> C:\WINDOWS\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Modified Date = 18/12/2006 17:37:30 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\drivers\LMImirr.sys -> LogMeIn, Inc. [Ver = 2.30.542 | Size = 8048 bytes | Modified Date = 06/10/2006 19:56:16 | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 16:41:38 | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:32 PM

Posted 24 December 2006 - 09:04 AM

Hi mrpugowski. I do not see any signs of viruses or malware in the log. It is clean.

For the hibernation issue, my guess is that the batterymiser program probably changed the power settings to hibernate to conserve battery power. You can modify the power settings in the Control Panel. If you do not wish to have the computer go into hibernation then disable the hibernation option.

For non-malware related performance issues I suggest posting in the XP forum here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/ . They can assist with a more in-depth system analysis to see if anything is causing a performance degradation. Let them know that you have already been to this forum and that no malware was found.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users