Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Install Programs. .exe Errors


  • Please log in to reply
13 replies to this topic

#1 thx524

thx524

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 28 January 2007 - 09:10 PM

I got hit by Drive Cleaner and it gave me a lot of other probs. It killed Zone Alarm & Avast almost instantly. Now I'm not able to install most programs. I did everything on the list before posting, but I can't install most of the programs it said to. I did do all the online checks and it looks better. But I could use some help. Here are a couple of the errors I get " C:\WINDOWS\system32\ZoneLabs\vsmon.exe could not be opened "
" Local machine: installation failed
Installation:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory "

Thanx in advance.

Logfile of HijackThis v1.99.1
Scan saved at 5:56:33 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Zane\LOCALS~1\Temp\Rar$EX02.063\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Edited by thx524, 28 January 2007 - 09:11 PM.


BC AdBot (Login to Remove)

 


m

#2 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 29 January 2007 - 10:53 PM

Can somebody please Help?

#3 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 01 February 2007 - 01:27 AM

I'm really stuck here now. I've tried to go into SafeMode and it will not let me. It keeps rebooting everytime I do it. Please guys I'm only getting on the net to check here for help. Not really wanting any new probs so I've been off line ALOT and it blows. So a little help would be MUCH appreciated. Thanx in advance again.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:32 AM

Posted 06 February 2007 - 12:52 PM

Hello thx524 and welcome to the BC HijackThis forum. There is nothing showing in the lgo so I don't think that anything is active at this time.

When you say you "got hit by Drive Cleaner", did you install it? Drive Cleaner is a legit application but there is a rogue version out there that, if installed can report alot of false positives in an attempt to get you to pay for a registration. Other than that, there are no reports of any system changes.

A couple of things you can try:

-uninstall ZoneAlarm and Avast and then try reinstalling them.
-try a system restore back to a point prior to the Drive Cleaner installation.

If that doesn't resolve it, then one other scanner that will look at a few more system areas is WinPFind3. Run that and post the log back here.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 08 February 2007 - 09:44 PM

Thanx for looking into my issue. Avast/ZoneAlarm are uninstalled and I can't install them or any other programs. I also can't go into safe mode for some reason.

WinPFind3 logfile created on: 2/8/2007 6:23:54 PM
WinPFind3U by OldTimer - Version 1.0.16 Folder = C:\Documents and Settings\Zane\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

490976 Kb Total Physical Memory | 262368 Kb Available Physical Memory | 53.44% Memory free
1152532 Kb Paging File | 997256 Kb Available in Paging File | 86.53% Paging File free
Paging file location(s): C:\pagefile.sys 2 2;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19543040 Kb Total Space | 9528300 Kb Free Space | 48.76% Space Free
Drive D: | 39086112 Kb Total Space | 19186912 Kb Free Space | 49.09% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 9:29:26 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 6:00:20 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
pg2.exe -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 5:40:42 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 9/24/2005 12:46:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 10/24/2006 4:10:18 PM | Attr = ]
zboard.exe -> %ProgramFiles%\Ideazon\Zboard Software\Driver\Zboard.exe -> Ideazon [Ver = 4, 7, 7, 0 | Size = 217088 bytes | Modified Date = 5/2/2005 2:41:40 PM | Attr = ]
zboardtray.exe -> %ProgramFiles%\Ideazon\Zboard Software\Driver\ZboardTray.exe -> [Ver = 1, 0, 0, 1 | Size = 380928 bytes | Modified Date = 5/2/2005 2:41:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> File not found
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> File not found
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashWebSv.exe -> File not found
(DCSPGSRV) DiamondCS ProcessGuard Service v3.410 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ProcessGuard\dcsuserprot.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 12/3/2006 8:53:56 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.0.00.05270 | Size = 53337 bytes | Modified Date = 5/27/2004 12:14:58 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/8/2003 8:31:02 PM | Attr = R ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.0.00.05270 | Size = 69718 bytes | Modified Date = 5/27/2004 12:13:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 6:00:20 PM | Attr = ]
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 9:29:26 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 86016 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/23/2006 11:51:34 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 9/24/2005 12:46:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 5:40:42 PM | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1269760 bytes | Modified Date = 1/12/2007 2:54:54 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/2006 4:10:18 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> SsiEfr.e; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> WRLogonNTF.dll -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ZboardTray -> "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8195 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Reg Data - Key not found ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.7.1024 | Size = 387584 bytes | Modified Date = 5/6/2004 11:13:28 AM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 102400 bytes | Modified Date = 2/23/2006 2:56:34 PM | Attr = ]
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> Reg Data - Key not found [TrojanHunter Menu Shell Extension] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2021 | Size = 49198 bytes | Modified Date = 9/24/2005 12:46:06 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{41765295-42F9-42CA-AF08-FEE2842EF1B4} -> () ->
{67CDF38C-94A5-4153-9D84-229751DCDDDF} -> (Realtek RTL8029(AS)-based Ethernet Adapter (Generic)) ->
{7130329B-21F9-478B-B648-E52C0E1F4AC3} -> (Motorola SURFboard SB5101 USB Cable Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8204.9740972222 ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx ->


[Files - Created Within 60 days]
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 14413968 bytes | Created Date = 1/28/2007 1:11:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier ->
DriveCleaner Removel.doc -> %UserDesktop%\DriveCleaner Removel.doc -> [Ver = | Size = 28160 bytes | Created Date = 1/21/2007 11:34:07 PM | Attr = ]
Process Guard 3.410setup.exe -> %UserDesktop%\Process Guard 3.410setup.exe -> DiamondCS [Ver = 3.410 | Size = 1599732 bytes | Created Date = 1/7/2007 8:05:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Process Guard 3.410setup.exe:Zone.Identifier ->
smitRem.exe -> %UserDesktop%\smitRem.exe -> [Ver = | Size = 383836 bytes | Created Date = 1/21/2007 11:13:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier ->
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 1/28/2007 12:39:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 1/21/2007 11:37:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
Vundo Removel.doc -> %UserDesktop%\Vundo Removel.doc -> [Ver = | Size = 31232 bytes | Created Date = 1/21/2007 11:37:02 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0002 | Size = 97792 bytes | Created Date = 1/21/2007 11:37:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinHound Removel.doc -> %UserDesktop%\WinHound Removel.doc -> [Ver = | Size = 240640 bytes | Created Date = 1/21/2007 11:12:29 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342353 bytes | Created Date = 2/8/2007 6:21:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
delfiles.cmd -> %UserDesktop%\smitRem\delfiles.cmd -> [Ver = | Size = 3451 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
dumphive.exe -> %UserDesktop%\smitRem\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
eTrust Antivirus Web Scanner.url -> %UserDesktop%\smitRem\eTrust Antivirus Web Scanner.url -> [Ver = | Size = 184 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
getsts.exe -> %UserDesktop%\smitRem\getsts.exe -> [Ver = | Size = 40960 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
Process.exe -> %UserDesktop%\smitRem\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
pv.exe -> %UserDesktop%\smitRem\pv.exe -> [Ver = | Size = 61440 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
replace.cmd -> %UserDesktop%\smitRem\replace.cmd -> [Ver = | Size = 16824 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
replaceIE7.cmd -> %UserDesktop%\smitRem\replaceIE7.cmd -> [Ver = | Size = 2605 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
RunThis.bat -> %UserDesktop%\smitRem\RunThis.bat -> [Ver = | Size = 1077203 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
swreg.exe -> %UserDesktop%\smitRem\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
2005_W4.pdf -> %UserDesktop%\Stuff\2005_W4.pdf -> [Ver = | Size = 50385 bytes | Created Date = 12/19/2006 5:02:05 PM | Attr = ]
2400_Form_Washington.doc -> %UserDesktop%\Stuff\2400_Form_Washington.doc -> [Ver = | Size = 45056 bytes | Created Date = 12/19/2006 5:02:58 PM | Attr = ]
avg75free_432a904.exe -> %UserDesktop%\Stuff\avg75free_432a904.exe -> [Ver = | Size = 18257616 bytes | Created Date = 1/7/2007 8:41:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avg75free_432a904.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 1/7/2007 8:40:29 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
Direct_Dep_PS_3050.doc -> %UserDesktop%\Stuff\Direct_Dep_PS_3050.doc -> [Ver = | Size = 112128 bytes | Created Date = 12/19/2006 5:02:47 PM | Attr = ]
FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> %UserDesktop%\Stuff\FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> [Ver = | Size = 31232 bytes | Created Date = 12/19/2006 5:03:30 PM | Attr = ]
FSC_Welcome_Letter_2.06.doc -> %UserDesktop%\Stuff\FSC_Welcome_Letter_2.06.doc -> [Ver = | Size = 80384 bytes | Created Date = 12/19/2006 5:03:19 PM | Attr = ]
gmer.zip -> %UserDesktop%\Stuff\gmer.zip -> [Ver = | Size = 490698 bytes | Created Date = 2/2/2007 5:42:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\gmer.zip:Zone.Identifier ->
hijackthis.zip -> %UserDesktop%\Stuff\hijackthis.zip -> [Ver = | Size = 212849 bytes | Created Date = 1/7/2007 8:08:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\hijackthis.zip:Zone.Identifier ->
I_9_List_of_Documents.doc -> %UserDesktop%\Stuff\I_9_List_of_Documents.doc -> [Ver = | Size = 121856 bytes | Created Date = 12/19/2006 5:01:35 PM | Attr = ]
Mandatory_Portability_Service_Claimed_Form.doc -> %UserDesktop%\Stuff\Mandatory_Portability_Service_Claimed_Form.doc -> [Ver = | Size = 62464 bytes | Created Date = 12/19/2006 5:02:21 PM | Attr = ]
New_Hire_Checklist_2.06.doc -> %UserDesktop%\Stuff\New_Hire_Checklist_2.06.doc -> [Ver = | Size = 39936 bytes | Created Date = 12/19/2006 5:03:09 PM | Attr = ]
Prior_Svc_Claimed.doc -> %UserDesktop%\Stuff\Prior_Svc_Claimed.doc -> [Ver = | Size = 73216 bytes | Created Date = 12/19/2006 5:01:53 PM | Attr = ]
setupengAvast.exe -> %UserDesktop%\Stuff\setupengAvast.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Created Date = 1/4/2007 1:29:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\setupengAvast.exe:Zone.Identifier ->
spywareblastersetup351.exe -> %UserDesktop%\Stuff\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Created Date = 1/22/2007 12:58:29 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\spywareblastersetup351.exe:Zone.Identifier ->
zlsSetup_70_302_000_en.exe -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe -> [Ver = | Size = 39994008 bytes | Created Date = 1/22/2007 1:30:09 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe:Zone.Identifier ->
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Created Date = 2/8/2007 6:23:08 PM | Attr = ]
Panda Antivirus + Firewall 2007 [multilang].iso -> %UserDesktop%\Stuff\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Antivirus + Firewall 2007 [multilang].iso -> [Ver = | Size = 130279424 bytes | Created Date = 1/28/2007 12:10:44 AM | Attr = ]
Panda Titanium 2007-Antivirus + Antispyware.exe -> %UserDesktop%\Stuff\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Titanium 2007-Antivirus + Antispyware.exe -> [Ver = | Size = 37791768 bytes | Created Date = 1/28/2007 12:09:27 AM | Attr = ]
100%.jpg -> %UserDocuments%\My Pictures\100%.jpg -> [Ver = | Size = 10876 bytes | Created Date = 12/23/2006 12:43:26 PM | Attr = ]
605891469.jpg -> %UserDocuments%\My Pictures\605891469.jpg -> [Ver = | Size = 3588 bytes | Created Date = 12/12/2006 11:10:31 PM | Attr = ]
Perfect_Panties.jpg -> %UserDocuments%\My Pictures\Perfect_Panties.jpg -> [Ver = | Size = 8351 bytes | Created Date = 12/23/2006 11:54:08 AM | Attr = ]
xFASF.bmp -> %UserDocuments%\My Pictures\xFASF.bmp -> [Ver = | Size = 29278 bytes | Created Date = 12/11/2006 11:19:48 PM | Attr = ]
Panda Titanium 2007-Antivirus + Antispyware.exe -> %UserDocuments%\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Titanium 2007-Antivirus + Antispyware.exe -> [Ver = | Size = 37791768 bytes | Created Date = 1/28/2007 12:08:18 AM | Attr = ]
DSC00212.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00212.JPG -> [Ver = | Size = 63234 bytes | Created Date = 12/18/2006 6:02:19 PM | Attr = ]
DSC00213.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00213.JPG -> [Ver = | Size = 64295 bytes | Created Date = 12/19/2006 4:43:32 PM | Attr = ]
DSC00214.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00214.JPG -> [Ver = | Size = 67187 bytes | Created Date = 12/19/2006 4:43:43 PM | Attr = ]
DSC00215.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00215.JPG -> [Ver = | Size = 74467 bytes | Created Date = 12/19/2006 4:44:00 PM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\PS3_009.jpg -> [Ver = | Size = 53287 bytes | Created Date = 12/19/2006 4:44:11 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Created Date = 1/3/2007 11:34:38 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db:encryptable ->
PS3_003.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_003.jpg -> [Ver = | Size = 66308 bytes | Created Date = 1/3/2007 11:35:36 AM | Attr = ]
PS3_004.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_004.jpg -> [Ver = | Size = 55372 bytes | Created Date = 1/3/2007 11:35:46 AM | Attr = ]
PS3_006.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_006.jpg -> [Ver = | Size = 65068 bytes | Created Date = 1/3/2007 11:35:58 AM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_009.jpg -> [Ver = | Size = 65846 bytes | Created Date = 1/3/2007 11:36:10 AM | Attr = ]
PS3_013.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_013.jpg -> [Ver = | Size = 64634 bytes | Created Date = 1/3/2007 11:36:22 AM | Attr = ]
PS3_014.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_014.jpg -> [Ver = | Size = 64575 bytes | Created Date = 1/3/2007 11:36:30 AM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Created Date = 1/3/2007 11:35:45 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db:encryptable ->
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69714 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.0.0.28844 | Size = 5632 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Created Date = 1/28/2007 12:11:58 AM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 753664 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 274432 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 184320 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Created Date = 1/28/2007 12:11:58 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/20/2007 2:46:01 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/20/2007 2:45:12 PM | Attr = ]
pghash.dat -> %System32%\pghash.dat -> [Ver = | Size = 121476 bytes | Created Date = 1/12/2007 12:49:53 PM | Attr = ]
pguard.dat -> %System32%\pguard.dat -> [Ver = | Size = 175120 bytes | Created Date = 1/12/2007 12:49:53 PM | Attr = ]
SmartMenuXP.dll -> %System32%\SmartMenuXP.dll -> VBSmart [Ver = 2.07.0004 | Size = 28672 bytes | Created Date = 1/1/2007 12:53:27 PM | Attr = ]
SmartMenuXP.ocx -> %System32%\SmartMenuXP.ocx -> VBSmart [Ver = 1.08.0005 | Size = 233472 bytes | Created Date = 1/1/2007 12:53:27 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 1/7/2007 7:52:35 PM | Attr = R ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/20/2007 2:45:12 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 1/7/2007 8:44:44 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 1/29/2007 8:29:09 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 1/29/2007 8:29:09 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
procguard.sys -> %System32%\drivers\procguard.sys -> DiamondCS [Ver = v3.410 | Size = 26688 bytes | Created Date = 1/7/2007 8:16:10 PM | Attr = ]

[Files - Modified Within 60 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502829056 bytes | Modified Date = 2/8/2007 6:18:44 PM | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 101888 bytes | Modified Date = 1/28/2007 12:34:30 AM | Attr = ]
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 14413968 bytes | Modified Date = 1/28/2007 1:11:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier ->
DriveCleaner Removel.doc -> %UserDesktop%\DriveCleaner Removel.doc -> [Ver = | Size = 28160 bytes | Modified Date = 1/21/2007 11:34:10 PM | Attr = ]
Process Guard 3.410setup.exe -> %UserDesktop%\Process Guard 3.410setup.exe -> DiamondCS [Ver = 3.410 | Size = 1599732 bytes | Modified Date = 1/7/2007 8:05:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Process Guard 3.410setup.exe:Zone.Identifier ->
smitRem.exe -> %UserDesktop%\smitRem.exe -> [Ver = | Size = 383836 bytes | Modified Date = 1/21/2007 11:13:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier ->
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 1/28/2007 12:40:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 1/21/2007 11:37:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
Vundo Removel.doc -> %UserDesktop%\Vundo Removel.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/21/2007 11:37:04 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0002 | Size = 97792 bytes | Modified Date = 1/21/2007 11:37:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinHound Removel.doc -> %UserDesktop%\WinHound Removel.doc -> [Ver = | Size = 240640 bytes | Modified Date = 1/21/2007 11:12:32 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342353 bytes | Modified Date = 2/8/2007 6:21:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
2005_W4.pdf -> %UserDesktop%\Stuff\2005_W4.pdf -> [Ver = | Size = 50385 bytes | Modified Date = 12/19/2006 5:02:02 PM | Attr = ]
2400_Form_Washington.doc -> %UserDesktop%\Stuff\2400_Form_Washington.doc -> [Ver = | Size = 45056 bytes | Modified Date = 12/19/2006 5:02:56 PM | Attr = ]
avg75free_432a904.exe -> %UserDesktop%\Stuff\avg75free_432a904.exe -> [Ver = | Size = 18257616 bytes | Modified Date = 1/7/2007 8:41:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avg75free_432a904.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 1/7/2007 8:40:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
Direct_Dep_PS_3050.doc -> %UserDesktop%\Stuff\Direct_Dep_PS_3050.doc -> [Ver = | Size = 112128 bytes | Modified Date = 12/19/2006 5:02:44 PM | Attr = ]
FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> %UserDesktop%\Stuff\FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> [Ver = | Size = 31232 bytes | Modified Date = 12/19/2006 5:03:28 PM | Attr = ]
FSC_Welcome_Letter_2.06.doc -> %UserDesktop%\Stuff\FSC_Welcome_Letter_2.06.doc -> [Ver = | Size = 80384 bytes | Modified Date = 12/19/2006 5:03:18 PM | Attr = ]
gmer.zip -> %UserDesktop%\Stuff\gmer.zip -> [Ver = | Size = 490698 bytes | Modified Date = 2/2/2007 5:42:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\gmer.zip:Zone.Identifier ->
hijackthis.zip -> %UserDesktop%\Stuff\hijackthis.zip -> [Ver = | Size = 212849 bytes | Modified Date = 1/7/2007 8:08:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\hijackthis.zip:Zone.Identifier ->
I_9_List_of_Documents.doc -> %UserDesktop%\Stuff\I_9_List_of_Documents.doc -> [Ver = | Size = 121856 bytes | Modified Date = 12/19/2006 5:01:26 PM | Attr = ]
Mandatory_Portability_Service_Claimed_Form.doc -> %UserDesktop%\Stuff\Mandatory_Portability_Service_Claimed_Form.doc -> [Ver = | Size = 62464 bytes | Modified Date = 12/19/2006 5:02:16 PM | Attr = ]
New_Hire_Checklist_2.06.doc -> %UserDesktop%\Stuff\New_Hire_Checklist_2.06.doc -> [Ver = | Size = 39936 bytes | Modified Date = 12/19/2006 5:03:06 PM | Attr = ]
Prior_Svc_Claimed.doc -> %UserDesktop%\Stuff\Prior_Svc_Claimed.doc -> [Ver = | Size = 73216 bytes | Modified Date = 12/19/2006 5:01:48 PM | Attr = ]
setupengAvast.exe -> %UserDesktop%\Stuff\setupengAvast.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 1/4/2007 1:29:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\setupengAvast.exe:Zone.Identifier ->
spywareblastersetup351.exe -> %UserDesktop%\Stuff\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 1/22/2007 12:58:30 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\spywareblastersetup351.exe:Zone.Identifier ->
zlsSetup_70_302_000_en.exe -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe -> [Ver = | Size = 39994008 bytes | Modified Date = 1/28/2007 5:29:04 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe:Zone.Identifier ->
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
Turn you on.doc -> %UserDocuments%\Turn you on.doc -> [Ver = | Size = 40448 bytes | Modified Date = 12/12/2006 8:49:20 PM | Attr = ]
100%.jpg -> %UserDocuments%\My Pictures\100%.jpg -> [Ver = | Size = 10876 bytes | Modified Date = 12/23/2006 12:43:28 PM | Attr = ]
605891469.jpg -> %UserDocuments%\My Pictures\605891469.jpg -> [Ver = | Size = 3588 bytes | Modified Date = 12/12/2006 11:10:20 PM | Attr = ]
Perfect_Panties.jpg -> %UserDocuments%\My Pictures\Perfect_Panties.jpg -> [Ver = | Size = 8351 bytes | Modified Date = 12/23/2006 11:53:58 AM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Thumbs.db -> [Ver = | Size = 1274880 bytes | Modified Date = 1/3/2007 11:35:16 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Thumbs.db:encryptable ->
xFASF.bmp -> %UserDocuments%\My Pictures\xFASF.bmp -> [Ver = | Size = 29278 bytes | Modified Date = 12/11/2006 11:19:50 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\Thumbs.db -> [Ver = | Size = 228352 bytes | Modified Date = 1/3/2007 11:35:16 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\Thumbs.db:encryptable ->
DSC00212.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00212.JPG -> [Ver = | Size = 63234 bytes | Modified Date = 12/18/2006 6:02:08 PM | Attr = ]
DSC00213.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00213.JPG -> [Ver = | Size = 64295 bytes | Modified Date = 12/19/2006 4:43:30 PM | Attr = ]
DSC00214.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00214.JPG -> [Ver = | Size = 67187 bytes | Modified Date = 12/19/2006 4:43:42 PM | Attr = ]
DSC00215.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00215.JPG -> [Ver = | Size = 74467 bytes | Modified Date = 12/19/2006 4:43:58 PM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\PS3_009.jpg -> [Ver = | Size = 53287 bytes | Modified Date = 12/19/2006 4:44:10 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Modified Date = 1/3/2007 11:34:42 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db:encryptable ->
PS3_003.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_003.jpg -> [Ver = | Size = 66308 bytes | Modified Date = 1/3/2007 11:35:02 AM | Attr = ]
PS3_004.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_004.jpg -> [Ver = | Size = 55372 bytes | Modified Date = 1/3/2007 11:35:46 AM | Attr = ]
PS3_006.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_006.jpg -> [Ver = | Size = 65068 bytes | Modified Date = 1/3/2007 11:35:58 AM | Attr = ]
PS3_009.jpg -> %UserDocume

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:32 AM

Posted 09 February 2007 - 06:12 PM

Hi thx524. The entire log was too big to fit in 1 post. Please note where it ends and post the rest in a 2nd post.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 11 February 2007 - 01:21 AM

My bad. Here is a new one. Thanx again.

WinPFind3 logfile created on: 2/10/2007 10:03:15 PM
WinPFind3U by OldTimer - Version 1.0.16 Folder = C:\Documents and Settings\Zane\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

490976 Kb Total Physical Memory | 263236 Kb Available Physical Memory | 53.61% Memory free
1152532 Kb Paging File | 1000940 Kb Available in Paging File | 86.85% Paging File free
Paging file location(s): C:\pagefile.sys 2 2;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19543040 Kb Total Space | 9521316 Kb Free Space | 48.72% Space Free
Drive D: | 39086112 Kb Total Space | 19186912 Kb Free Space | 49.09% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 9:29:26 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 6:00:20 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
pg2.exe -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 5:40:42 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 9/24/2005 12:46:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
zboard.exe -> %ProgramFiles%\Ideazon\Zboard Software\Driver\Zboard.exe -> Ideazon [Ver = 4, 7, 7, 0 | Size = 217088 bytes | Modified Date = 5/2/2005 2:41:40 PM | Attr = ]
zboardtray.exe -> %ProgramFiles%\Ideazon\Zboard Software\Driver\ZboardTray.exe -> [Ver = 1, 0, 0, 1 | Size = 380928 bytes | Modified Date = 5/2/2005 2:41:08 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> File not found
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> File not found
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashWebSv.exe -> File not found
(DCSPGSRV) DiamondCS ProcessGuard Service v3.410 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ProcessGuard\dcsuserprot.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 12/3/2006 8:53:56 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.0.00.05270 | Size = 53337 bytes | Modified Date = 5/27/2004 12:14:58 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/8/2003 8:31:02 PM | Attr = R ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.0.00.05270 | Size = 69718 bytes | Modified Date = 5/27/2004 12:13:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 6:00:20 PM | Attr = ]
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 9:29:26 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 86016 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 4/23/2006 11:51:34 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 9/24/2005 12:46:00 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 5:40:42 PM | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1269760 bytes | Modified Date = 1/12/2007 2:54:54 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/2006 4:10:18 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> SsiEfr.e; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> WRLogonNTF.dll -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ZboardTray -> "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://search.msn.com/spbasic.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8195 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Reg Data - Key not found ->
{85d1f590-48f4-11d9-9669-0800200c9a66} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.4.7.1024 | Size = 387584 bytes | Modified Date = 5/6/2004 11:13:28 AM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 102400 bytes | Modified Date = 2/23/2006 2:56:34 PM | Attr = ]
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7] -> File not found
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> Reg Data - Key not found [TrojanHunter Menu Shell Extension] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2021 | Size = 49198 bytes | Modified Date = 9/24/2005 12:46:06 AM | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Modified Date = 6/1/2006 4:22:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast] -> File not found
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{41765295-42F9-42CA-AF08-FEE2842EF1B4} -> () ->
{67CDF38C-94A5-4153-9D84-229751DCDDDF} -> (Realtek RTL8029(AS)-based Ethernet Adapter (Generic)) ->
{7130329B-21F9-478B-B648-E52C0E1F4AC3} -> (Motorola SURFboard SB5101 USB Cable Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8204.9740972222 ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx ->


[Files - Created Within 60 days]
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 14413968 bytes | Created Date = 1/28/2007 1:11:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier ->
DriveCleaner Removel.doc -> %UserDesktop%\DriveCleaner Removel.doc -> [Ver = | Size = 28160 bytes | Created Date = 1/21/2007 11:34:07 PM | Attr = ]
Process Guard 3.410setup.exe -> %UserDesktop%\Process Guard 3.410setup.exe -> DiamondCS [Ver = 3.410 | Size = 1599732 bytes | Created Date = 1/7/2007 8:05:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Process Guard 3.410setup.exe:Zone.Identifier ->
smitRem.exe -> %UserDesktop%\smitRem.exe -> [Ver = | Size = 383836 bytes | Created Date = 1/21/2007 11:13:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier ->
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 1/28/2007 12:39:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Created Date = 1/21/2007 11:37:53 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
Vundo Removel.doc -> %UserDesktop%\Vundo Removel.doc -> [Ver = | Size = 31232 bytes | Created Date = 1/21/2007 11:37:02 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0002 | Size = 97792 bytes | Created Date = 1/21/2007 11:37:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinHound Removel.doc -> %UserDesktop%\WinHound Removel.doc -> [Ver = | Size = 240640 bytes | Created Date = 1/21/2007 11:12:29 PM | Attr = ]
delfiles.cmd -> %UserDesktop%\smitRem\delfiles.cmd -> [Ver = | Size = 3451 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
dumphive.exe -> %UserDesktop%\smitRem\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
eTrust Antivirus Web Scanner.url -> %UserDesktop%\smitRem\eTrust Antivirus Web Scanner.url -> [Ver = | Size = 184 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
getsts.exe -> %UserDesktop%\smitRem\getsts.exe -> [Ver = | Size = 40960 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
Process.exe -> %UserDesktop%\smitRem\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
pv.exe -> %UserDesktop%\smitRem\pv.exe -> [Ver = | Size = 61440 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
replace.cmd -> %UserDesktop%\smitRem\replace.cmd -> [Ver = | Size = 16824 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
replaceIE7.cmd -> %UserDesktop%\smitRem\replaceIE7.cmd -> [Ver = | Size = 2605 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
RunThis.bat -> %UserDesktop%\smitRem\RunThis.bat -> [Ver = | Size = 1077203 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
swreg.exe -> %UserDesktop%\smitRem\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 1/27/2007 11:53:28 PM | Attr = ]
2005_W4.pdf -> %UserDesktop%\Stuff\2005_W4.pdf -> [Ver = | Size = 50385 bytes | Created Date = 12/19/2006 5:02:05 PM | Attr = ]
2400_Form_Washington.doc -> %UserDesktop%\Stuff\2400_Form_Washington.doc -> [Ver = | Size = 45056 bytes | Created Date = 12/19/2006 5:02:58 PM | Attr = ]
avg75free_432a904.exe -> %UserDesktop%\Stuff\avg75free_432a904.exe -> [Ver = | Size = 18257616 bytes | Created Date = 1/7/2007 8:41:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avg75free_432a904.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 1/7/2007 8:40:29 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
Direct_Dep_PS_3050.doc -> %UserDesktop%\Stuff\Direct_Dep_PS_3050.doc -> [Ver = | Size = 112128 bytes | Created Date = 12/19/2006 5:02:47 PM | Attr = ]
FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> %UserDesktop%\Stuff\FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> [Ver = | Size = 31232 bytes | Created Date = 12/19/2006 5:03:30 PM | Attr = ]
FSC_Welcome_Letter_2.06.doc -> %UserDesktop%\Stuff\FSC_Welcome_Letter_2.06.doc -> [Ver = | Size = 80384 bytes | Created Date = 12/19/2006 5:03:19 PM | Attr = ]
gmer.zip -> %UserDesktop%\Stuff\gmer.zip -> [Ver = | Size = 490698 bytes | Created Date = 2/2/2007 5:42:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\gmer.zip:Zone.Identifier ->
hijackthis.zip -> %UserDesktop%\Stuff\hijackthis.zip -> [Ver = | Size = 212849 bytes | Created Date = 1/7/2007 8:08:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\hijackthis.zip:Zone.Identifier ->
I_9_List_of_Documents.doc -> %UserDesktop%\Stuff\I_9_List_of_Documents.doc -> [Ver = | Size = 121856 bytes | Created Date = 12/19/2006 5:01:35 PM | Attr = ]
Mandatory_Portability_Service_Claimed_Form.doc -> %UserDesktop%\Stuff\Mandatory_Portability_Service_Claimed_Form.doc -> [Ver = | Size = 62464 bytes | Created Date = 12/19/2006 5:02:21 PM | Attr = ]
New_Hire_Checklist_2.06.doc -> %UserDesktop%\Stuff\New_Hire_Checklist_2.06.doc -> [Ver = | Size = 39936 bytes | Created Date = 12/19/2006 5:03:09 PM | Attr = ]
Prior_Svc_Claimed.doc -> %UserDesktop%\Stuff\Prior_Svc_Claimed.doc -> [Ver = | Size = 73216 bytes | Created Date = 12/19/2006 5:01:53 PM | Attr = ]
setupengAvast.exe -> %UserDesktop%\Stuff\setupengAvast.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Created Date = 1/4/2007 1:29:45 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\setupengAvast.exe:Zone.Identifier ->
spywareblastersetup351.exe -> %UserDesktop%\Stuff\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Created Date = 1/22/2007 12:58:29 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\spywareblastersetup351.exe:Zone.Identifier ->
ZANE_Resume3.DOC -> %UserDesktop%\Stuff\ZANE_Resume3.DOC -> [Ver = | Size = 33280 bytes | Created Date = 2/8/2007 8:44:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume3.DOC:Zone.Identifier ->
ZANE_Resume4.DOC -> %UserDesktop%\Stuff\ZANE_Resume4.DOC -> [Ver = | Size = 34304 bytes | Created Date = 2/8/2007 8:45:39 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume4.DOC:Zone.Identifier ->
ZANE_Resume5.DOC -> %UserDesktop%\Stuff\ZANE_Resume5.DOC -> [Ver = | Size = 36352 bytes | Created Date = 2/8/2007 8:45:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume5.DOC:Zone.Identifier ->
ZANE_Resume_NEW.DOC -> %UserDesktop%\Stuff\ZANE_Resume_NEW.DOC -> [Ver = | Size = 33280 bytes | Created Date = 2/8/2007 8:45:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW.DOC:Zone.Identifier ->
ZANE_Resume_NEW__2_.DOC -> %UserDesktop%\Stuff\ZANE_Resume_NEW__2_.DOC -> [Ver = | Size = 32768 bytes | Created Date = 2/8/2007 8:45:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW__2_.DOC:Zone.Identifier ->
zlsSetup_70_302_000_en.exe -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe -> [Ver = | Size = 39994008 bytes | Created Date = 1/22/2007 1:30:09 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe:Zone.Identifier ->
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Created Date = 2/8/2007 6:23:08 PM | Attr = ]
winpfind3uinstall.exe -> %UserDesktop%\WinPFind3u\winpfind3uinstall.exe -> [Ver = | Size = 342353 bytes | Created Date = 2/8/2007 6:21:33 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind3u\winpfind3uinstall.exe:Zone.Identifier ->
Panda Antivirus + Firewall 2007 [multilang].iso -> %UserDesktop%\Stuff\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Antivirus + Firewall 2007 [multilang].iso -> [Ver = | Size = 130279424 bytes | Created Date = 1/28/2007 12:10:44 AM | Attr = ]
Panda Titanium 2007-Antivirus + Antispyware.exe -> %UserDesktop%\Stuff\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Titanium 2007-Antivirus + Antispyware.exe -> [Ver = | Size = 37791768 bytes | Created Date = 1/28/2007 12:09:27 AM | Attr = ]
100%.jpg -> %UserDocuments%\My Pictures\100%.jpg -> [Ver = | Size = 10876 bytes | Created Date = 12/23/2006 12:43:26 PM | Attr = ]
Perfect_Panties.jpg -> %UserDocuments%\My Pictures\Perfect_Panties.jpg -> [Ver = | Size = 8351 bytes | Created Date = 12/23/2006 11:54:08 AM | Attr = ]
Panda Titanium 2007-Antivirus + Antispyware.exe -> %UserDocuments%\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Titanium 2007-Antivirus + Antispyware.exe -> [Ver = | Size = 37791768 bytes | Created Date = 1/28/2007 12:08:18 AM | Attr = ]
DSC00212.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00212.JPG -> [Ver = | Size = 63234 bytes | Created Date = 12/18/2006 6:02:19 PM | Attr = ]
DSC00213.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00213.JPG -> [Ver = | Size = 64295 bytes | Created Date = 12/19/2006 4:43:32 PM | Attr = ]
DSC00214.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00214.JPG -> [Ver = | Size = 67187 bytes | Created Date = 12/19/2006 4:43:43 PM | Attr = ]
DSC00215.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00215.JPG -> [Ver = | Size = 74467 bytes | Created Date = 12/19/2006 4:44:00 PM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\PS3_009.jpg -> [Ver = | Size = 53287 bytes | Created Date = 12/19/2006 4:44:11 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Created Date = 1/3/2007 11:34:38 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db:encryptable ->
PS3_003.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_003.jpg -> [Ver = | Size = 66308 bytes | Created Date = 1/3/2007 11:35:36 AM | Attr = ]
PS3_004.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_004.jpg -> [Ver = | Size = 55372 bytes | Created Date = 1/3/2007 11:35:46 AM | Attr = ]
PS3_006.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_006.jpg -> [Ver = | Size = 65068 bytes | Created Date = 1/3/2007 11:35:58 AM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_009.jpg -> [Ver = | Size = 65846 bytes | Created Date = 1/3/2007 11:36:10 AM | Attr = ]
PS3_013.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_013.jpg -> [Ver = | Size = 64634 bytes | Created Date = 1/3/2007 11:36:22 AM | Attr = ]
PS3_014.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_014.jpg -> [Ver = | Size = 64575 bytes | Created Date = 1/3/2007 11:36:30 AM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Created Date = 1/3/2007 11:35:45 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db:encryptable ->
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69714 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.0.0.28844 | Size = 5632 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Created Date = 1/28/2007 12:11:58 AM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 753664 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 274432 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 184320 bytes | Created Date = 1/28/2007 12:11:59 AM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Created Date = 1/28/2007 12:11:58 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/20/2007 2:46:01 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/20/2007 2:45:12 PM | Attr = ]
pghash.dat -> %System32%\pghash.dat -> [Ver = | Size = 121476 bytes | Created Date = 1/12/2007 12:49:53 PM | Attr = ]
pguard.dat -> %System32%\pguard.dat -> [Ver = | Size = 175120 bytes | Created Date = 1/12/2007 12:49:53 PM | Attr = ]
SmartMenuXP.dll -> %System32%\SmartMenuXP.dll -> VBSmart [Ver = 2.07.0004 | Size = 28672 bytes | Created Date = 1/1/2007 12:53:27 PM | Attr = ]
SmartMenuXP.ocx -> %System32%\SmartMenuXP.ocx -> VBSmart [Ver = 1.08.0005 | Size = 233472 bytes | Created Date = 1/1/2007 12:53:27 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 1/7/2007 7:52:35 PM | Attr = R ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/20/2007 2:45:12 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 1/7/2007 8:44:44 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 1/29/2007 8:29:09 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 1/29/2007 8:29:09 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 2/2/2007 5:43:12 PM | Attr = ]
procguard.sys -> %System32%\drivers\procguard.sys -> DiamondCS [Ver = v3.410 | Size = 26688 bytes | Created Date = 1/7/2007 8:16:10 PM | Attr = ]

[Files - Modified Within 60 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502829056 bytes | Modified Date = 2/10/2007 9:59:58 PM | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 101888 bytes | Modified Date = 1/28/2007 12:34:30 AM | Attr = ]
antivir_workstation_win7u_en_h.exe -> %UserDesktop%\antivir_workstation_win7u_en_h.exe -> [Ver = | Size = 14413968 bytes | Modified Date = 1/28/2007 1:11:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier ->
DriveCleaner Removel.doc -> %UserDesktop%\DriveCleaner Removel.doc -> [Ver = | Size = 28160 bytes | Modified Date = 1/21/2007 11:34:10 PM | Attr = ]
Process Guard 3.410setup.exe -> %UserDesktop%\Process Guard 3.410setup.exe -> DiamondCS [Ver = 3.410 | Size = 1599732 bytes | Modified Date = 1/7/2007 8:05:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Process Guard 3.410setup.exe:Zone.Identifier ->
smitRem.exe -> %UserDesktop%\smitRem.exe -> [Ver = | Size = 383836 bytes | Modified Date = 1/21/2007 11:13:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier ->
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 1/28/2007 12:40:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
VirtumundoBeGone.exe -> %UserDesktop%\VirtumundoBeGone.exe -> Business Information Solutions [Ver = 1.5 | Size = 96978 bytes | Modified Date = 1/21/2007 11:37:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
Vundo Removel.doc -> %UserDesktop%\Vundo Removel.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/21/2007 11:37:04 PM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0002 | Size = 97792 bytes | Modified Date = 1/21/2007 11:37:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinHound Removel.doc -> %UserDesktop%\WinHound Removel.doc -> [Ver = | Size = 240640 bytes | Modified Date = 1/21/2007 11:12:32 PM | Attr = ]
2005_W4.pdf -> %UserDesktop%\Stuff\2005_W4.pdf -> [Ver = | Size = 50385 bytes | Modified Date = 12/19/2006 5:02:02 PM | Attr = ]
2400_Form_Washington.doc -> %UserDesktop%\Stuff\2400_Form_Washington.doc -> [Ver = | Size = 45056 bytes | Modified Date = 12/19/2006 5:02:56 PM | Attr = ]
avg75free_432a904.exe -> %UserDesktop%\Stuff\avg75free_432a904.exe -> [Ver = | Size = 18257616 bytes | Modified Date = 1/7/2007 8:41:46 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avg75free_432a904.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 1/7/2007 8:40:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
Direct_Dep_PS_3050.doc -> %UserDesktop%\Stuff\Direct_Dep_PS_3050.doc -> [Ver = | Size = 112128 bytes | Modified Date = 12/19/2006 5:02:44 PM | Attr = ]
FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> %UserDesktop%\Stuff\FSC_Job_Offer_Confirmation_WA_12.26_pm.doc -> [Ver = | Size = 31232 bytes | Modified Date = 12/19/2006 5:03:28 PM | Attr = ]
FSC_Welcome_Letter_2.06.doc -> %UserDesktop%\Stuff\FSC_Welcome_Letter_2.06.doc -> [Ver = | Size = 80384 bytes | Modified Date = 12/19/2006 5:03:18 PM | Attr = ]
gmer.zip -> %UserDesktop%\Stuff\gmer.zip -> [Ver = | Size = 490698 bytes | Modified Date = 2/2/2007 5:42:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\gmer.zip:Zone.Identifier ->
hijackthis.zip -> %UserDesktop%\Stuff\hijackthis.zip -> [Ver = | Size = 212849 bytes | Modified Date = 1/7/2007 8:08:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\hijackthis.zip:Zone.Identifier ->
I_9_List_of_Documents.doc -> %UserDesktop%\Stuff\I_9_List_of_Documents.doc -> [Ver = | Size = 121856 bytes | Modified Date = 12/19/2006 5:01:26 PM | Attr = ]
Mandatory_Portability_Service_Claimed_Form.doc -> %UserDesktop%\Stuff\Mandatory_Portability_Service_Claimed_Form.doc -> [Ver = | Size = 62464 bytes | Modified Date = 12/19/2006 5:02:16 PM | Attr = ]
New_Hire_Checklist_2.06.doc -> %UserDesktop%\Stuff\New_Hire_Checklist_2.06.doc -> [Ver = | Size = 39936 bytes | Modified Date = 12/19/2006 5:03:06 PM | Attr = ]
Prior_Svc_Claimed.doc -> %UserDesktop%\Stuff\Prior_Svc_Claimed.doc -> [Ver = | Size = 73216 bytes | Modified Date = 12/19/2006 5:01:48 PM | Attr = ]
setupengAvast.exe -> %UserDesktop%\Stuff\setupengAvast.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 1/4/2007 1:29:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\setupengAvast.exe:Zone.Identifier ->
spywareblastersetup351.exe -> %UserDesktop%\Stuff\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 1/22/2007 12:58:30 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\spywareblastersetup351.exe:Zone.Identifier ->
ZANE_Resume3.DOC -> %UserDesktop%\Stuff\ZANE_Resume3.DOC -> [Ver = | Size = 33280 bytes | Modified Date = 2/8/2007 8:44:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume3.DOC:Zone.Identifier ->
ZANE_Resume4.DOC -> %UserDesktop%\Stuff\ZANE_Resume4.DOC -> [Ver = | Size = 34304 bytes | Modified Date = 2/8/2007 8:45:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume4.DOC:Zone.Identifier ->
ZANE_Resume5.DOC -> %UserDesktop%\Stuff\ZANE_Resume5.DOC -> [Ver = | Size = 36352 bytes | Modified Date = 2/8/2007 8:45:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume5.DOC:Zone.Identifier ->
ZANE_Resume_NEW.DOC -> %UserDesktop%\Stuff\ZANE_Resume_NEW.DOC -> [Ver = | Size = 33280 bytes | Modified Date = 2/8/2007 8:45:16 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW.DOC:Zone.Identifier ->
ZANE_Resume_NEW__2_.DOC -> %UserDesktop%\Stuff\ZANE_Resume_NEW__2_.DOC -> [Ver = | Size = 32768 bytes | Modified Date = 2/8/2007 8:45:04 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW__2_.DOC:Zone.Identifier ->
zlsSetup_70_302_000_en.exe -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe -> [Ver = | Size = 39994008 bytes | Modified Date = 1/28/2007 5:29:04 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe:Zone.Identifier ->
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
winpfind3uinstall.exe -> %UserDesktop%\WinPFind3u\winpfind3uinstall.exe -> [Ver = | Size = 342353 bytes | Modified Date = 2/8/2007 6:21:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind3u\winpfind3uinstall.exe:Zone.Identifier ->
100%.jpg -> %UserDocuments%\My Pictures\100%.jpg -> [Ver = | Size = 10876 bytes | Modified Date = 12/23/2006 12:43:28 PM | Attr = ]
Perfect_Panties.jpg -> %UserDocuments%\My Pictures\Perfect_Panties.jpg -> [Ver = | Size = 8351 bytes | Modified Date = 12/23/2006 11:53:58 AM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Thumbs.db -> [Ver = | Size = 1274880 bytes | Modified Date = 1/3/2007 11:35:16 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Thumbs.db:encryptable ->
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\Thumbs.db -> [Ver = | Size = 228352 bytes | Modified Date = 1/3/2007 11:35:16 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\Thumbs.db:encryptable ->
DSC00212.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00212.JPG -> [Ver = | Size = 63234 bytes | Modified Date = 12/18/2006 6:02:08 PM | Attr = ]
DSC00213.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00213.JPG -> [Ver = | Size = 64295 bytes | Modified Date = 12/19/2006 4:43:30

#8 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 11 February 2007 - 01:23 AM

DSC00215.JPG -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\DSC00215.JPG -> [Ver = | Size = 74467 bytes | Modified Date = 12/19/2006 4:43:58 PM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\PS3_009.jpg -> [Ver = | Size = 53287 bytes | Modified Date = 12/19/2006 4:44:10 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Modified Date = 1/3/2007 11:34:42 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db:encryptable ->
PS3_003.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_003.jpg -> [Ver = | Size = 66308 bytes | Modified Date = 1/3/2007 11:35:02 AM | Attr = ]
PS3_004.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_004.jpg -> [Ver = | Size = 55372 bytes | Modified Date = 1/3/2007 11:35:46 AM | Attr = ]
PS3_006.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_006.jpg -> [Ver = | Size = 65068 bytes | Modified Date = 1/3/2007 11:35:58 AM | Attr = ]
PS3_009.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_009.jpg -> [Ver = | Size = 65846 bytes | Modified Date = 1/3/2007 11:36:10 AM | Attr = ]
PS3_013.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_013.jpg -> [Ver = | Size = 64634 bytes | Modified Date = 1/3/2007 11:36:22 AM | Attr = ]
PS3_014.jpg -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\PS3_014.jpg -> [Ver = | Size = 64575 bytes | Modified Date = 1/3/2007 11:36:30 AM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db -> [Ver = | Size = 24576 bytes | Modified Date = 1/3/2007 11:39:00 AM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db:encryptable ->
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Modified Date = 1/28/2007 12:12:00 AM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Modified Date = 1/28/2007 12:12:00 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/10/2007 10:00:04 PM | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 2/2/2007 5:43:14 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 2/2/2007 5:44:56 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/2/2007 5:43:14 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/13/2006 3:04:46 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/19/2006 3:23:48 PM | Attr = H ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 754 bytes | Modified Date = 1/20/2007 2:50:16 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2677 bytes | Modified Date = 1/6/2007 1:56:28 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/20/2007 2:45:14 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 63804 bytes | Modified Date = 2/10/2007 10:00:26 PM | Attr = ]
pghash.dat -> %System32%\pghash.dat -> [Ver = | Size = 121476 bytes | Modified Date = 1/28/2007 1:52:26 PM | Attr = ]
pguard.dat -> %System32%\pguard.dat -> [Ver = | Size = 175120 bytes | Modified Date = 1/28/2007 1:12:40 PM | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 1/7/2007 7:52:40 PM | Attr = R ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/20/2007 2:45:14 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49109 bytes | Modified Date = 1/28/2007 5:29:52 PM | Attr = H ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Modified Date = 1/8/2007 2:28:52 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 394160 bytes | Modified Date = 1/8/2007 2:29:54 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 157424 bytes | Modified Date = 1/8/2007 2:28:52 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 104176 bytes | Modified Date = 1/8/2007 2:28:52 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 272112 bytes | Modified Date = 1/8/2007 2:28:54 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 472816 bytes | Modified Date = 1/8/2007 2:28:56 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 100080 bytes | Modified Date = 1/8/2007 2:28:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 2/10/2007 10:01:02 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 2/2/2007 5:43:14 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %AllUsersDocuments%\My Pictures\Sample Pictures\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\antivir_workstation_win7u_en_h.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\BLMInstall265.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\DuoXmodinstruction.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\dvd2xbox07_4.rar:Zone.Identifier ->
UPX0 , -> %UserDesktop%\halozero_1.8.6.3.zip -> [Ver = | Size = 21755354 bytes | Modified Date = 4/17/2006 6:18:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Process Guard 3.410setup.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\RivaTuner20RC16-[Guru3D.com].exe -> [Ver = | Size = 1373412 bytes | Modified Date = 6/13/2006 6:48:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\robin.mov:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Scramble_2005.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\smitRem.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\smitRem.exe -> [Ver = | Size = 383836 bytes | Modified Date = 1/21/2007 11:13:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SteamInstall.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VirtumundoBeGone.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Volt_Cover_letter.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0002 | Size = 97792 bytes | Modified Date = 1/21/2007 11:37:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ZANE_Resume.DOC:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\smitRem\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 10/13/2006 11:00:24 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avg75free_432a904.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\gmer.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\hijackthis.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\setupengAvast.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\Stuff\setupengAvast.exe -> [Ver = 1, 1, 0, 0 | Size = 12099848 bytes | Modified Date = 1/4/2007 1:29:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\spywareblastersetup351.exe:Zone.Identifier ->
Thawte Consulting , -> %UserDesktop%\Stuff\spywareblastersetup351.exe -> Javacool Software LLC [Ver = 3.5.1 | Size = 2566736 bytes | Modified Date = 1/22/2007 12:58:30 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume3.DOC:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume4.DOC:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume5.DOC:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW.DOC:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\ZANE_Resume_NEW__2_.DOC:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe:Zone.Identifier ->
UPX0 , -> %UserDesktop%\Stuff\zlsSetup_70_302_000_en.exe -> [Ver = | Size = 39994008 bytes | Modified Date = 1/28/2007 5:29:04 PM | Attr = ]
File scan skipped for file %UserDesktop%\Stuff\Panda Antivirus + Firewall 2007 [multilang - serial]\Panda Antivirus + Firewall 2007 [multilang].iso -> File size too big (130279424 bytes) ->
UPX! , FSG! , PEC2 , PECompact2 , Umonitor , qoologic , aspack , PTech , urllogic , ad-beh , ad-behNior.com , sYVLLSAKY , _rtneg3 , SAHAgent , buddy.exe , ZepMon , aurora.exe , ;2x(V]@BMD , Tlji7Mk , urllogic , KavSvc , 69.59.186.63 , 209.66.67.134 , 66.63.167.97 , 66.63.167.77 , abetterinternet.com , 8B!7F\(T , testpopup , web-nex , yourkey , winsync , rec2_run , WinShutDown , ad-w-a-r-e.com , WSUD , Call (RPC) Help , lightspeedsarch , NIWU.UWIN , UpackByDwing , MZKERNEL32.DLL , UPX0 , nspack$ , Win32 only! , Thawte Consulting , USERTRUST , CNNIC , -> %UserDesktop%\WinPFind3u\patterns.txt -> [Ver = | Size = 510 bytes | Modified Date = 12/13/2006 8:30:30 PM | Attr = ]
UPX! , FSG! , PEC2 , PECompact2 , Umonitor , qoologic , aspack , PTech , urllogic , ad-beh , ad-behNior.com , sYVLLSAKY , _rtneg3 , SAHAgent , buddy.exe , ZepMon , aurora.exe , ;2x(V]@BMD , Tlji7Mk , urllogic , KavSvc , 69.59.186.63 , 209.66.67.134 , 66.63.167.97 , 66.63.167.77 , abetterinternet.com , 8B!7F\(T , testpopup , web-nex , yourkey , winsync , rec2_run , WinShutDown , ad-w-a-r-e.com , WSUD , Call (RPC) Help , lightspeedsarch , NIWU.UWIN , UpackByDwing , MZKERNEL32.DLL , UPX0 , nspack$ , Win32 only! , Thawte Consulting , USERTRUST , CNNIC , -> %UserDesktop%\WinPFind3u\WinPFind3.Txt -> [Ver = | Size = 75589 bytes | Modified Date = 2/8/2007 6:37:58 PM | Attr = ]
PEC2 , PECompact2 , -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.16.0 | Size = 308736 bytes | Modified Date = 2/7/2007 8:23:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind3u\winpfind3uinstall.exe:Zone.Identifier ->
WSUD , -> %UserDocuments%\My Music\iTunes\iTunes Music\Boyz II Men\Full Circle\01 Relax Your Mind.m4a -> [Ver = | Size = 3989716 bytes | Modified Date = 6/1/2005 7:29:20 PM | Attr = ]
FSG! , -> %UserDocuments%\My Music\iTunes\iTunes Music\Kelly Clarkson\Thankful\Miss Independent.m4a -> [Ver = | Size = 3491921 bytes | Modified Date = 6/1/2005 7:30:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\hitler throwing football.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Jason Band Member.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Jasons other band.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Life Sucks.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Pisser.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Sean_and_puppies.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Sexydress.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera Cabo2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera Cabo3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera N Bebe.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera_Chris.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera_MM_Softball_2005_005.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tamera_N_Zane_2004.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tameree 2004 XMas Party2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tameree 2004 XMas Party3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tameree 2004 XMas Party4.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Tameree 2004 XMas Party5.jpg:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\troll.jpeg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\woohoo.gif:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Zane1.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Zane2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Zane3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Zane4.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\My_Ring from Tamera.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera 3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera 4.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera 5.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera BowlingNight.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera Cabo.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera N Alex.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Friends Cabo.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Friends Cabo2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Lynette 2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Lynette.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Nicole 2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Nicole.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera N the kids.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Zane 2004-2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Zane 2004-3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera n Zane 2004.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera Sad.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_1.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_and_Work_Girls.JPG:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Cesars_Security.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Chris 2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Group.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Lisa_bridal_shower.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Mac_Attack_Group_Photo.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_MM_Softball_2005_004.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Naked_Man.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Pretty_Toes.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tamera_Sean_luc.JPG:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tameree 2004 XMas Party.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Tameree 2004 XMas Party7.jpg:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\1 Tamera\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tamera 3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tamera BowlingNight.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tamera n Friends Cabo2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tamera_Lisa_bridal_shower.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tamera_Mac_Attack_Group_Photo.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tameree 2004 XMas Party3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Tameree 2004 XMas Party4.jpg:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\1 Tamera\Originals\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\20GB\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Craigs List Pics\60GB\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tamera BowlingNight.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tamera n Lynette 2.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tamera n Lynette.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tameree 2004 XMas Party.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tameree 2004 XMas Party3.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\Originals\Tameree 2004 XMas Party7.jpg:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Originals\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\temp\Scan01.tiff:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\My Pictures\temp_1\Scan05_01_18_1326.tif:Zone.Identifier ->
File scan skipped for file %UserAppData%\Google\GoogleEarth\dbCache.dat -> File size too big (110744612 bytes) ->
qoologic , SAHAgent , -> %UserAppData%\Lavasoft\Ad-Aware\description.ini -> [Ver = | Size = 130746 bytes | Modified Date = 1/28/2007 2:12:32 PM | Attr = ]
Thawte Consulting , -> %UserAppData%\Microsoft\CryptnetUrlCache\Content\2BBA88436E92E1ABCED8E68D74DC5B38 -> [Ver = | Size = 261986 bytes | Modified Date = 10/28/2004 3:04:42 PM | Attr = S]
Thawte Consulting , -> %UserAppData%\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 -> [Ver = | Size = 34807 bytes | Modified Date = 1/20/2007 3:55:30 PM | Attr = S]
Thawte Consulting , -> %UserAppData%\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 -> [Ver = | Size = 330303 bytes | Modified Date = 1/20/2007 3:55:30 PM | Attr = S]
Thawte Consulting , -> %UserAppData%\Microsoft\CryptnetUrlCache\Content\CA0D73613D6B64246BFCA3B839EE4E43 -> [Ver = | Size = 807 bytes | Modified Date = 7/28/2006 11:01:02 AM | Attr = S]
FSG! , -> %UserAppData%\Mozilla\Profiles\default\1ublwtre.slt\Cache\_CACHE_003_ -> [Ver = | Size = 1671168 bytes | Modified Date = 8/6/2005 9:34:30 AM | Attr = ]
PEC2 , WSUD , UPX0 , -> %LocalAppData%\Identities\{85B05AE4-888D-4C96-B0AB-6AE8D74742EC}\Microsoft\Outlook Express\Hotmail - Inbox.dbx -> [Ver = | Size = 5909204 bytes | Modified Date = 1/20/2007 3:47:48 PM | Attr = ]
WSUD , -> %LocalAppData%\Identities\{85B05AE4-888D-4C96-B0AB-6AE8D74742EC}\Microsoft\Outlook Express\Hotmail - Sent Items.dbx -> [Ver = | Size = 5188308 bytes | Modified Date = 1/20/2007 3:47:50 PM | Attr = ]
WSUD , -> %LocalAppData%\Identities\{85B05AE4-888D-4C96-B0AB-6AE8D74742EC}\Microsoft\Outlook Express\Outbox.dbx -> [Ver = | Size = 1125076 bytes | Modified Date = 1/20/2007 3:47:52 PM | Attr = ]
WSUD , -> %LocalAppData%\Mozilla\Firefox\Profiles\cu5t09fn.default\Cache\7216B8AEd01 -> [Ver = | Size = 29514 bytes | Modified Date = 1/3/2007 2:38:06 PM | Attr = ]
WSUD , -> %LocalAppData%\Mozilla\Firefox\Profiles\cu5t09fn.default\Cache\E774FF33d01 -> [Ver = | Size = 29227 bytes | Modified Date = 1/3/2007 2:38:38 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 6/4/2004 9:07:50 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 3/2/2006 4:18:34 PM | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 1/12/1999 11:29:28 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 743016 bytes | Modified Date = 9/24/2005 12:46:18 AM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 892, 0 | Size = 666240 bytes | Modified Date = 9/25/2006 7:45:08 AM | Attr = ]
UPX! , UPX0 , -> %System32%\cpuinf32.dll -> [Ver = | Size = 9216 bytes | Modified Date = 9/17/2001 12:20:02 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.97 | Size = 74240 bytes | Modified Date = 11/20/2003 2:42:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MonkeySource.ax -> [Ver = | Size = 183296 bytes | Modified Date = 1/6/2004 10:02:06 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\webupl50.ocx -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.1284 | Size = 170248 bytes | Modified Date = 7/9/2003 5:21:24 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 3/31/2003 4:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ]

< End of report >

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:32 AM

Posted 11 February 2007 - 09:20 AM

Hi thx524. Ok, let's try this.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YY -> (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe
YY -> (avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe
YY -> (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashMaiSv.exe
YY -> (avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Avast4\ashWebSv.exe
YY -> (DCSPGSRV) DiamondCS ProcessGuard Service v3.410 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\ProcessGuard\dcsuserprot.exe
[Registry - Non-Microsoft Only]
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
YN -> BootExecute -> SsiEfr.e;
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> WRLogonNTF.dll
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [&Yahoo! Messenger]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
YN -> {472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast]
YN -> {D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7]
YN -> {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKLM] -> Reg Data - Key not found [TrojanHunter Menu Shell Extension]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
YN -> {472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
YN -> {472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> [avast]
YN -> {D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> Reg Data - Key not found [BitDefender Antivirus v7]
[Files - Created Within 60 days]
NY -> pghash.dat -> %System32%\pghash.dat
NY -> pguard.dat -> %System32%\pguard.dat
NY -> AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys
NY -> procguard.sys -> %System32%\drivers\procguard.sys
[Files - Modified Within 60 days]
NY -> vsdata.dll -> %System32%\vsdata.dll
NY -> vsdatant.sys -> %System32%\vsdatant.sys
NY -> vsinit.dll -> %System32%\vsinit.dll
NY -> vsmonapi.dll -> %System32%\vsmonapi.dll
NY -> vspubapi.dll -> %System32%\vspubapi.dll
NY -> vsutil.dll -> %System32%\vsutil.dll
NY -> vsxml.dll -> %System32%\vsxml.dll
[ Extra Files ]
c:\Program Files\Alwil Software\
c:\Program Files\ProcessGuard\


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 11 February 2007 - 12:26 PM

[Win32 Services - Non-Microsoft Only]
Service aswUpdSv stopped successfully.
Service aswUpdSv deleted successfully.
File C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe not found.
Service avast! Antivirus stopped successfully.
Service avast! Antivirus deleted successfully.
File C:\Program Files\Alwil Software\Avast4\ashServ.exe not found.
Service avast! Mail Scanner stopped successfully.
Service avast! Mail Scanner deleted successfully.
File C:\Program Files\Avast4\ashMaiSv.exe not found.
Service avast! Web Scanner stopped successfully.
Service avast! Web Scanner deleted successfully.
File C:\Program Files\Avast4\ashWebSv.exe not found.
Service DCSPGSRV stopped successfully.
Service DCSPGSRV deleted successfully.
File C:\Program Files\ProcessGuard\dcsuserprot.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{472083B0-C522-11CF-8763-00608CC02F24} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\avast deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\avast deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v7 deleted successfully.
[Files - Created Within 60 days]
C:\WINDOWS\SYSTEM32\pghash.dat moved successfully.
C:\WINDOWS\SYSTEM32\pguard.dat moved successfully.
C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys moved successfully.
C:\WINDOWS\SYSTEM32\drivers\procguard.sys moved successfully.
[Files - Modified Within 60 days]
C:\WINDOWS\SYSTEM32\vsdata.dll moved successfully.
C:\WINDOWS\SYSTEM32\vsdatant.sys moved successfully.
C:\WINDOWS\SYSTEM32\vsinit.dll moved successfully.
C:\WINDOWS\SYSTEM32\vsmonapi.dll moved successfully.
C:\WINDOWS\SYSTEM32\vspubapi.dll moved successfully.
C:\WINDOWS\SYSTEM32\vsutil.dll moved successfully.
C:\WINDOWS\SYSTEM32\vsxml.dll moved successfully.
[ Extra Files ]
Folder c:\Program Files\Alwil Software\ not found.
Folder c:\Program Files\ProcessGuard\ not found.
< End of log >
Created on 02/11/2007 09:24:34

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:32 AM

Posted 11 February 2007 - 05:15 PM

Hi thx524. It looks like everything processed correctly. Now try installing your AV and firewall and see what happens.

If you get any error messages write them down completely and post them back here so I can see what they are saying.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 13 February 2007 - 01:11 AM

Thanx again for all the help. Now I'm tryin to reinstall and I get this.

ZoneAlarm-1001-English

ZoneAlarm-1001-English ahs encountered a problem and needs to close. We are sorry for you inconvenience.
Error signature
AppName: glb19.tmp AppVer: 7.0.302.0 ModName: Kernel32.dll
ModVer: 5.1.2600.2945 Offset: 00012a5b

Technical Report
C:\DOCUME~1\Zane\LOCALS~1\Temp\e5a5_appcompat.txt
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="GLB19.tmp" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="021207213711\fbl.dll" SIZE="128744" CHECKSUM="0x31BBC97" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Feature based licensing library" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Feature based licensing library" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="Fbl.dll" INTERNAL_NAME="Fbl" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x28677" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:49" UPTO_LINK_DATE="01/08/2007 21:07:49" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\featuremap.dll" SIZE="38640" CHECKSUM="0x4FD4640D" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Product to feature mapping" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Product to feature mapping" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="FeatureMap.dll" INTERNAL_NAME="FeatureMap" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11C37" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:55" UPTO_LINK_DATE="01/08/2007 21:07:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\vsavpro.dll" SIZE="108272" CHECKSUM="0xC54942B5" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsavpro.dll" INTERNAL_NAME="vsavpro" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DB9D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:08" UPTO_LINK_DATE="01/08/2007 22:25:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\vsdata.dll" SIZE="83696" CHECKSUM="0xF61820A" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service DLL" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service DLL" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdata.dll" INTERNAL_NAME="vsdata" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23653" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:09" UPTO_LINK_DATE="01/08/2007 22:25:09" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\vsdb.dll" SIZE="79600" CHECKSUM="0x5942A5D9" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdb.dll" INTERNAL_NAME="vsdb" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15798" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:13" UPTO_LINK_DATE="01/08/2007 22:25:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\vsinit.dll" SIZE="157424" CHECKSUM="0x7C432E64" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsinit.dll" INTERNAL_NAME="vsinit" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2723D" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:31" UPTO_LINK_DATE="01/08/2007 22:25:31" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\vsutil.dll" SIZE="472816" CHECKSUM="0x4E4DBCCF" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsutil.dll" INTERNAL_NAME="vsutil" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7B773" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:30" UPTO_LINK_DATE="01/08/2007 22:25:30" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213711\zlunwise.exe" SIZE="162304" CHECKSUM="0xB1B81DAA" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="12/26/2000 21:47:59" UPTO_LINK_DATE="12/26/2000 21:47:59" />
<MATCHING_FILE NAME="021207213747\fbl.dll" SIZE="128744" CHECKSUM="0x31BBC97" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Feature based licensing library" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Feature based licensing library" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="Fbl.dll" INTERNAL_NAME="Fbl" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x28677" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:49" UPTO_LINK_DATE="01/08/2007 21:07:49" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\featuremap.dll" SIZE="38640" CHECKSUM="0x4FD4640D" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Product to feature mapping" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Product to feature mapping" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="FeatureMap.dll" INTERNAL_NAME="FeatureMap" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11C37" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:55" UPTO_LINK_DATE="01/08/2007 21:07:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\vsavpro.dll" SIZE="108272" CHECKSUM="0xC54942B5" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsavpro.dll" INTERNAL_NAME="vsavpro" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DB9D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:08" UPTO_LINK_DATE="01/08/2007 22:25:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\vsdata.dll" SIZE="83696" CHECKSUM="0xF61820A" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service DLL" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service DLL" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdata.dll" INTERNAL_NAME="vsdata" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23653" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:09" UPTO_LINK_DATE="01/08/2007 22:25:09" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\vsdb.dll" SIZE="79600" CHECKSUM="0x5942A5D9" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdb.dll" INTERNAL_NAME="vsdb" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15798" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:13" UPTO_LINK_DATE="01/08/2007 22:25:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\vsinit.dll" SIZE="157424" CHECKSUM="0x7C432E64" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsinit.dll" INTERNAL_NAME="vsinit" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2723D" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:31" UPTO_LINK_DATE="01/08/2007 22:25:31" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\vsutil.dll" SIZE="472816" CHECKSUM="0x4E4DBCCF" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsutil.dll" INTERNAL_NAME="vsutil" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7B773" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:30" UPTO_LINK_DATE="01/08/2007 22:25:30" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207213747\zlunwise.exe" SIZE="162304" CHECKSUM="0xB1B81DAA" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="12/26/2000 21:47:59" UPTO_LINK_DATE="12/26/2000 21:47:59" />
<MATCHING_FILE NAME="021207214852\fbl.dll" SIZE="128744" CHECKSUM="0x31BBC97" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Feature based licensing library" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Feature based licensing library" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="Fbl.dll" INTERNAL_NAME="Fbl" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x28677" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:49" UPTO_LINK_DATE="01/08/2007 21:07:49" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\featuremap.dll" SIZE="38640" CHECKSUM="0x4FD4640D" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="Product to feature mapping" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="Product to feature mapping" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="FeatureMap.dll" INTERNAL_NAME="FeatureMap" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11C37" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 21:07:55" UPTO_LINK_DATE="01/08/2007 21:07:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\vsavpro.dll" SIZE="108272" CHECKSUM="0xC54942B5" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsavpro.dll" INTERNAL_NAME="vsavpro" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DB9D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:08" UPTO_LINK_DATE="01/08/2007 22:25:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\vsdata.dll" SIZE="83696" CHECKSUM="0xF61820A" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service DLL" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service DLL" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdata.dll" INTERNAL_NAME="vsdata" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23653" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:09" UPTO_LINK_DATE="01/08/2007 22:25:09" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\vsdb.dll" SIZE="79600" CHECKSUM="0x5942A5D9" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsdb.dll" INTERNAL_NAME="vsdb" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15798" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:13" UPTO_LINK_DATE="01/08/2007 22:25:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\vsinit.dll" SIZE="157424" CHECKSUM="0x7C432E64" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsinit.dll" INTERNAL_NAME="vsinit" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2723D" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:31" UPTO_LINK_DATE="01/08/2007 22:25:31" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\vsutil.dll" SIZE="472816" CHECKSUM="0x4E4DBCCF" BIN_FILE_VERSION="7.0.302.0" BIN_PRODUCT_VERSION="7.0.302.0" PRODUCT_VERSION="7.0.302.000" FILE_DESCRIPTION="TrueVector Service" COMPANY_NAME="Zone Labs, LLC" PRODUCT_NAME="TrueVector Service" FILE_VERSION="7.0.302.000" ORIGINAL_FILENAME="vsutil.dll" INTERNAL_NAME="vsutil" LEGAL_COPYRIGHT="Copyright © 1998-2006, Zone Labs, LLC" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7B773" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.302.0" UPTO_BIN_PRODUCT_VERSION="7.0.302.0" LINK_DATE="01/08/2007 22:25:30" UPTO_LINK_DATE="01/08/2007 22:25:30" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="021207214852\zlunwise.exe" SIZE="162304" CHECKSUM="0xB1B81DAA" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" LINK_DATE="12/26/2000 21:47:59" UPTO_LINK_DATE="12/26/2000 21:47:59" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="984064" CHECKSUM="0xF12E1D4A" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF724D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:55:00" UPTO_LINK_DATE="07/05/2006 10:55:00" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="984064" CHECKSUM="0xF12E1D4A" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF724D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:55:00" UPTO_LINK_DATE="07/05/2006 10:55:00" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>


Install SpyBot and then try to run and get:
Windows is searching or SpybotSD.exe

Nearest match based on size, dat and type:
C:\Program Files\q330994.exe


Install SpyBot and then try to run and get:
Windows is searching or ashAvast.exe

Nearest match based on size, dat and type:
C:\Program Files\q330994.exe

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:32 AM

Posted 18 February 2007 - 05:12 PM

Hi thx524. Sorry for the delay, I was working on another project for a bit.

It looks like either the registry is damaged or the Windows installation itself. There are a couple of options. Once is a wipe and reinstall but you will lose all of the data on the hard drive. The other is a repair install which will install the operating system back over the top of itself and save whatever data is currently on the system. If the registry is damaged then any applications that do not work properly after the repair install might have to be reinstalled also.

A repair install has a few caveats so if you want to try that first then you should pop over to the XP forum and they can help you through it. It is different for different versions of XP and service pack levels.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 thx524

thx524
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 18 February 2007 - 06:33 PM

Hey no worries, your helping me. Thanx again, and I'll head over and check it out. I will make sure to donate as soon as I fix my stuff either way. You've been a big help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users