Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Normal "page Not Found" Anymore But...


  • This topic is locked This topic is locked
17 replies to this topic

#1 Moc

Moc

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 07 April 2007 - 08:52 AM

I have already scanned with SpyBot S&D, AdAware, And AVG. There must be something else wrong with it. Basically, if I accidentally type an address wrong or if I type in a random string of letters into the URL box (something I know doesn't exist) it brings up any number of randomly named sites with links to innapropriate pages. Examples of the site names include:

Yahoopolicycentre.com
hostunavailable.com
hotproductz.com

Hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 15:36:23, on 07/04/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DmwClient] "dmwclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{8092E38F-1F1A-45FC-AFB1-F45E44374F3A}: NameServer = 85.255.116.53,85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F825957-A097-4353-81C4-E770F2F99662}: NameServer = 85.255.116.53,85.255.112.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.116
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.116
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Can someone please analyse this for me and than tell me how I can fix this?

Thanks!

Moc

BC AdBot (Login to Remove)

 


#2 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 07 April 2007 - 10:08 AM

Anyone PLEASE?!

Edited by Moc, 07 April 2007 - 02:22 PM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 10 April 2007 - 04:32 PM

Hello Moc and welcome to the BC HijackThis forum. Let's get a little more information.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 13 April 2007 - 07:29 AM

Sorry for the late reaction...
here it is

WinPFind3 logfile created on: 13/04/07 14:21:03
WinPFind3U by OldTimer - Version 1.0.34	Folder = D:\winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
 
1023,48 Mb Total Physical Memory | 614,02 Mb Available Physical Memory | 59,99% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 94,95 Gb Total Space | 53,00 Gb Free Space | 55,81% Space Free
Drive D: | 94,96 Gb Total Space | 51,59 Gb Free Space | 54,33% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TIJN
Current User Name: Tijn Kuyper
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrobat_sl.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 46200 bytes | Modified Date = 23/10/06 2:40:14 | Attr =	]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]
atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]
fbguard.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
fbserver.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 21/03/07 18:17:40 | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
winpfind3u.exe -> D:\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 10/04/07 22:00:18 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/01/07 13:03:02 | Attr =	]
(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]
(lxcf_device) lxcf_device [Win32_Own | On_Demand | Stopped] -> %System32%\lxcfcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 25/07/05 21:25:18 | Attr =	]
(NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Norman\Nvc\BIN\nipsvc.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 ->  -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
DmwClient -> dmwclient.exe -> File not found
LXCFCATS -> %System32%\spool\drivers\w32x86\3\lxcftime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/05 19:47:32 | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 86016 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 1495040 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/06 16:57:48 | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 15/11/04 12:20:20 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 -> 
MAPI -> Installed = 1 -> 
MSFS -> Installed = 1 -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 26/02/07 17:24:50 | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.214 | Size = 25370152 bytes | Modified Date = 29/01/07 16:36:52 | Attr =	]
< Common Startup > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ->  [Ver =  | Size = 295606 bytes | Modified Date = 15/03/07 17:16:26 | Attr = R  ]
%AllUsersStartup%\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/06 1:01:50 | Attr =	]
< User Startup > -> C:\Documents and Settings\Tijn Kuyper\Menu Start\Programma's\Opstarten
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/05 20:16:50 | Attr =	]
%UserStartup%\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2702928 bytes | Modified Date = 12/04/07 4:33:54 | Attr =	]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/06 16:13:28 | Attr =	]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
WRNotifier -> WRLogonNTF.dll -> File not found
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1  localhost  ->  -> 
< Internet Explorer Settings > -> 
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKLM: Local Page -> C:\windows\system32\blank.htm -> 
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Local Page -> C:\windows\system32\blank.htm -> 
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKCU: ProxyEnable -> 0 -> 
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/06 0:08:42 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/05 2:04:00 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
{C08DF07A-3E49-4E25-9AB0-D3882835F153} [HKLM] -> %SystemDrive%\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [QUICKfind BHO Object] -> File not found
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKLM] -> %ProgramFiles%\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 31/03/06 23:27:14 | Attr =	]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/06 4:23:26 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Onderzoek] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
E&xporteren naar Microsoft Excel ->  -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3BCC1353-4976-4A73-8EAC-13D3D4FCCB68} ->	() -> 
{8092E38F-1F1A-45FC-AFB1-F45E44374F3A} -> 85.255.116.53,85.255.112.116   (1394-netwerkkaart) -> 
{8F825957-A097-4353-81C4-E770F2F99662} -> 85.255.116.53,85.255.112.116   (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/07 13:50:48 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab -> 
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> 


[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 09/04/07 15:19:02 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 19/03/07 19:09:59 | Attr = RH ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 07/04/07 14:29:44 | Attr =	]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Created Date = 04/04/07 15:43:57 | Attr =  H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Created Date = 16/03/07 14:22:50 | Attr =  H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ ->  [Folder | Created Date = 16/03/07 14:24:43 | Attr =  H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Created Date = 13/04/07 13:11:14 | Attr =  H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Created Date = 13/04/07 13:11:21 | Attr =  H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Created Date = 13/04/07 13:12:09 | Attr =  H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Created Date = 13/04/07 13:10:52 | Attr =  H ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 23/03/07 16:17:15 | Attr =	]
Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Created Date = 20/03/07 15:34:54 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 12/04/07 15:36:33 | Attr =	]
Performance -> %SystemRoot%\Performance ->  [Folder | Created Date = 11/04/07 15:50:36 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/04/07 18:35:21 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/04/07 18:35:21 | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Created Date = 31/03/07 11:10:15 | Attr =	]
GDS32.DLL -> %System32%\GDS32.DLL -> The Firebird Project [Ver = WI-V6.3.2.4731 | Size = 356437 bytes | Created Date = 23/03/07 18:37:20 | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Created Date = 11/04/07 16:02:40 | Attr =	]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 09/04/07 16:19:04 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 01/04/07 15:55:02 | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 11/04/07 16:49:36 | Attr =  H ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 07/04/07 15:32:38 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 11/04/07 16:49:32 | Attr = R  ]
UT2004Demo -> %SystemDrive%\UT2004Demo ->  [Folder | Modified Date = 31/03/07 12:18:12 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 13/04/07 14:16:36 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/04/07 14:05:28 | Attr =  H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Modified Date = 04/04/07 16:44:00 | Attr =  H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Modified Date = 16/03/07 15:22:56 | Attr =  H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ ->  [Folder | Modified Date = 16/03/07 15:24:46 | Attr =  H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Modified Date = 13/04/07 14:11:16 | Attr =  H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Modified Date = 13/04/07 14:11:24 | Attr =  H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Modified Date = 13/04/07 14:12:12 | Attr =  H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Modified Date = 13/04/07 14:10:56 | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 06/04/07 0:31:16 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 13/04/07 14:16:28 | Attr =   S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 23/03/07 17:17:16 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 31/03/07 13:46:40 | Attr = R S]
Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Modified Date = 20/03/07 16:34:56 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/04/07 14:11:26 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/04/07 14:16:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 11/04/07 16:58:58 | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 12/04/07 16:36:36 | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]
Performance -> %SystemRoot%\Performance ->  [Folder | Modified Date = 11/04/07 16:50:38 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 13/04/07 14:17:38 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/04/07 19:35:22 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 12/04/07 16:41:06 | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 13/04/07 14:17:08 | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 850 bytes | Modified Date = 06/04/07 18:28:42 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 15/03/07 17:08:18 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 13/04/07 14:16:30 | Attr =  H ]
BASSMOD.dll -> %System32%\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 23/03/07 19:40:02 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 13/04/07 14:16:40 | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 06/04/07 0:30:50 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr = RHS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 309992 bytes | Modified Date = 04/04/07 16:49:36 | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Modified Date = 11/04/07 17:03:38 | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 23773 bytes | Modified Date = 13/04/07 14:16:44 | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 58732 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfc013.dat -> %System32%\perfc013.dat ->  [Ver =  | Size = 76816 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 392432 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfh013.dat -> %System32%\perfh013.dat ->  [Ver =  | Size = 455928 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 994602 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3122 bytes | Modified Date = 25/03/07 11:34:06 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13688 bytes | Modified Date = 13/04/07 14:17:28 | Attr =	]

[File String Scan - Non-Microsoft Only]
WSUD ,  -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.36 | Size = 16162816 bytes | Modified Date = 17/11/04 10:08:06 | Attr =	]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41122 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 01/02/07 6:56:06 | Attr =	]
UPX! , UPX0 ,  -> %System32%\OutlookBar.ocx -> UniCont Soft [Ver = 1.03.0002 | Size = 168960 bytes | Modified Date = 11/05/05 2:37:02 | Attr =	]
UPX! , UPX0 ,  -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Modified Date = 27/04/06 17:49:30 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/06 19:43:54 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 09/01/06 10:36:06 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/06 6:20:34 | Attr =	]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 14/03/07 8:55:02 | Attr =	]

< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 13 April 2007 - 08:17 AM

Hi Moc. Let's see if we can clean this up a bit.

Please download FixWareOut from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to the Desktop and run it.
Click Next, then Install, and make sure Run fixit is checked
Click: Finish

When the program starts; follow the prompts.
If a security alert appears, allow the program to run.
When asked to reboot the computer, please do.
If the system takes longer than usual to load, this is normal.

When the Desktop loads please post the text that opens (report.txt).

Then start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YN -> (NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Norman\Nvc\BIN\nipsvc.exe
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> WRLogonNTF.dll
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 13 April 2007 - 08:43 AM

Thanks for the help,
there you go:
Fixwareout Last edited 4/5/2007
Post this report in the forums please 
...
»»»»»Prerun check

»»»»» System restarted
 
»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. 



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"DmwClient"="\"dmwclient.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="\"C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe\""
"LXCFCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

[Win32 Services - Non-Microsoft Only]
Service NipSvc stopped successfully.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} deleted successfully.
< End of log >
Created on 04/13/2007 15:40:41

I dont get these pages anymore, but now a blank page.
Could that also be fixed?
Thanks

Edited by Moc, 13 April 2007 - 08:47 AM.


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 13 April 2007 - 11:27 AM

Hi Moc. A blank page when (or for what)?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 13 April 2007 - 12:40 PM

Hey,

Sorry for not explaining:

On the internet, when I just type a website which doesn't work, I get a blank page.
The title already says Page not found or something, but nowhere the "normal" error pages....

Thanks,

Moc

Edited by Moc, 13 April 2007 - 12:42 PM.


#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 13 April 2007 - 08:40 PM

Hi Moc. I don't use IE for anything so i don't know if that is normal behavior for IE7 or not.

You can try to reset IE7's default settings to see if that makes a difference. See this MS link: http://support.microsoft.com/kb/923737

Otherwise I would suggest asking in the Web Browsing/Email and Other Internet Applications forum to see if that is normal or not.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 14 April 2007 - 04:40 AM

I use Mozilla Firefox 2 :thumbsup:
Argh no blank page anymore, but again those pages mentioned in my very first post.


Moc

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 14 April 2007 - 07:55 AM

Hi Moc. Run a new WinPFind3u scan and post it back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 14 April 2007 - 08:29 AM

WinPFind3 logfile created on: 14/04/07 15:23:13

WinPFind3U by OldTimer - Version 1.0.34	Folder = D:\winpfind3u\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

1023,48 Mb Total Physical Memory | 589,31 Mb Available Physical Memory | 57,58% Memory free

2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,79% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 94,95 Gb Total Space | 53,11 Gb Free Space | 55,94% Space Free

Drive D: | 94,96 Gb Total Space | 51,81 Gb Free Space | 54,56% Space Free

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: TIJN

Current User Name: Tijn Kuyper

Logged in as Administrator.

Current Boot Mode: Normal





[Processes - Non-Microsoft Only]

acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]

atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]

fbguard.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]

fbserver.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]

fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]

gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]

nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

winpfind3u.exe -> D:\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 10/04/07 22:00:18 | Attr =	]

xfire.exe -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2702928 bytes | Modified Date = 12/04/07 4:33:54 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/01/07 13:03:02 | Attr =	]

(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]

(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]

(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]

(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]

(lxcf_device) lxcf_device [Win32_Own | On_Demand | Stopped] -> %System32%\lxcfcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 25/07/05 21:25:18 | Attr =	]

(NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Norman\Nvc\BIN\nipsvc.exe -> File not found

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 ->  -> File not found

!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]

{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]

Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]

DmwClient -> dmwclient.exe -> File not found

LXCFCATS -> %System32%\spool\drivers\w32x86\3\lxcftime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/05 19:47:32 | Attr =	]

NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 86016 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 1495040 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/06 16:57:48 | Attr =	]

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 15/11/04 12:20:20 | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\

IMAIL -> Installed = 1 -> 

MAPI -> Installed = 1 -> 

MSFS -> Installed = 1 -> 

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 26/02/07 17:24:50 | Attr =	]

Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.214 | Size = 25370152 bytes | Modified Date = 29/01/07 16:36:52 | Attr =	]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ->  [Ver =  | Size = 295606 bytes | Modified Date = 15/03/07 17:16:26 | Attr = R  ]

%AllUsersStartup%\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/06 1:01:50 | Attr =	]

< User Startup > -> C:\Documents and Settings\Tijn Kuyper\Menu Start\Programma's\Opstarten

%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/05 20:16:50 | Attr =	]

%UserStartup%\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2702928 bytes | Modified Date = 12/04/07 4:33:54 | Attr =	]

< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/06 16:13:28 | Attr =	]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts

127.0.0.1  localhost  ->  -> 

< Internet Explorer Settings > -> 

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKLM: Local Page -> C:\windows\system32\blank.htm -> 

HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKCU: Local Page -> C:\windows\system32\blank.htm -> 

HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKCU: ProxyEnable -> 0 -> 

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

msn.com [ - ] ->  -> 

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/06 0:08:42 | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/05 2:04:00 | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]

{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]

{C08DF07A-3E49-4E25-9AB0-D3882835F153} [HKLM] -> %SystemDrive%\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [QUICKfind BHO Object] -> File not found

{E5A1691B-D188-4419-AD02-90002030B8EE} [HKLM] -> %ProgramFiles%\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 31/03/06 23:27:14 | Attr =	]

< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/06 4:23:26 | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Onderzoek] -> File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\

Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found

Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found

Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found

Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found

Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found

Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found

Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found

Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found

E&xporteren naar Microsoft Excel ->  -> File not found

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\

{3BCC1353-4976-4A73-8EAC-13D3D4FCCB68} ->	() -> 

{8092E38F-1F1A-45FC-AFB1-F45E44374F3A} -> 85.255.116.53,85.255.112.116   (1394-netwerkkaart) -> 

{8F825957-A097-4353-81C4-E770F2F99662} -> 85.255.116.53,85.255.112.116   (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/07 13:50:48 | Attr = R  ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab -> 

{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 

{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab -> 

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -> 

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> 





[Files/Folders - Created Within 30 days]

!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 09/04/07 15:19:02 | Attr =	]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 19/03/07 19:09:59 | Attr = RH ]

fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 07/04/07 14:29:44 | Attr =	]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Created Date = 04/04/07 15:43:57 | Attr =  H ]

$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Created Date = 16/03/07 14:22:50 | Attr =  H ]

$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ ->  [Folder | Created Date = 16/03/07 14:24:43 | Attr =  H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Created Date = 13/04/07 13:11:14 | Attr =  H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Created Date = 13/04/07 13:11:21 | Attr =  H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Created Date = 13/04/07 13:12:09 | Attr =  H ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Created Date = 13/04/07 13:10:52 | Attr =  H ]

Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 23/03/07 16:17:15 | Attr =	]

Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Created Date = 20/03/07 15:34:54 | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 12/04/07 15:36:33 | Attr =	]

Performance -> %SystemRoot%\Performance ->  [Folder | Created Date = 11/04/07 15:50:36 | Attr =	]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/04/07 18:35:21 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/04/07 18:35:21 | Attr =  H ]

SwSys1.bmp -> %SystemRoot%\SwSys1.bmp ->  [Ver =  | Size = 0 bytes | Created Date = 13/04/07 14:53:15 | Attr =  H ]

SwSys2.bmp -> %SystemRoot%\SwSys2.bmp ->  [Ver =  | Size = 0 bytes | Created Date = 13/04/07 14:53:15 | Attr =  H ]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Created Date = 31/03/07 11:10:15 | Attr =	]

GDS32.DLL -> %System32%\GDS32.DLL -> The Firebird Project [Ver = WI-V6.3.2.4731 | Size = 356437 bytes | Created Date = 23/03/07 18:37:20 | Attr =	]

NtmsData -> %System32%\NtmsData ->  [Folder | Created Date = 11/04/07 16:02:40 | Attr =	]



[Files/Folders - Modified Within 30 days]

!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 09/04/07 16:19:04 | Attr =	]

$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 01/04/07 15:55:02 | Attr = RH ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 11/04/07 16:49:36 | Attr =  H ]

fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 13/04/07 15:35:40 | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 13/04/07 19:28:38 | Attr = R  ]

UT2004Demo -> %SystemDrive%\UT2004Demo ->  [Folder | Modified Date = 31/03/07 12:18:12 | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 13/04/07 15:53:16 | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/04/07 14:05:28 | Attr =  H ]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Modified Date = 04/04/07 16:44:00 | Attr =  H ]

$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Modified Date = 16/03/07 15:22:56 | Attr =  H ]

$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ ->  [Folder | Modified Date = 16/03/07 15:24:46 | Attr =  H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Modified Date = 13/04/07 14:11:16 | Attr =  H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Modified Date = 13/04/07 14:11:24 | Attr =  H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Modified Date = 13/04/07 14:12:12 | Attr =  H ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Modified Date = 13/04/07 14:10:56 | Attr =  H ]

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 06/04/07 0:31:16 | Attr = R S]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 14/04/07 10:26:48 | Attr =   S]

Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 23/03/07 17:17:16 | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 31/03/07 13:46:40 | Attr = R S]

Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Modified Date = 20/03/07 16:34:56 | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/04/07 14:11:26 | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/04/07 14:16:44 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 11/04/07 16:58:58 | Attr =  HS]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 12/04/07 16:36:36 | Attr =	]

msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]

Performance -> %SystemRoot%\Performance ->  [Folder | Modified Date = 11/04/07 16:50:38 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 14/04/07 15:22:04 | Attr =	]

QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/04/07 19:35:22 | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 14/04/07 11:08:00 | Attr =  H ]

SwSys1.bmp -> %SystemRoot%\SwSys1.bmp ->  [Ver =  | Size = 0 bytes | Modified Date = 13/04/07 15:53:16 | Attr =  H ]

SwSys2.bmp -> %SystemRoot%\SwSys2.bmp ->  [Ver =  | Size = 0 bytes | Modified Date = 13/04/07 15:53:16 | Attr =  H ]

system32 -> %System32% ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 14/04/07 14:20:12 | Attr =	]

unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]

unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 850 bytes | Modified Date = 06/04/07 18:28:42 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 14/04/07 10:26:52 | Attr =  H ]

BASSMOD.dll -> %System32%\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 23/03/07 19:40:02 | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 13/04/07 19:23:06 | Attr =	]

DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 06/04/07 0:30:50 | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr = RHS]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 309992 bytes | Modified Date = 04/04/07 16:49:36 | Attr =	]

NtmsData -> %System32%\NtmsData ->  [Folder | Modified Date = 11/04/07 17:03:38 | Attr =	]

nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 23773 bytes | Modified Date = 14/04/07 10:27:06 | Attr =	]

perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 58732 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]

perfc013.dat -> %System32%\perfc013.dat ->  [Ver =  | Size = 76816 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]

perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 392432 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]

perfh013.dat -> %System32%\perfh013.dat ->  [Ver =  | Size = 455928 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 994602 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]

tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3122 bytes | Modified Date = 25/03/07 11:34:06 | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13688 bytes | Modified Date = 14/04/07 10:27:40 | Attr =	]



[File String Scan - Non-Microsoft Only]

WSUD ,  -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.36 | Size = 16162816 bytes | Modified Date = 17/11/04 10:08:06 | Attr =	]

PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41122 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]

PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 01/02/07 6:56:06 | Attr =	]

UPX! , UPX0 ,  -> %System32%\OutlookBar.ocx -> UniCont Soft [Ver = 1.03.0002 | Size = 168960 bytes | Modified Date = 11/05/05 2:37:02 | Attr =	]

UPX! , UPX0 ,  -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Modified Date = 27/04/06 17:49:30 | Attr =	]

UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/06 19:43:54 | Attr =	]

UPX! , UPX0 ,  -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 09/01/06 10:36:06 | Attr =	]

UPX! , UPX0 ,  -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/06 6:20:34 | Attr =	]

winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]

WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]

UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 14/03/07 8:55:02 | Attr =	]



< End of report >


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:09 AM

Posted 14 April 2007 - 08:42 AM

Hi Moc. It's the DNS server settings. Let's fix those up.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {8092E38F-1F1A-45FC-AFB1-F45E44374F3A} -> 85.255.116.53,85.255.112.116 (1394-netwerkkaart)
YN -> {8F825957-A097-4353-81C4-E770F2F99662} -> 85.255.116.53,85.255.112.116 (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will review it when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 14 April 2007 - 09:59 AM

[Registry - Non-Microsoft Only]

DNS NameServer information removed successfully for adapter: 1394-netwerkkaart

DNS NameServer information removed successfully for adapter: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

< End of log >

Created on 04/14/2007 16:56:21


#15 Moc

Moc
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:09 PM

Posted 14 April 2007 - 01:19 PM

I think everything is fine again so far...
Need a new log to dubble check if everything is OK?

Moc

EDIT: They are back again...:

WinPFind3 logfile created on: 15/04/07 0:22:17
WinPFind3U by OldTimer - Version 1.0.34	Folder = D:\winpfind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
 
1023,48 Mb Total Physical Memory | 567,84 Mb Available Physical Memory | 55,48% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 94,95 Gb Total Space | 53,30 Gb Free Space | 56,13% Space Free
Drive D: | 94,96 Gb Total Space | 51,78 Gb Free Space | 54,53% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TIJN
Current User Name: Tijn Kuyper
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]
atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]
fbguard.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
fbserver.exe -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
winpfind3u.exe -> D:\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 10/04/07 22:00:18 | Attr =	]
xfire.exe -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2702928 bytes | Modified Date = 12/04/07 4:33:54 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/01/07 13:03:02 | Attr =	]
(ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 90112 bytes | Modified Date = 20/07/04 15:15:20 | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/06 16:13:20 | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 14/03/07 8:55:00 | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
(dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbguard.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 65536 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Firebird\Firebird_1_5\bin\fbserver.exe -> The Firebird Project [Ver = WI-V1.5.2.4731 | Size = 1527893 bytes | Modified Date = 13/12/04 2:05:20 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 15/03/07 17:16:56 | Attr =	]
(lxcf_device) lxcf_device [Win32_Own | On_Demand | Stopped] -> %System32%\lxcfcoms.exe ->   [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 25/07/05 21:25:18 | Attr =	]
(NipSvc) Norman API-hooking helper [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Norman\Nvc\BIN\nipsvc.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 ->  -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 20/03/07 20:20:44 | Attr =	]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/05 23:48:34 | Attr =	]
Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 23/10/06 0:24:02 | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 14/03/07 8:54:58 | Attr =	]
DmwClient -> dmwclient.exe -> File not found
LXCFCATS -> %System32%\spool\drivers\w32x86\3\lxcftime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 20/07/05 19:47:32 | Attr =	]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 86016 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 1495040 bytes | Modified Date = 24/02/05 1:32:00 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/06 16:57:48 | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 77824 bytes | Modified Date = 15/11/04 12:20:20 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/06 4:23:28 | Attr =	]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 -> 
MAPI -> Installed = 1 -> 
MSFS -> Installed = 1 -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 -> %ProgramFiles%\MessengerPlus! 3\MsgPlus.exe -> Patchou [Ver = 3, 63, 0, 148 | Size = 190024 bytes | Modified Date = 26/02/07 17:24:50 | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.214 | Size = 25370152 bytes | Modified Date = 29/01/07 16:36:52 | Attr =	]
< Common Startup > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ->  [Ver =  | Size = 295606 bytes | Modified Date = 15/03/07 17:16:26 | Attr = R  ]
%AllUsersStartup%\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ->  [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23/10/06 1:01:50 | Attr =	]
< User Startup > -> C:\Documents and Settings\Tijn Kuyper\Menu Start\Programma's\Opstarten
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/05 20:16:50 | Attr =	]
%UserStartup%\Xfire.lnk -> %ProgramFiles%\Xfire\xfire.exe -> Xfire Inc. [Ver = 13133 | Size = 2702928 bytes | Modified Date = 12/04/07 4:33:54 | Attr =	]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/06 16:13:28 | Attr =	]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1  localhost  ->  -> 
< Internet Explorer Settings > -> 
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKLM: Local Page -> C:\windows\system32\blank.htm -> 
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Local Page -> C:\windows\system32\blank.htm -> 
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKCU: ProxyEnable -> 0 -> 
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/06 0:08:42 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/05 2:04:00 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
{C08DF07A-3E49-4E25-9AB0-D3882835F153} [HKLM] -> %SystemDrive%\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [QUICKfind BHO Object] -> File not found
{E5A1691B-D188-4419-AD02-90002030B8EE} [HKLM] -> %ProgramFiles%\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 31/03/06 23:27:14 | Attr =	]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 23/10/06 0:20:26 | Attr =	]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/06 4:23:26 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/06 4:23:24 | Attr =	]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Onderzoek] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
E&xporteren naar Microsoft Excel ->  -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3BCC1353-4976-4A73-8EAC-13D3D4FCCB68} ->	() -> 
{8092E38F-1F1A-45FC-AFB1-F45E44374F3A} ->	(1394-netwerkkaart) -> 
{8F825957-A097-4353-81C4-E770F2F99662} ->	(Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller) -> 
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/07 13:50:48 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab -> 
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> 


[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 09/04/07 15:19:02 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 19/03/07 19:09:59 | Attr = RH ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Created Date = 07/04/07 14:29:44 | Attr =	]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Created Date = 04/04/07 15:43:57 | Attr =  H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Created Date = 13/04/07 13:11:14 | Attr =  H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Created Date = 13/04/07 13:11:21 | Attr =  H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Created Date = 13/04/07 13:12:09 | Attr =  H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Created Date = 13/04/07 13:10:52 | Attr =  H ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Created Date = 23/03/07 16:17:15 | Attr =	]
Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Created Date = 20/03/07 15:34:54 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 12/04/07 15:36:33 | Attr =	]
Performance -> %SystemRoot%\Performance ->  [Folder | Created Date = 11/04/07 15:50:36 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/04/07 18:35:21 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/04/07 18:35:21 | Attr =  H ]
SwSys1.bmp -> %SystemRoot%\SwSys1.bmp ->  [Ver =  | Size = 0 bytes | Created Date = 13/04/07 14:53:15 | Attr =  H ]
SwSys2.bmp -> %SystemRoot%\SwSys2.bmp ->  [Ver =  | Size = 0 bytes | Created Date = 13/04/07 14:53:15 | Attr =  H ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Created Date = 31/03/07 11:10:15 | Attr =	]
GDS32.DLL -> %System32%\GDS32.DLL -> The Firebird Project [Ver = WI-V6.3.2.4731 | Size = 356437 bytes | Created Date = 23/03/07 18:37:20 | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Created Date = 11/04/07 16:02:40 | Attr =	]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 09/04/07 16:19:04 | Attr =	]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 01/04/07 15:55:02 | Attr = RH ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 11/04/07 16:49:36 | Attr =  H ]
fixwareout -> %SystemDrive%\fixwareout ->  [Folder | Modified Date = 13/04/07 15:35:40 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 14/04/07 16:10:50 | Attr = R  ]
UT2004Demo -> %SystemDrive%\UT2004Demo ->  [Folder | Modified Date = 31/03/07 12:18:12 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 13/04/07 15:53:16 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 13/04/07 14:05:28 | Attr =  H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Modified Date = 04/04/07 16:44:00 | Attr =  H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ ->  [Folder | Modified Date = 13/04/07 14:11:16 | Attr =  H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ ->  [Folder | Modified Date = 13/04/07 14:11:24 | Attr =  H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ ->  [Folder | Modified Date = 13/04/07 14:12:12 | Attr =  H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ ->  [Folder | Modified Date = 13/04/07 14:10:56 | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 06/04/07 0:31:16 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 14/04/07 10:26:48 | Attr =   S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations ->  [Folder | Modified Date = 23/03/07 17:17:16 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 31/03/07 13:46:40 | Attr = R S]
Foresight Anti-Cheat -> %SystemRoot%\Foresight Anti-Cheat ->  [Folder | Modified Date = 20/03/07 16:34:56 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 13/04/07 14:11:26 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 13/04/07 14:16:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 11/04/07 16:58:58 | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 12/04/07 16:36:36 | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]
Performance -> %SystemRoot%\Performance ->  [Folder | Modified Date = 11/04/07 16:50:38 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 14/04/07 22:55:44 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/04/07 19:35:22 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 14/04/07 11:08:00 | Attr =  H ]
SwSys1.bmp -> %SystemRoot%\SwSys1.bmp ->  [Ver =  | Size = 0 bytes | Modified Date = 13/04/07 15:53:16 | Attr =  H ]
SwSys2.bmp -> %SystemRoot%\SwSys2.bmp ->  [Ver =  | Size = 0 bytes | Modified Date = 13/04/07 15:53:16 | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 14/04/07 14:20:12 | Attr =	]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 656 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]
unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 31/03/07 12:10:18 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 850 bytes | Modified Date = 06/04/07 18:28:42 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 14/04/07 10:26:52 | Attr =  H ]
BASSMOD.dll -> %System32%\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 23/03/07 19:40:02 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 13/04/07 19:23:06 | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 06/04/07 0:30:50 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 13/04/07 14:16:24 | Attr = RHS]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 309992 bytes | Modified Date = 04/04/07 16:49:36 | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Modified Date = 11/04/07 17:03:38 | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 23773 bytes | Modified Date = 14/04/07 10:27:06 | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 58732 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfc013.dat -> %System32%\perfc013.dat ->  [Ver =  | Size = 76816 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 392432 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
perfh013.dat -> %System32%\perfh013.dat ->  [Ver =  | Size = 455928 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 994602 bytes | Modified Date = 25/03/07 10:15:58 | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 3122 bytes | Modified Date = 25/03/07 11:34:06 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13688 bytes | Modified Date = 14/04/07 10:27:40 | Attr =	]

[File String Scan - Non-Microsoft Only]
WSUD ,  -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.36 | Size = 16162816 bytes | Modified Date = 17/11/04 10:08:06 | Attr =	]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41122 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
PEC2 , PECompact2 ,  -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 01/02/07 6:56:06 | Attr =	]
UPX! , UPX0 ,  -> %System32%\OutlookBar.ocx -> UniCont Soft [Ver = 1.03.0002 | Size = 168960 bytes | Modified Date = 11/05/05 2:37:02 | Attr =	]
UPX! , UPX0 ,  -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Modified Date = 27/04/06 17:49:30 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/06 19:43:54 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Modified Date = 09/01/06 10:36:06 | Attr =	]
UPX! , UPX0 ,  -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/06 6:20:34 | Attr =	]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 04/08/04 14:00:00 | Attr =	]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 14/03/07 8:55:02 | Attr =	]

< End of report >

Edited by Moc, 14 April 2007 - 05:28 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users