Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Task Manager 100% Comp Usage


  • This topic is locked This topic is locked
17 replies to this topic

#1 Eternitus

Eternitus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 06 June 2007 - 04:16 PM

Hi there, im new to this site. And am obviously here because I have a problem.

My computer has been moving very slowly on and off. When I go to the windows task manager under processes it says that my iexplorer.exe is usually what is taking up the most usage.

Now i found this site by googling my problem and came up with this page http://www.bleepingcomputer.com/forums/lof...php/t72150.html

An older thread but is basically describes my problem. I'm taking those steps to hopefully resolve my problem. But I still need some help along the way. I am no computer nerd by any means though, which is why I need the help. I know almost nothing of this computer, i had someone else build it for me.

I need to know if this stuff will resolve my problem and how to do it. Here is the logfile i got from hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 3:53:56 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\twain_32\fb7\SCANER32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brittney\Local Settings\Temporary Internet Files\Content.IE5\6KQ9FINV\VundoFix[1].exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [e93TC] C:\documents and settings\jonathan\local settings\temp\e93TC.exe
O4 - HKLM\..\Run: [e93TC.exe] C:\documents and settings\jonathan\local settings\temp\e93TC.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: FB7 Scanner Utilities.lnk = C:\WINDOWS\twain_32\fb7\SCANER32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O20 - AppInit_DLLs: uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ghnnakhb.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I know it is a very long list because I have multiple people who use this computer and download a lot of junk onto it. But if someone could help me by telling me what i need to fix through hijackthis or by telling me what i should be doing to resolve this problem, i would greatly appreciate any advice or assistance you guys can offer. I am also running VundoFix as I type this.

Thank you for taking time to help me. I will greatly appreciate it.

BC AdBot (Login to Remove)

 


#2 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 07 June 2007 - 12:49 PM

Sorry not meaning for this as a bump but as you can see i am desperate. I did some steps to cleaning up my computer and have followed a lot of different things i saw on this site. Yet, i still do not know what I should be fixing in Hijackthis. Someone told me that my system has malware in it and after I cleaned up my comp. and did some scans that I should post another log. So here is my "hopefully" updated log. My comp seems to be running a little better but not much.

Logfile of HijackThis v1.99.1
Scan saved at 12:37:55 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [e93TC] C:\documents and settings\jonathan\local settings\temp\e93TC.exe
O4 - HKLM\..\Run: [e93TC.exe] C:\documents and settings\jonathan\local settings\temp\e93TC.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Tpos] C:\Documents and Settings\Lori Borowicz\Application Data\ohrl.exe
O4 - HKCU\..\Run: [Hjzpnmyi] C:\WINDOWS\System32\kmisng.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmtrans.html
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {629C5DAA-BABC-4d44-983D-97AFF415621C} - file://C:\Program Files\MyPointsPointAlert\System\Temp\boxtopgmills_script0.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O20 - AppInit_DLLs: uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Microsoft DirectXb - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ghnnakhb.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

And i know you guys are busy. Please know that I did not do this as an intended bump. Please get to my problem when you have the chance. Thanks

P.S i do love a lot of the nice tips and tricks. They seem to be helping.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 11 June 2007 - 08:25 PM

Hello Eternitus and welcome to the BC HijackThis forum. I am seeing a few different infections in the log. Let's dig a little deeper and see what else we find.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 12 June 2007 - 01:17 AM

Thanks for the reply, i really appreciate it. And I did what you told me to. Here is the information:


WinPFind3 logfile created on: 6/11/2007 10:16:12 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Brittney\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.47 Mb Total Physical Memory | 184.27 Mb Available Physical Memory | 36.03% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 64.13 Gb Free Space | 68.85% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KIDS
Current User Name: Brittney
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 3:41:34 PM | Attr = ]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 5/12/2005 12:33:52 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/12/2005 12:40:38 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 5/11/2005 11:16:22 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
kodakccs.exe -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
monitor.exe -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
msgagt.exe -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
scaner32.exe -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]
yum.exe -> %ProgramFiles%\Yahoo!\YUM\yum.exe -> Yahoo! Inc. [Ver = 2002, 8, 15, 2 | Size = 188416 bytes | Modified Date = 8/15/2002 4:00:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> Alpha Networks Inc. [Ver = 1, 0, 1, 30507 | Size = 49152 bytes | Modified Date = 10/22/2004 2:42:44 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 11/30/2004 10:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 3:41:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 5:03:22 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 4:57:44 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 4:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 11/24/2005 4:47:30 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 1/6/2006 10:25:12 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
D-Link AirPlus G -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
e93TC -> %SystemDrive%\documents and settings\jonathan\local settings\temp\e93TC.exe -> File not found
e93TC.exe -> %SystemDrive%\documents and settings\jonathan\local settings\temp\e93TC.exe -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 11:35:56 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
NAV CfgWiz -> %CommonProgramFiles%\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe -> File not found
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
PRISMSVR.EXE -> %System32%\PRISMSVR.EXE -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
TempRemove -> %ProgramFiles%\Crystal Ball\CB Predictor\terminator.exe -> [Ver = | Size = 7680 bytes | Modified Date = 11/6/2003 10:36:56 AM | Attr = ]
Ulead AutoDetector -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
WildTangent CDA -> Files\WildTangent\Apps\CDA\cdaEngine0400.DLL [RUNDLL32.exe "%ProgramFiles%\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain] -> File not found
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
-> -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 3:41:34 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
%AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 5/12/2005 12:49:24 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Brittney\Start Menu\Programs\Startup
%UserStartup%\FB7 Scanner Utilities.lnk -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll -> uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll -> File not found
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{79FEACFF-FFCE-815E-A900-316290B5B738} [HKLM] -> %System32%\Ghnnakhb.dll [Microsoft DirectXb] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 11/30/2004 10:06:56 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://yahoo.sbc.com/dsl ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:38:44 AM | Attr = ]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKLM] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 9:55:32 AM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{0483894E-2422-45E0-8384-021AFF1AF3CD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
{83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKLM] -> %SystemRoot%\Downloaded Program Files\SbCIe028.dll [SideStep] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 0, 0, 15 | Size = 360448 bytes | Modified Date = 4/28/2003 9:37:16 AM | Attr = ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/24/2005 4:28:20 PM | Attr = ]
WebBrowser\\{B9D1647F-A66A-4695-B249-07901A45FF59} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0483894E-2422-45E0-8384-021AFF1AF3CD} -> Reg Data - Value does not exist [ButtonText: iOpus Internet Macros] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> File not found
{F4430FE8-2638-42e5-B849-800749B94EED} -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [ButtonText: PartyPoker.net] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
FunWebProducts -> ->
iOpus-I-M -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4856BDDC-3C92-4244-97D6-2EA607389799} -> (1394 Net Adapter) ->
{52A40DB2-D0FA-4B6B-A23D-FD5FE49B7185} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.:thumbsup:) ->
{5BB1F22B-BC20-47C3-819E-10597BB16FC4} -> (2Wire PC Port) ->
{71924720-A438-4E1B-ACD2-60DE69F1870D} -> (Broadcom NetXtreme Gigabit Ethernet) ->
{76BA1139-2CA9-47E8-AA7E-D9936AF8C9C4} -> () ->
{8BB02A29-E5D8-4D9C-911C-1F667047DB3C} -> (2Wire PC Port) ->
{91DAFA17-D651-41E9-AD8B-07E1061BC28A} -> (2Wire PC Port) ->
{99BCE093-FEA7-4A4D-BDA8-7A4E4AB911AB} -> (2Wire PC Port) ->
{E7F9A9C9-A25F-4A33-AA3C-ECE80C9C88A2} -> (2Wire PC Port) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000075-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/voxacm.CAB ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{03F998B2-0E00-11D3-A498-00104B6EB52E} -> MetaStreamCtl Class - CodeBase = https://components.viewpoint.com/MTSInstall...od/install.html ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Fun Web Products Installer Start - CodeBase = http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab ->
{41F17733-B041-4099-A042-B518BB6A408C} -> - CodeBase = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -> - CodeBase = http://toolbar.google.com/data/GoogleActivate.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7654.3631597222 ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{A7EA8AD2-287F-11D3-B120-006008C39542} -> CBSTIEPrint Class - CodeBase = http://offers.brightstreet.com/cif/download/bin/actxcab.cab ->
{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -> WTHoster Class - CodeBase = http://install.wildtangent.com/bgn/partner...lim/install.cab ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab ->
{CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} -> HGPlugin10USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab ->


[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 6/6/2007 2:47:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
isearch work cited annotated bibliography.rtf -> %SystemDrive%\isearch work cited annotated bibliography.rtf -> [Ver = | Size = 13781 bytes | Created Date = 5/20/2007 7:41:25 PM | Attr = ]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Created Date = 6/6/2007 5:10:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Created Date = 6/7/2007 6:34:17 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/6/2007 1:57:17 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Created Date = 6/6/2007 2:32:19 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/24/2007 2:00:37 AM | Attr = H ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/7/2007 10:51:22 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/8/2007 11:33:28 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/8/2007 11:33:28 AM | Attr = H ]
Gunz -> %UserDocuments%\Gunz -> [Folder | Created Date = 6/10/2007 3:51:21 PM | Attr = ]
isearch survey.doc -> %UserDocuments%\isearch survey.doc -> [Ver = | Size = 79360 bytes | Created Date = 5/16/2007 6:53:36 PM | Attr = ]
lbata.jpg -> %UserDocuments%\lbata.jpg -> [Ver = | Size = 113695 bytes | Created Date = 5/14/2007 9:55:29 PM | Attr = ]
lbata2.jpg -> %UserDocuments%\lbata2.jpg -> [Ver = | Size = 138342 bytes | Created Date = 5/14/2007 9:58:21 PM | Attr = ]
SPPScript4 -> %UserDocuments%\SPPScript4 -> [Folder | Created Date = 5/16/2007 6:31:36 PM | Attr = ]
spybotsd14.exe -> %UserDocuments%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 6/4/2007 7:29:08 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 6/4/2007 7:33:41 PM | Attr = ]
Ventrilo (2).lnk -> %UserDesktop%\Ventrilo (2).lnk -> [Ver = | Size = 642 bytes | Created Date = 5/24/2007 12:54:24 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 6/11/2007 9:13:01 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Created Date = 6/11/2007 9:12:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Gamma Loader.exe.lnk -> %AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> [Ver = | Size = 890 bytes | Created Date = 6/8/2007 5:19:47 AM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1746 bytes | Created Date = 6/8/2007 5:19:46 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/8/2007 6:19:40 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/23/2007 7:32:52 PM | Attr = H ]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 6/6/2007 3:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
isearch work cited annotated bibliography.rtf -> %SystemDrive%\isearch work cited annotated bibliography.rtf -> [Ver = | Size = 13781 bytes | Modified Date = 5/20/2007 8:41:26 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/6/2007 3:47:58 PM | Attr = ]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Modified Date = 6/7/2007 7:34:18 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/6/2007 3:11:46 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/9/2007 11:03:46 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/24/2007 3:00:28 AM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/24/2007 3:00:40 AM | Attr = H ]
AVSCAN32.INI -> %SystemRoot%\AVSCAN32.INI -> [Ver = | Size = 838 bytes | Modified Date = 6/9/2007 10:59:32 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 10:58:56 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/7/2007 12:48:02 PM | Attr = S]
GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 52 bytes | Modified Date = 6/11/2007 5:35:40 PM | Attr = ]
HUL -> %SystemRoot%\HUL -> [Folder | Modified Date = 5/19/2007 6:54:16 PM | Attr = H ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/3/2007 11:04:18 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/23/2007 7:32:52 PM | Attr = HS]
MsgAgt.INI -> %SystemRoot%\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 6/9/2007 10:59:36 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/11/2007 10:14:18 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/8/2007 6:19:48 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/8/2007 12:33:30 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/8/2007 12:33:30 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/8/2007 6:19:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/6/2007 5:00:32 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/11/2007 1:55:06 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1751 bytes | Modified Date = 6/9/2007 12:13:48 PM | Attr = ]
dfrgntfs.job -> %SystemRoot%\tasks\dfrgntfs.job -> [Ver = | Size = 276 bytes | Modified Date = 6/9/2007 3:00:02 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> [Ver = | Size = 546 bytes | Modified Date = 6/8/2007 8:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/9/2007 10:59:04 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/3/2007 11:04:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/6/2007 6:08:44 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/6/2007 6:10:48 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/11/2007 5:35:30 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/8/2007 7:36:44 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 6/9/2007 11:03:16 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 6/4/2007 8:34:02 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 6/9/2007 10:59:34 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1580990 bytes | Modified Date = 5/24/2007 3:06:22 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 6/8/2007 1:54:36 PM | Attr = ]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb -> [Ver = | Size = 4353024 bytes | Modified Date = 6/6/2007 2:36:10 PM | Attr = R ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb -> [Ver = | Size = 5837824 bytes | Modified Date = 6/6/2007 2:36:10 PM | Attr = R ]
Gunz -> %UserDocuments%\Gunz -> [Folder | Modified Date = 6/10/2007 4:51:22 PM | Attr = ]
isearch survey.doc -> %UserDocuments%\isearch survey.doc -> [Ver = | Size = 79360 bytes | Modified Date = 5/17/2007 9:05:12 PM | Attr = ]
lbata.jpg -> %UserDocuments%\lbata.jpg -> [Ver = | Size = 113695 bytes | Modified Date = 5/14/2007 10:55:32 PM | Attr = ]
lbata2.jpg -> %UserDocuments%\lbata2.jpg -> [Ver = | Size = 138342 bytes | Modified Date = 5/14/2007 10:58:24 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 6/8/2007 1:50:24 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 6/7/2007 12:21:02 PM | Attr = R ]
SPPScript4 -> %UserDocuments%\SPPScript4 -> [Folder | Modified Date = 6/6/2007 2:27:34 PM | Attr = ]
spybotsd14.exe -> %UserDocuments%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 6/4/2007 8:30:32 PM | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 6/4/2007 8:33:42 PM | Attr = ]
Ventrilo (2).lnk -> %UserDesktop%\Ventrilo (2).lnk -> [Ver = | Size = 642 bytes | Modified Date = 5/24/2007 1:54:26 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 6/11/2007 10:13:02 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Modified Date = 6/11/2007 10:12:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
PTech , -> %SystemDrive%\kyf.dat -> [Ver = | Size = 2912866 bytes | Modified Date = 4/9/2004 3:57:58 PM | Attr = H ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\a3d.dll:Zone.Identifier ->
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2.2.17 | Size = 14204416 bytes | Modified Date = 1/9/2004 3:53:58 AM | Attr = ]
PEC2 , -> %System32%\ATIVTPXX.AX -> ATI Technologies Inc. [Ver = 8.8.001 | Size = 832276 bytes | Modified Date = 12/3/2003 8:12:08 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\aeaudio.sys:Zone.Identifier ->
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smsens.sys:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smwdm.sys:Zone.Identifier ->
@Alternate Data Stream - 138 bytes -> %AllUsersAppData%\TEMP:05EE1EEF ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\03%20Like%20U%20Crazy[1].mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\105541235_de69048b.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-boston.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-falling_again.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-i_like_it_when_you_smile.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-rolling_away.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-A_Day_Late.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-Glass_To_The_Arson.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-Ready_Fuels.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\And_Then_I_Turned_Seven_MN-If_You_Live_By_The_Sword_You_Die_By_The_Sword_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\And_Then_I_Turned_Seven_MN-I_Miss_You.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ATALDeepSleeper.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ATALTheCarousel.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Ben_Folds_Five-Hidden_Skitty_Ska.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Ben_Folds_Five-The_Difference_Between.mp3:Zone.Identifier ->
WSUD , -> %AllUsersDocuments%\catttt.doc -> [Ver = | Size = 2238464 bytes | Modified Date = 11/8/2006 11:49:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\CAXGC7DL.htm:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ChaseYouDownMAKINGAPRIL.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Comethrough.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Bastards_On_Parade.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Fields_Of_Athenry.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Pipebomb_on_Lansdowne_dance_remix.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Sunshine_Highway.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Auld_Triangle.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Gauntlet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Spicy_Mchaggis_Jig.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Warriors_Code.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Walk_Away.mp3:Zone.Identifier ->
UPX0 , -> %AllUsersDocuments%\Dropkick_Murphys-Walk_Away.mp3 -> [Ver = | Size = 5322969 bytes | Modified Date = 3/28/2006 1:53:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\fansite_kit.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\FM_Static-Crazy_Mary.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\FM_Static-Definitely_Maybe.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Garden of1997 .mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Niki_FM.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Ohio_Is_For_Lovers.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Saying_Sorry_NEW.mp3:Zone.Identifier ->
UPX! , -> %AllUsersDocuments%\Hawthorne_Heights-Saying_Sorry_NEW.mp3 -> [Ver = | Size = 2996690 bytes | Modified Date = 5/3/2006 6:28:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Silver_Bullet_Acoustic.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-This_Is_Who_We_Are_NEW.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\hellogoodbye-touchdown_turnaround.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hey Darlin1997.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hot_Hot_Heat-Goodnight_Goodnight.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hot_Hot_Heat-Island_Of_The_Honest_Man.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Imogen_Heap_Fan-Goodnight_and_Go.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Imogen_Heap_Fan-Oh_Me_Oh_My.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Just_Surrender-Tell_Me_Everything.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\K-4 1 on 1 aide schedules.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Mae-Embers_And_Envelopes.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Mae-Summertime.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\making april roses and butterflies.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_All_of_Yours.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Chase_You_Down.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Dont_Look_Back.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Driveway.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_These_are_the_Nights.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-In_Transit_For_You.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-Monsters.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-My_Eyes_Burn.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-Promise.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-You_Can_Run_But_Well_Find_You_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Papercuts.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Plain_White_Ts-Take_Me_Away__from_New_Album.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Punchline-Open_Up.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Punchline-Play.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Rookie_of_the_Year-Consider_This_Summer.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Sleeping_at_Last-Say.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\that.psd:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\theAUDITION-Dance_Halls_Turn_To_Ghost_Towns_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\theAUDITION-Youve_Made_Us_Conscious.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Academy_Is-Season_demo.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\the_caesars-jerk_it_out.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Cemetery_Row_W14.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Human_Behavior.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Like_a_Lion.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-The_Kingdom_of_Spain.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-Even_Better_Yet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-Janet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-The_First_Single.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_HINT-Where_Are_You_Now__NEW.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Hush_Sound-Crawling_Towards_The_Sun.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Real_You-Dear_Mom_and_Dad.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Spill_Canvas-All_Hail_the_Hearbreaker.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Spill_Canvas-The_Tide.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Summer_Obsession-Death_Said.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Summer_Obsession-Melt_the_Sugar.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\This_Providence-Everyday.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\This_Providence-Truth_and_Reconciliation.mp3:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %AllUsersDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Autumn.mp3:Zone.Identifier ->
CNNIC , -> %AllUsersDocuments%\TOURMALINE-Autumn.mp3 -> [Ver = | Size = 5035405 bytes | Modified Date = 3/29/2006 12:10:18 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Expectations_Acoustic_Demo.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-One_Chance_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Waiting_For_A_Heart_Attack.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Lillian_Lies.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Shadowland.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Skeleton_Jar.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\academic_0607.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\DCPlusPlus-0.674.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Guys and Dolls.mid:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\LetItBe.asx:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\mrsxrodriguez5c27splaylist.xspf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\SonicStageInstaller.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

Edited by Eternitus, 12 June 2007 - 01:20 AM.


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 12 June 2007 - 11:10 AM

Hi Eternitus. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #2

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> e93TC -> %SystemDrive%\documents and settings\jonathan\local settings\temp\e93TC.exe
YN -> e93TC.exe -> %SystemDrive%\documents and settings\jonathan\local settings\temp\e93TC.exe
YN -> NAV CfgWiz -> %CommonProgramFiles%\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe
YN -> PRISMSVR.EXE -> %System32%\PRISMSVR.EXE
YN -> WildTangent CDA -> Files\WildTangent\Apps\CDA\cdaEngine0400.DLL [RUNDLL32.exe "%ProgramFiles%\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
YN -> ->
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {79FEACFF-FFCE-815E-A900-316290B5B738} [HKLM] -> %System32%\Ghnnakhb.dll [Microsoft DirectXb]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {0483894E-2422-45E0-8384-021AFF1AF3CD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKLM] -> %SystemRoot%\Downloaded Program Files\SbCIe028.dll [SideStep]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{B9D1647F-A66A-4695-B249-07901A45FF59} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0483894E-2422-45E0-8384-021AFF1AF3CD} -> Reg Data - Value does not exist [ButtonText: iOpus Internet Macros]
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console]
YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services]
YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com]
YN -> {F4430FE8-2638-42e5-B849-800749B94EED} -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [ButtonText: PartyPoker.net]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Fun Web Products Installer Start - CodeBase = http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab
YN -> {A7EA8AD2-287F-11D3-B120-006008C39542} -> CBSTIEPrint Class - CodeBase = http://offers.brightstreet.com/cif/download/bin/actxcab.cab
YN -> {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -> WTHoster Class - CodeBase = http://install.wildtangent.com/bgn/partner...lim/install.cab
[Empty Temp Folders]
[Reboot]


The fix should only take a very short time You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot into Safe Mode as shown below. If not, then reboot manually into Safe Mode.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #4

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 12 June 2007 - 02:58 PM

I have a problem with step#3

After i reboot into safe mode, i log back onto the name which has the AVG anti-spyware saved to the desktop. But when i try to launch it, it says this "Connection to service failed. Please reinstall AVG Anti-spyware 7.5" So i got out of safe mode and reinstalled it. And i tried it over again. It is still not working.

I also noticed while i was in safe mode i couldnt connect to the internet. I don't know if it is supposed to be like that or not. But maybe that is why I could not connect.


Thanks~

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 12 June 2007 - 03:21 PM

Hi Eternitus. No, you wouldn't be able to connect to the internet from Safe Mode. That is the way it is supposed to be.

Try running the AVG scan from a normal boot.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 14 June 2007 - 12:52 PM

Hi there, sorry for the delayed response. Here is the stuff:

WinPFind3 logfile created on: 6/13/2007 9:28:34 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Brittney\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.47 Mb Total Physical Memory | 221.30 Mb Available Physical Memory | 43.27% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 64.27 Gb Free Space | 69.00% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KIDS
Current User Name: Brittney
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 6731312 bytes | Modified Date = 5/30/2007 7:30:58 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 5/12/2005 12:33:52 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/12/2005 12:40:38 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 5/11/2005 11:16:22 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
kodakccs.exe -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
monitor.exe -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
msgagt.exe -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
scaner32.exe -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]
yum.exe -> %ProgramFiles%\Yahoo!\YUM\yum.exe -> Yahoo! Inc. [Ver = 2002, 8, 15, 2 | Size = 188416 bytes | Modified Date = 8/15/2002 4:00:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> Alpha Networks Inc. [Ver = 1, 0, 1, 30507 | Size = 49152 bytes | Modified Date = 10/22/2004 2:42:44 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 11/30/2004 10:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 3:41:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 5:03:22 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 4:57:44 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 4:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 11/24/2005 4:47:30 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 1/6/2006 10:25:12 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 6731312 bytes | Modified Date = 5/30/2007 7:30:58 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
D-Link AirPlus G -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 11:35:56 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TempRemove -> %ProgramFiles%\Crystal Ball\CB Predictor\terminator.exe -> [Ver = | Size = 7680 bytes | Modified Date = 11/6/2003 10:36:56 AM | Attr = ]
Ulead AutoDetector -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
%AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 5/12/2005 12:49:24 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Brittney\Start Menu\Programs\Startup
%UserStartup%\FB7 Scanner Utilities.lnk -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll -> uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 11/30/2004 10:06:56 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://yahoo.sbc.com/dsl ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKLM] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 9:55:32 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 0, 0, 15 | Size = 360448 bytes | Modified Date = 4/28/2003 9:37:16 AM | Attr = ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
ShellBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/24/2005 4:28:20 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
FunWebProducts -> ->
iOpus-I-M -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4856BDDC-3C92-4244-97D6-2EA607389799} -> (1394 Net Adapter) ->
{52A40DB2-D0FA-4B6B-A23D-FD5FE49B7185} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.:thumbsup:) ->
{5BB1F22B-BC20-47C3-819E-10597BB16FC4} -> (2Wire PC Port) ->
{71924720-A438-4E1B-ACD2-60DE69F1870D} -> (Broadcom NetXtreme Gigabit Ethernet) ->
{76BA1139-2CA9-47E8-AA7E-D9936AF8C9C4} -> () ->
{8BB02A29-E5D8-4D9C-911C-1F667047DB3C} -> (2Wire PC Port) ->
{91DAFA17-D651-41E9-AD8B-07E1061BC28A} -> (2Wire PC Port) ->
{99BCE093-FEA7-4A4D-BDA8-7A4E4AB911AB} -> (2Wire PC Port) ->
{E7F9A9C9-A25F-4A33-AA3C-ECE80C9C88A2} -> (2Wire PC Port) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000075-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/voxacm.CAB ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{03F998B2-0E00-11D3-A498-00104B6EB52E} -> MetaStreamCtl Class - CodeBase = https://components.viewpoint.com/MTSInstall...od/install.html ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{41F17733-B041-4099-A042-B518BB6A408C} -> - CodeBase = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -> - CodeBase = http://toolbar.google.com/data/GoogleActivate.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7654.3631597222 ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/update/1.4.1/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} -> HGPlugin10USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab ->


[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 6/6/2007 2:47:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
isearch work cited annotated bibliography.rtf -> %SystemDrive%\isearch work cited annotated bibliography.rtf -> [Ver = | Size = 13781 bytes | Created Date = 5/20/2007 7:41:25 PM | Attr = ]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Created Date = 6/6/2007 5:10:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Created Date = 6/7/2007 6:34:17 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/6/2007 1:57:17 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Created Date = 6/6/2007 2:32:19 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/24/2007 2:00:37 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/13/2007 2:05:23 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 6/13/2007 2:05:55 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/13/2007 2:00:58 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/13/2007 2:04:53 AM | Attr = H ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/7/2007 10:51:22 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/12/2007 1:23:21 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 6/12/2007 1:23:31 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 6/13/2007 10:30:00 AM | Attr = ]
Gunz -> %UserDocuments%\Gunz -> [Folder | Created Date = 6/10/2007 3:51:21 PM | Attr = ]
isearch survey.doc -> %UserDocuments%\isearch survey.doc -> [Ver = | Size = 79360 bytes | Created Date = 5/16/2007 6:53:36 PM | Attr = ]
SPPScript4 -> %UserDocuments%\SPPScript4 -> [Folder | Created Date = 5/16/2007 6:31:36 PM | Attr = ]
spybotsd14.exe -> %UserDocuments%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 6/4/2007 7:29:08 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 6/12/2007 1:23:25 PM | Attr = ]
avgas-setup-7.5.1.36.exe -> %UserDesktop%\avgas-setup-7.5.1.36.exe -> [Ver = | Size = 12178512 bytes | Created Date = 6/12/2007 1:22:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.36.exe:Zone.Identifier ->
jre-6u1-windows-i586-p.exe -> %UserDesktop%\jre-6u1-windows-i586-p.exe -> [Ver = | Size = 13801120 bytes | Created Date = 6/13/2007 10:12:02 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u1-windows-i586-p.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 6/4/2007 7:33:41 PM | Attr = ]
Ventrilo (2).lnk -> %UserDesktop%\Ventrilo (2).lnk -> [Ver = | Size = 642 bytes | Created Date = 5/24/2007 12:54:24 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 6/11/2007 9:13:01 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Created Date = 6/11/2007 9:12:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Adobe Gamma Loader.exe.lnk -> %AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> [Ver = | Size = 890 bytes | Created Date = 6/8/2007 5:19:47 AM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1746 bytes | Created Date = 6/8/2007 5:19:46 AM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/13/2007 10:32:08 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/8/2007 6:19:40 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/13/2007 11:35:26 AM | Attr = H ]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 6/6/2007 3:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
isearch work cited annotated bibliography.rtf -> %SystemDrive%\isearch work cited annotated bibliography.rtf -> [Ver = | Size = 13781 bytes | Modified Date = 5/20/2007 8:41:26 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/13/2007 2:13:28 PM | Attr = ]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Modified Date = 6/7/2007 7:34:18 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/6/2007 3:11:46 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/13/2007 6:38:28 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/12/2007 2:53:14 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/24/2007 3:00:40 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/13/2007 3:05:28 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 6/13/2007 3:06:00 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/13/2007 3:01:00 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/13/2007 3:04:56 AM | Attr = H ]
AVSCAN32.INI -> %SystemRoot%\AVSCAN32.INI -> [Ver = | Size = 838 bytes | Modified Date = 6/13/2007 11:27:52 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/13/2007 11:22:40 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/12/2007 2:27:54 PM | Attr = S]
GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 52 bytes | Modified Date = 6/11/2007 5:35:40 PM | Attr = ]
HUL -> %SystemRoot%\HUL -> [Folder | Modified Date = 5/19/2007 6:54:16 PM | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/13/2007 3:05:40 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/13/2007 3:06:20 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/13/2007 11:35:26 AM | Attr = HS]
MsgAgt.INI -> %SystemRoot%\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 6/13/2007 11:23:18 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/13/2007 9:22:42 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/8/2007 6:19:48 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/8/2007 6:19:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/13/2007 11:35:20 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/13/2007 11:24:50 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1751 bytes | Modified Date = 6/13/2007 4:17:22 PM | Attr = ]
dfrgntfs.job -> %SystemRoot%\tasks\dfrgntfs.job -> [Ver = | Size = 276 bytes | Modified Date = 6/9/2007 3:00:02 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> [Ver = | Size = 546 bytes | Modified Date = 6/8/2007 8:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/13/2007 11:22:46 AM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/3/2007 11:04:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/13/2007 3:12:12 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/13/2007 3:06:08 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/12/2007 2:23:22 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/13/2007 11:26:02 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 6/13/2007 11:24:58 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 6/4/2007 8:34:02 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 6/12/2007 2:23:32 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 6/13/2007 11:30:02 AM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 6/13/2007 11:28:46 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1580990 bytes | Modified Date = 5/24/2007 3:06:22 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 6/8/2007 1:54:36 PM | Attr = ]
ESBK.mb -> %AllUsersDocuments%\ESBK.mb -> [Ver = | Size = 4353024 bytes | Modified Date = 6/6/2007 2:36:10 PM | Attr = R ]
ESBK.mbb -> %AllUsersDocuments%\ESBK.mbb -> [Ver = | Size = 5837824 bytes | Modified Date = 6/6/2007 2:36:10 PM | Attr = R ]
Gunz -> %UserDocuments%\Gunz -> [Folder | Modified Date = 6/10/2007 4:51:22 PM | Attr = ]
isearch survey.doc -> %UserDocuments%\isearch survey.doc -> [Ver = | Size = 79360 bytes | Modified Date = 5/17/2007 9:05:12 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 6/8/2007 1:50:24 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 6/7/2007 12:21:02 PM | Attr = R ]
SPPScript4 -> %UserDocuments%\SPPScript4 -> [Folder | Modified Date = 6/6/2007 2:27:34 PM | Attr = ]
spybotsd14.exe -> %UserDocuments%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 6/4/2007 8:30:32 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 6/12/2007 2:36:02 PM | Attr = ]
avgas-setup-7.5.1.36.exe -> %UserDesktop%\avgas-setup-7.5.1.36.exe -> [Ver = | Size = 12178512 bytes | Modified Date = 6/12/2007 2:22:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.36.exe:Zone.Identifier ->
jre-6u1-windows-i586-p.exe -> %UserDesktop%\jre-6u1-windows-i586-p.exe -> [Ver = | Size = 13801120 bytes | Modified Date = 6/13/2007 11:12:16 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u1-windows-i586-p.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 6/4/2007 8:33:42 PM | Attr = ]
Ventrilo (2).lnk -> %UserDesktop%\Ventrilo (2).lnk -> [Ver = | Size = 642 bytes | Modified Date = 5/24/2007 1:54:26 PM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 6/12/2007 2:45:30 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353274 bytes | Modified Date = 6/11/2007 10:12:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 6/13/2007 11:32:10 AM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 6/13/2007 3:05:30 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
PTech , -> %SystemDrive%\kyf.dat -> [Ver = | Size = 2912866 bytes | Modified Date = 4/9/2004 3:57:58 PM | Attr = H ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\a3d.dll:Zone.Identifier ->
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2.2.17 | Size = 14204416 bytes | Modified Date = 1/9/2004 3:53:58 AM | Attr = ]
PEC2 , -> %System32%\ATIVTPXX.AX -> ATI Technologies Inc. [Ver = 8.8.001 | Size = 832276 bytes | Modified Date = 12/3/2003 8:12:08 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\aeaudio.sys:Zone.Identifier ->
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smsens.sys:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smwdm.sys:Zone.Identifier ->
@Alternate Data Stream - 138 bytes -> %AllUsersAppData%\TEMP:05EE1EEF ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\03%20Like%20U%20Crazy[1].mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\105541235_de69048b.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-boston.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-falling_again.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-i_like_it_when_you_smile.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\amalgam-rolling_away.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-A_Day_Late.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-Glass_To_The_Arson.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Anberlin-Ready_Fuels.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\And_Then_I_Turned_Seven_MN-If_You_Live_By_The_Sword_You_Die_By_The_Sword_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\And_Then_I_Turned_Seven_MN-I_Miss_You.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ATALDeepSleeper.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ATALTheCarousel.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Ben_Folds_Five-Hidden_Skitty_Ska.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Ben_Folds_Five-The_Difference_Between.mp3:Zone.Identifier ->
WSUD , -> %AllUsersDocuments%\catttt.doc -> [Ver = | Size = 2238464 bytes | Modified Date = 11/8/2006 11:49:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\CAXGC7DL.htm:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\ChaseYouDownMAKINGAPRIL.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Comethrough.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Bastards_On_Parade.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Fields_Of_Athenry.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Pipebomb_on_Lansdowne_dance_remix.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Sunshine_Highway.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Auld_Triangle.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Gauntlet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Spicy_Mchaggis_Jig.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-The_Warriors_Code.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Dropkick_Murphys-Walk_Away.mp3:Zone.Identifier ->
UPX0 , -> %AllUsersDocuments%\Dropkick_Murphys-Walk_Away.mp3 -> [Ver = | Size = 5322969 bytes | Modified Date = 3/28/2006 1:53:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\fansite_kit.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\FM_Static-Crazy_Mary.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\FM_Static-Definitely_Maybe.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Garden of1997 .mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Niki_FM.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Ohio_Is_For_Lovers.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Saying_Sorry_NEW.mp3:Zone.Identifier ->
UPX! , -> %AllUsersDocuments%\Hawthorne_Heights-Saying_Sorry_NEW.mp3 -> [Ver = | Size = 2996690 bytes | Modified Date = 5/3/2006 6:28:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-Silver_Bullet_Acoustic.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hawthorne_Heights-This_Is_Who_We_Are_NEW.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\hellogoodbye-touchdown_turnaround.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hey Darlin1997.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hot_Hot_Heat-Goodnight_Goodnight.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Hot_Hot_Heat-Island_Of_The_Honest_Man.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Imogen_Heap_Fan-Goodnight_and_Go.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Imogen_Heap_Fan-Oh_Me_Oh_My.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Just_Surrender-Tell_Me_Everything.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\K-4 1 on 1 aide schedules.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Mae-Embers_And_Envelopes.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Mae-Summertime.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\making april roses and butterflies.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_All_of_Yours.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Chase_You_Down.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Dont_Look_Back.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_Driveway.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Making_April-Demo_These_are_the_Nights.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-In_Transit_For_You.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-Monsters.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-My_Eyes_Burn.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-Promise.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Matchbook_Romance-You_Can_Run_But_Well_Find_You_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Papercuts.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Plain_White_Ts-Take_Me_Away__from_New_Album.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Punchline-Open_Up.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Punchline-Play.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Rookie_of_the_Year-Consider_This_Summer.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Sleeping_at_Last-Say.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\that.psd:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\theAUDITION-Dance_Halls_Turn_To_Ghost_Towns_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\theAUDITION-Youve_Made_Us_Conscious.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Academy_Is-Season_demo.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\the_caesars-jerk_it_out.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Cemetery_Row_W14.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Human_Behavior.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-Like_a_Lion.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Decemberists-The_Kingdom_of_Spain.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-Even_Better_Yet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-Janet.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_FORMAT-The_First_Single.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\THE_HINT-Where_Are_You_Now__NEW.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Hush_Sound-Crawling_Towards_The_Sun.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Real_You-Dear_Mom_and_Dad.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Spill_Canvas-All_Hail_the_Hearbreaker.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Spill_Canvas-The_Tide.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Summer_Obsession-Death_Said.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\The_Summer_Obsession-Melt_the_Sugar.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\This_Providence-Everyday.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\This_Providence-Truth_and_Reconciliation.mp3:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %AllUsersDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Autumn.mp3:Zone.Identifier ->
CNNIC , -> %AllUsersDocuments%\TOURMALINE-Autumn.mp3 -> [Ver = | Size = 5035405 bytes | Modified Date = 3/29/2006 12:10:18 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Expectations_Acoustic_Demo.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-One_Chance_.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\TOURMALINE-Waiting_For_A_Heart_Attack.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Lillian_Lies.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Shadowland.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %AllUsersDocuments%\Youth_Group-Skeleton_Jar.mp3:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\academic_0607.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\DCPlusPlus-0.674.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Guys and Dolls.mid:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\LetItBe.asx:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\mrsxrodriguez5c27splaylist.xspf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\SonicStageInstaller.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.36.exe:Zone.Identifier ->
WSUD , -> %UserDesktop%\avgas-setup-7.5.1.36.exe -> [Ver = | Size = 12178512 bytes | Modified Date = 6/12/2007 2:22:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u1-windows-i586-p.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

< End of report >

#9 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 14 June 2007 - 12:54 PM

AVG report:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:21:02 PM 6/13/2007

+ Scan result:



HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind\BHO -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind\BHO\date.txt -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Documents and Settings\Lori Borowicz\Local Settings\Temp\MiniBug.exe -> Adware.SuspectModule : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ToolBar -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Jonathan\Local Settings\Temp\WildWinTracker.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Brittney\.jpi_cache\jar\1.0\archive.jar-3d3b7aff-180b9d62.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brittney\.jpi_cache\jar\1.0\archive1213.jar-3103fd1a-1bf43c31.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Jonathan\.jpi_cache\jar\1.0\ar3.jar-5157872c-4344e041.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brittney\Cookies\brittney@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lori Borowicz\Cookies\lori borowicz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jonathan\Local Settings\Temp\Cookies\jonathan@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jonathan\Local Settings\Temp\Cookies\jonathan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lori Borowicz\Cookies\lori borowicz@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Lori Borowicz\Cookies\lori borowicz@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Lori Borowicz\Cookies\lori borowicz@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\WINDOWS\Temp\Cookies\brittney@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Brittney\Cookies\brittney@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Brittney\Local Settings\Temp\Cookies\brittney@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jonathan\Cookies\jonathan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jonathan\.jpi_cache\jar\1.0\version.jar-4d048a14-39e4e40d.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Jonathan\.jpi_cache\jar\1.0\version.jar-4d048a14-39e4e40d.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Jonathan\.jpi_cache\jar\1.0\version.jar-4d048a14-39e4e40d.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).


::Report end










And then i think this is the correct log file u were looking for from the WinpFind3u Folder:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\e93TC not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\e93TC.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NAV CfgWiz not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PRISMSVR.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WildTangent CDA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\Microsoft DirectXb not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0483894E-2422-45E0-8384-021AFF1AF3CD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0} not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D1647F-A66A-4695-B249-07901A45FF59} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED} not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} not found.
Removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} complete!
Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542}
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\InprocServer32 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542} not found.
Removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542} complete!
Starting removal of ActiveX control {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\InprocServer32 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} not found.
Removal of ActiveX control {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} complete!
[Empty Temp Folders]
C:\DOCUME~1\Brittney\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Brittney\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 06/12/2007 14:45:29

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 14 June 2007 - 03:39 PM

Hi Eternitus. Looks pretty good except for 1 entry I thought AVG AS would take care of. Let's try and remove it with WPF3.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll ->%system32%\uwtmkklb1gge897.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

I'm not sure if WPF3 can remove an entry like that but if it can't we can remove it manually.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 14 June 2007 - 08:57 PM

everytime i try to run the fix winp stops responding. I have copied and pasted what you told me into the box multiple times. And have checked it multiple times. I know that all of it is being copied. I do not know what the problem is. I can still run a scan on winp though. Do you still need me to run a scan and post the report that comes with it?

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 16 June 2007 - 07:13 AM

Hi Eternitus. No, you don't need to run a scan just yet. We will need to remove the information in the key manually.

Launch Notepad, and copy/paste the text in the quotebox below into the new document. Save it to your desktop as regfix.reg :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_Dlls=""


Locate regfix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

Restart your computer.

Now perform a search for these files and delete all instances. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.uwtmkklb1gge897.*
Post back a new WinPFind3u log and let me know of any problems you encountered with the above steps.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 18 June 2007 - 12:04 AM

hey, very sry for the delayed replies. Been very busy.

Anyways I did the scans, and scanned for "uwtmkklb1gge897.*" but it did not come up with any files. Do you think I might have missed a step when searching? Or did I give you a bad scan file?

I think I did the scan right. Those 3 things you told me to check where in fact checked.

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:36 PM

Posted 18 June 2007 - 03:25 PM

Hi Eternitus. No, the file might already have been gone. If it was present it would probably be in the c:\windows\system32 folder. You can check that folder manually to see if it is there and if not then it is most likely gone.

Post back a new HijackThis log OR a new WinPFind3u log and we'll see if the registry entry is gone now too.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Eternitus

Eternitus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 19 June 2007 - 07:59 PM

WinPFind3 logfile created on: 6/19/2007 7:50:51 PM
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Brittney\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.47 Mb Total Physical Memory | 130.13 Mb Available Physical Memory | 25.44% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 64.42 Gb Free Space | 69.16% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KIDS
Current User Name: Brittney
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:28 PM | Attr = ]
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/14/2007 12:48:48 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 9:50:00 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 5/12/2005 12:33:52 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/12/2005 12:40:38 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 5/11/2005 11:16:22 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
kodakccs.exe -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
monitor.exe -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
msgagt.exe -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
scaner32.exe -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> Alpha Networks Inc. [Ver = 1, 0, 1, 30507 | Size = 49152 bytes | Modified Date = 10/22/2004 2:42:44 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 425984 bytes | Modified Date = 11/30/2004 10:05:10 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0021 | Size = 516096 bytes | Modified Date = 11/30/2004 10:10:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.16.050 | Size = 52736 bytes | Modified Date = 3/29/2003 3:50:04 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 4/12/2006 11:30:10 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 4/12/2006 11:30:24 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 3:41:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 323584 bytes | Modified Date = 12/20/2005 9:54:34 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Modified Date = 5/24/2004 1:35:52 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 5:03:22 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 2/5/2006 1:03:16 AM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 2/5/2006 1:03:40 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.5.17 | Size = 750768 bytes | Modified Date = 3/15/2006 12:33:08 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 4:57:44 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(RAIDmAgt) Promise RAID message agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Promise\Utility\MsgAgt.exe -> Promise Technology, Inc. [Ver = Version 3.2 build 2 (7/30/2002) | Size = 585728 bytes | Modified Date = 8/6/2002 11:20:24 AM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 4:22:48 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.3.303 | Size = 214720 bytes | Modified Date = 6/8/2006 12:08:36 PM | Attr = ]
(SPBBCSvc) SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 5/11/2006 3:50:20 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 11/24/2005 4:47:30 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 1/6/2006 10:25:12 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 6/25/2006 8:28:22 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/14/2007 12:48:48 PM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr = ]
ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 6:49:14 PM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1760.38296 | Size = 32768 bytes | Modified Date = 10/26/2004 10:16:34 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5071 | Size = 335872 bytes | Modified Date = 12/12/2003 12:31:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 4/12/2006 11:30:06 AM | Attr = ]
D-Link AirPlus G -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 5:34:00 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 11:12:54 PM | Attr = ]
HPHUPD08 -> %ProgramFiles%\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe -> Hewlett-Packard [Ver = 8,1,0,12 | Size = 49152 bytes | Modified Date = 6/1/2005 11:35:56 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.2.23 | Size = 278528 bytes | Modified Date = 12/20/2005 9:54:48 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 9:50:00 AM | Attr = ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 5/8/2003 12:00:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2/14/2006 6:28:28 PM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 1/7/2006 2:36:10 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TempRemove -> %ProgramFiles%\Crystal Ball\CB Predictor\terminator.exe -> [Ver = | Size = 7680 bytes | Modified Date = 11/6/2003 10:36:56 AM | Attr = ]
Ulead AutoDetector -> %ProgramFiles%\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe -> Ulead Systems, Inc. [Ver = 8.0.0.0 | Size = 45056 bytes | Modified Date = 2/27/2003 7:48:46 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:28 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\ypager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 3/15/2001 6:18:18 AM | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 2:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 1:01:50 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 11:23:26 PM | Attr = ]
%AllUsersStartup%\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 5/12/2005 12:49:24 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\Brittney\Start Menu\Programs\Startup
%UserStartup%\FB7 Scanner Utilities.lnk -> %SystemRoot%\twain_32\fb7\SCANER32.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 10/16/1997 6:00:30 PM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4110 | Size = 94208 bytes | Modified Date = 11/30/2004 10:06:56 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://ie.search.msn.com ->
HKLM: Start Page -> http://yahoo.sbc.com/dsl ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.myspace.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKLM] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 9:55:32 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/13/2007 10:29:12 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 5:06:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 0, 0, 15 | Size = 360448 bytes | Modified Date = 4/28/2003 9:37:16 AM | Attr = ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 2/5/2006 1:03:32 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
ShellBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/24/2005 4:28:20 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll\aimsearch.htm -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 7:07:38 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 7:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 7:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 6:43:00 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
FunWebProducts -> ->
iOpus-I-M -> ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{4856BDDC-3C92-4244-97D6-2EA607389799} -> (1394 Net Adapter) ->
{52A40DB2-D0FA-4B6B-A23D-FD5FE49B7185} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.:thumbsup:) ->
{5BB1F22B-BC20-47C3-819E-10597BB16FC4} -> (2Wire PC Port) ->
{71924720-A438-4E1B-ACD2-60DE69F1870D} -> (Broadcom NetXtreme Gigabit Ethernet) ->
{76BA1139-2CA9-47E8-AA7E-D9936AF8C9C4} -> () ->
{8BB02A29-E5D8-4D9C-911C-1F667047DB3C} -> (2Wire PC Port) ->
{91DAFA17-D651-41E9-AD8B-07E1061BC28A} -> (2Wire PC Port) ->
{99BCE093-FEA7-4A4D-BDA8-7A4E4AB911AB} -> (2Wire PC Port) ->
{E7F9A9C9-A25F-4A33-AA3C-ECE80C9C88A2} -> (2Wire PC Port) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000075-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/voxacm.CAB ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{03F998B2-0E00-11D3-A498-00104B6EB52E} -> MetaStreamCtl Class - CodeBase = https://components.viewpoint.com/MTSInstall...od/install.html ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{41F17733-B041-4099-A042-B518BB6A408C} -> - CodeBase = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -> - CodeBase = http://toolbar.google.com/data/GoogleActivate.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7654.3631597222 ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/update/1.4.1/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CD995117-98E5-4169-9920-6C12D4C0B548} -> HGPlugin9USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} -> HGPlugin10USA Class - CodeBase = http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab ->


[Files/Folders - Created Within 30 days]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Created Date = 6/6/2007 2:47:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Created Date = 6/6/2007 5:10:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Created Date = 6/7/2007 6:34:17 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/6/2007 1:57:17 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Created Date = 6/6/2007 2:32:19 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/24/2007 2:00:37 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/13/2007 2:05:23 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 6/13/2007 2:05:55 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/13/2007 2:00:58 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/13/2007 2:04:53 AM | Attr = H ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 6/18/2007 3:38:51 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/7/2007 10:51:22 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/13/2007 10:35:19 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/12/2007 1:23:21 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/8/2007 6:19:40 AM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/13/2007 11:35:26 AM | Attr = H ]
hijackthis_sfx.exe -> %SystemDrive%\hijackthis_sfx.exe -> [Ver = | Size = 251392 bytes | Modified Date = 6/6/2007 3:47:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 3593 bytes | Modified Date = 6/14/2007 10:32:46 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/13/2007 2:13:28 PM | Attr = ]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
stinger.opt -> %SystemDrive%\stinger.opt -> [Ver = | Size = 17 bytes | Modified Date = 6/7/2007 7:34:18 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/6/2007 3:11:46 PM | Attr = ]
VundoFix.exe -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/19/2007 7:45:52 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/12/2007 2:53:14 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/24/2007 3:00:40 AM | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/13/2007 3:05:28 AM | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 6/13/2007 3:06:00 AM | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/13/2007 3:01:00 AM | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/13/2007 3:04:56 AM | Attr = H ]
AVSCAN32.INI -> %SystemRoot%\AVSCAN32.INI -> [Ver = | Size = 838 bytes | Modified Date = 6/19/2007 7:45:28 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/18/2007 4:09:06 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/14/2007 10:32:16 PM | Attr = S]
GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 52 bytes | Modified Date = 6/11/2007 5:35:40 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/18/2007 4:39:06 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/13/2007 3:05:40 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/18/2007 4:39:00 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/13/2007 11:35:26 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 6/18/2007 4:39:00 PM | Attr = ]
MsgAgt.INI -> %SystemRoot%\MsgAgt.INI -> [Ver = | Size = 64 bytes | Modified Date = 6/18/2007 4:09:52 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/19/2007 7:45:30 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/8/2007 6:19:48 AM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/18/2007 4:39:08 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/8/2007 6:19:28 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/18/2007 4:39:06 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/19/2007 7:44:02 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1751 bytes | Modified Date = 6/19/2007 7:45:28 PM | Attr = ]
dfrgntfs.job -> %SystemRoot%\tasks\dfrgntfs.job -> [Ver = | Size = 276 bytes | Modified Date = 6/16/2007 3:00:02 AM | Attr = ]
Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Lori Borowicz.job -> [Ver = | Size = 546 bytes | Modified Date = 6/15/2007 8:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/18/2007 4:09:14 PM | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 6/3/2007 11:04:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/18/2007 4:38:54 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/18/2007 4:39:06 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/12/2007 2:23:22 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/19/2007 7:44:02 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 6/18/2007 4:20:44 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis_sfx.exe:Zone.Identifier ->
PTech , -> %SystemDrive%\kyf.dat -> [Ver = | Size = 2912866 bytes | Modified Date = 4/9/2004 3:57:58 PM | Attr = H ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\stinger.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.4.9 | Size = 1893383 bytes | Modified Date = 6/6/2007 6:11:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %SystemDrive%\VundoFix.exe -> Atribune.org [Ver = 6.04.0002 | Size = 104960 bytes | Modified Date = 6/6/2007 3:32:22 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\a3d.dll:Zone.Identifier ->
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2.2.17 | Size = 14204416 bytes | Modified Date = 1/9/2004 3:53:58 AM | Attr = ]
PEC2 , -> %System32%\ATIVTPXX.AX -> ATI Technologies Inc. [Ver = 8.8.001 | Size = 832276 bytes | Modified Date = 12/3/2003 8:12:08 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\aeaudio.sys:Zone.Identifier ->
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smsens.sys:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %System32%\drivers\smwdm.sys:Zone.Identifier ->

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users