1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

KotaGuy please would you help virus/trojan

Discussion in 'Windows - Virus and spyware problems' started by ozsurfie, Feb 21, 2007.

  1. ozsurfie

    ozsurfie Guest

    I have had strange things happening since i inadvertently opened an email that had a link supposedly to the Australian newspaper it is reportedly containing a trojan - it may be coincidence but since then all sorts of weird and wonderful things have been happening. I am wary of checking online banking in case there is a keystroke logger as reported in it if anyone can check the hijack log and advise i would be most grateful - cheers

    Logfile of HijackThis v1.99.1
    Scan saved at 1:14:21 PM, on 22/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program Files\ca pestcontrol\PPActiveDetection.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Maximizer\MxAlarm.exe
    C:\Program Files\Maximizer\MxFinder.exe
    C:\PVSW\Bin\w3dbsmgr.exe
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Stuart\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: iiBar - {8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "D:\Program Files\ca pestcontrol\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
    O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
    O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
     
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Hi ozsurfie... don't see anything bad in your HijackThis log.

    What kind of things are going on with your computer that make you suspect an infection?
     
  3. ozsurfie

    ozsurfie Guest

    i've run everything that you suggest in various of your threads and removed anything that comes up,
    The reason i think something might be there is that i opened an email that contained a story reportedly from a national paper that the oz pm had had a heart attack , the link it was reported later in the day linked to a trojan . since then pg2 even when no d'l etc etc is taking place goes off with a range of ip addresses listed as IBM corporation which made me think that something was inside trying to "dial home "
    When i checked the task mgr the only thing using any amount of cpu was Explorer.exe which when you google gives you all sorts of stories
    so there you go - i could just be paranoid :) i will defer to your expertise !! look fwd to receiving your thoughts
     
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Ok.... I hesitate to say you're infected... especially seeing as how you are running NOD32. Along with Kaspersky... its one of the best AV's out there... in my opinion anyways.

    But we can take a deeper look into your system just to make sure.

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    [*]Close ALL OTHER PROGRAMS.
    [*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    [*]Now click the Run Scan button on the toolbar.
    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    [*]When the scan is complete Notepad will open with the report file loaded in it.
    [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
     
  5. ozsurfie

    ozsurfie Guest

    many thanks - when you say a long time r u talking hours??? i have to go to airport soon for a flight so might pick this up when i get back
    hope you can help me then
    Thanks again
     
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    It shouldn't take hours to complete... but if you need to head out... just do the scan when you get back.
     
  7. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    @ozsurfie: iam pretty sure your not infected with a dialer.

    as for your hijackthis log...

    i'am sus as to this entry. do you know ip address 203.0.178.191? if not delete this:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191


    delete these as they'll make your internet faster:

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll

    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll

     
  8. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    @kotaguy: since when has Kaspersky been a good scanner?
     
  9. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    @Kateman - That 017 is his ISP... so he doesn't need to fix that.

    The 02's and 03's... I don't think fixing them would make much of a difference to the speed of his internet connection. May make a tiny bit of difference in how fast web pages are rendered... but his connection speed would remain the same.

    And, in my opinion(and many others), Kaspersky(along with NOD32) have been two of the best AV's out there for the past couple years. Their detection rates for Malware are tops and they are both super fast to add signatures/definitions for new or 0-day stuff.

    Myself, along with others, who are considered experts on the various malware related forums work very close with them and other Vendors at a private forum ripping apart malware and getting their definition files updated as quickly as possible.

    Though there are other very good AV's out there... I consider KAV and NOD32 to be the best.
     
  10. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    no its not. i've never seen an isp on a hijackthis log.
    people have quite safly delted them before.
     
  11. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Yes... it is his ISP. In the literally thousands of of HijackThis logs I've done over about 4 years... I've seen many ISP entries(mainly DNS Servers) show up as 017's.

    WhoIs for 203.0.178.191...

    % [whois.apnic.net node-1]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 203.0.178.0 - 203.0.178.255
    netname: IINET-TECH-AU
    descr: iiNet Limited
    descr: Level 6, Durack Centre
    descr: 263 Adelaide Terrace
    descr: Perth WA 6000
    country: AU
    admin-c: NO20-AP
    tech-c: NO20-AP
    mnt-by: APNIC-HM
    status: ALLOCATED PORTABLE
    changed: ******@aunic.net 19950811
    changed: **************@apnic.net 20010525

    changed: **********@apnic.net 20041224
    source: APNIC

    person: Network Operations
    nic-hdl: NO20-AP
    e-mail: ***********@staff.iinet.net.au
    address: iiNet Limited
    address: Level 6, Durack Centre
    address: 263 Adelaide Terrace
    address: Perth WA 6000
    phone: +61 8 9214 2222
    fax-no: +61 8 9214 2211
    country: AU
    changed: ****@staff.iinet.net.au 20061117
    mnt-by: MAINT-AU-IINET
    source: APNIC

    http://www.iinet.net.au/

    203.0.178.191 resolves to dns.iinet.net.au

    Its his ISP's DNS server.
     
  12. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
  13. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
  14. ozsurfie

    ozsurfie Guest

    hi kotaguy
    just got back off plane and first thing i wanted to do was run these tasks you set - i didnt delete any of those other lines as you suggested it wouldnt help.

    when i first turned on the computer and it connected up to my isp pg2 started going crazy again - firefox wasnt connected but here are a few examples of what was reported. thats why i suspect something is going on because as far as i understood and please correct me if i am talking rubbish :) that pg2 stopped outward connections from your computer to others something had to be trying to "phone home" ??

    IBM corp 10.255.255.255.137 or 138
    Moodys 141.161.20.33.8080

    and seem to be coming from my ports 137 or 138 and 52035 or 1153 through to 1171

    if that makes sense ??

    thanks for your help
     
  15. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Could be something going on that HJT hasn't detected.

    Post the WinPFInd3 log when you can.

    Thanks.
     
  16. ozsurfie

    ozsurfie Guest

    here is the log as requested - i am in admiration of your abilities even to decipher all of this so my thanks for your time. I changed to comodo firewall - one of your recommendations but it keeps blocking my outlook email , another thing it keeps reporting is that dvd regionfree is adding dvdsys.dll to the program and comodo says that it could be used by hijackers - any logic in that ? and any idea why it is trying to use so many programs ??

    thanks


    WinPFind3 logfile created on: 1/03/2007 11:28:09 AM
    WinPFind3U by OldTimer - Version 1.0.19 Folder = C:\Documents and Settings\Stuart\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    1047340 Kb Total Physical Memory | 595976 Kb Available Physical Memory | 56.90% Memory free
    1735536 Kb Paging File | 1445600 Kb Available in Paging File | 83.29% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39070048 Kb Total Space | 8510596 Kb Free Space | 21.78% Space Free
    Drive D: | 117218240 Kb Total Space | 13008296 Kb Free Space | 11.10% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded


    [Processes - Non-Microsoft Only]
    cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
    guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
    ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
    lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
    lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 174592 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
    msgplus.exe -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
    nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 50, 25 | Size = 495616 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 50, 25 | Size = 917504 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    ppactivedetection.exe -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
    realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 5:52:40 PM | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]
    w3dbsmgr.exe -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 310784 bytes | Modified Date = 25/02/2007 7:40:22 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 7/12/2005 10:08:28 AM | Attr = ]
    (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
    (CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 12:41:10 AM | Attr = ]
    (iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
    (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
    (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 50, 25 | Size = 495616 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7/10/2006 10:20:00 PM | Attr = ]
    Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/06/2005 11:46:24 PM | Attr = ]
    COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
    DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.44.0.0 | Size = 81920 bytes | Modified Date = 27/12/2003 8:43:26 PM | Attr = ]
    DVD43 -> D:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe -> Fengtao Software Inc. [Ver = 5, 9, 6, 85 | Size = 267264 bytes | Modified Date = 1/05/2006 11:54:00 AM | Attr = ]
    eTrust PestPatrol Active Protection -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
    MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 10:50:42 AM | Attr = ]
    nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 50, 25 | Size = 917504 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 8/11/2006 1:27:54 PM | Attr = ]
    Ptipbmf -> %System32%\ptipbmf.dll [rundll32.exe ptipbmf.dll,SetWriteCacheMode] -> [Ver = 1, 0, 0, 2 | Size = 118784 bytes | Modified Date = 5/06/2003 4:49:36 PM | Attr = R ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 21/05/2006 12:59:50 PM | Attr = ]
    SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 3:47:18 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
    TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 18/08/2006 5:52:40 PM | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    C:\Program Files\NetMeter\NetMeter.exe -> %ProgramFiles%\NetMeter\NetMeter.exe -> [Ver = | Size = 266240 bytes | Modified Date = 4/03/2004 2:47:30 PM | Attr = ]
    MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
    PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 18/09/2005 6:40:42 PM | Attr = ]
    Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 20058152 bytes | Modified Date = 13/10/2006 5:20:08 PM | Attr = ]
    updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 4:45:08 PM | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    %AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 4/11/1999 3:06:48 PM | Attr = ]
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 24/09/2005 4:05:26 PM | Attr = ]
    %AllUsersStartup%\MaxAlarm.lnk -> %ProgramFiles%\Maximizer\MxAlarm.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 147456 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
    %AllUsersStartup%\MaxFinder.lnk -> %ProgramFiles%\Maximizer\MxFinder.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 274432 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
    %AllUsersStartup%\Pervasive.SQL Workgroup Engine.lnk -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
    < User Startup > -> C:\Documents and Settings\Stuart\Start Menu\Programs\Startup
    %UserStartup%\HotSync Manager.lnk -> %SystemDrive%\Palm\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 22/04/2003 3:46:44 PM | Attr = ]
    < File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
    .bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
    .cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
    .exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
    .hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
    .html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
    .inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
    .pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
    .reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
    .txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
    .vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
    .wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
    .wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
    < Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
    batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    batfile [open] -> "%1" %* ->
    batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    cmdfile [open] -> "%1" %* ->
    cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    comfile [open] -> "%1" %* ->
    cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 20/12/2006 7:52:18 AM | Attr = ]
    exefile [open] -> "%1" %* ->
    htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 4/08/2004 12:56:54 AM | Attr = ]
    htmlfile [edit] -> Reg Data - Key not found ->
    htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 4/08/2004 12:56:52 AM | Attr = ]
    htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 4/08/2004 12:56:52 AM | Attr = ]
    htmlfile [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 5/01/2007 12:05:30 AM | Attr = ]
    http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending -> Mozilla Corporation [Ver = 1.8.1.2: 2007021917 | Size = 7633008 bytes | Modified Date = 1/03/2007 10:14:28 AM | Attr = ]
    https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending -> Mozilla Corporation [Ver = 1.8.1.2: 2007021917 | Size = 7633008 bytes | Modified Date = 1/03/2007 10:14:28 AM | Attr = ]
    inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 5/01/2007 12:05:30 AM | Attr = ]
    InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 5/01/2007 12:05:30 AM | Attr = ]
    jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    piffile [open] -> "%1" %* ->
    regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    regfile [merge] -> Reg Data - Key not found ->
    regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    scrfile [config] -> "%1" ->
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    scrfile [open] -> "%1" /S ->
    txtfile [edit] -> Reg Data - Key not found ->
    txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 4/08/2004 12:56:56 AM | Attr = ]
    wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 4/08/2004 12:56:58 AM | Attr = ]
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 20/12/2006 7:52:18 AM | Attr = ]
    Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
    Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
    Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
    Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
    Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 4/08/2004 12:56:52 AM | Attr = ]
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 4/08/2004 12:56:52 AM | Attr = ]
    < ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
    {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
    {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
    {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
    {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
    {44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
    {4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
    {5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
    {6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
    {73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
    {7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
    {89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
    {89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
    {89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
    >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
    >{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
    >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
    >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
    < WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
    cmdline -> %SystemRoot%\system32\ntvdm.exe ->
    wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
    < Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute -> autocheck autochk *; ->
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 29/09/2006 12:13:28 AM | Attr = ]
    {93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> D:\Program Files\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 9/10/2004 2:18:02 AM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    Control_RunDLL -> -> File not found
    < Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    < Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
    HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
    HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
    < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
    0 -> [Key] ->
    0 -> FriendlyName = My Current Home Page ->
    0 -> Source = About:Home ->
    0 -> SubscribedURL = About:Home ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> http://www.google.com/ie ->
    HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
    HKCU: Search Bar -> http://www.google.com/ie ->
    HKCU: Search Page -> http://www.google.com ->
    HKCU: Start Page -> http://ninemsn.com.au/ ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 8:38:22 PM | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    {8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
    WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
    < Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8197 - Sun Java Console ->
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
    {A75C6120-9B36-11d4-A3F0-009027427750} -> 8195 - Reg Data - Key not found ->
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8196 - Reg Data - Key not found ->
    {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
    NextId -> 8198 ->
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 3:23:26 AM | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    E&xport to Microsoft Excel -> -> File not found
    < Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
    {1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
    {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} [HKLM] -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [PhoneBrowser] -> Nokia [Ver = 6, 82, 63, 9 | Size = 566784 bytes | Modified Date = 10/11/2006 9:29:30 AM | Attr = ]
    {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
    {4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip 4.0 Context Menu Shell Extension] -> ESTsoft [Ver = 5.11.17.38 | Size = 167936 bytes | Modified Date = 18/11/2005 8:52:18 AM | Attr = ]
    {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
    {7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
    {7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 1.1.1.1 | Size = 1515520 bytes | Modified Date = 4/04/2005 12:06:02 PM | Attr = ]
    {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
    {88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
    {8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
    {B089FE88-FB52-11d3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] -> Eset [Ver = 2, 50, 25 | Size = 57344 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    {B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 1.1.1.1 | Size = 1515520 bytes | Modified Date = 4/04/2005 12:06:02 PM | Attr = ]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 3/08/2005 10:32:08 PM | Attr = ]
    {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 102400 bytes | Modified Date = 23/02/2006 4:56:34 PM | Attr = ]
    {E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    {E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    {E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    {E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    {ECF35B62-EF2B-484F-BDB2-0973BAF4C740} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2237 | Size = 49198 bytes | Modified Date = 18/08/2006 5:52:44 PM | Attr = ]
    < ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
    {4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 5.11.17.38 | Size = 167936 bytes | Modified Date = 18/11/2005 8:52:18 AM | Attr = ]
    {8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 6/10/2006 9:40:48 PM | Attr = ]
    {B089FE88-FB52-11d3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] -> Eset [Ver = 2, 50, 25 | Size = 57344 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 3/08/2005 10:32:08 PM | Attr = ]
    {E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
    {4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 5.11.17.38 | Size = 167936 bytes | Modified Date = 18/11/2005 8:52:18 AM | Attr = ]
    {8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 6/10/2006 9:40:48 PM | Attr = ]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 3/08/2005 10:32:08 PM | Attr = ]
    {E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    < ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
    {4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 5.11.17.38 | Size = 167936 bytes | Modified Date = 18/11/2005 8:52:18 AM | Attr = ]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
    < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
    {4EB37360-49E8-11D3-95B5-004033382980} [HKLM] -> %ProgramFiles%\ESTsoft\ALZip\AZCTM.dll [ALZip] -> ESTsoft [Ver = 5.11.17.38 | Size = 167936 bytes | Modified Date = 18/11/2005 8:52:18 AM | Attr = ]
    {B089FE88-FB52-11d3-BDF1-0050DA34150D} [HKLM] -> %ProgramFiles%\ESET\nodshex.dll [NOD32 Context Menu Shell Extension] -> Eset [Ver = 2, 50, 25 | Size = 57344 bytes | Modified Date = 5/07/2005 7:27:12 AM | Attr = ]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 3/08/2005 10:32:08 PM | Attr = ]
    {E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/02/2004 9:00:00 AM | Attr = ]
    < ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 1.1.1.1 | Size = 1515520 bytes | Modified Date = 4/04/2005 12:06:02 PM | Attr = ]
    {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 2:20:02 AM | Attr = ]
    < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    SV1 -> ->
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {508E4915-A314-4CB7-A874-7DE57659CAAE} -> 203.0.178.191 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
    {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->


    [Files - Created Within 30 days]
    boot.ini.comodofirewall -> %SystemDrive%\boot.ini.comodofirewall -> [Ver = | Size = 211 bytes | Created Date = 22/02/2007 2:24:07 PM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 22/02/2007 5:46:58 PM | Attr = ]
    COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Created Date = 22/02/2007 2:24:07 PM | Attr = ]
    Second Life.lnk -> %AllUsersDesktop%\Second Life.lnk -> [Ver = | Size = 710 bytes | Created Date = 31/01/2007 12:21:00 AM | Attr = ]
    1F330627.gif -> %UserDesktop%\1F330627.gif -> [Ver = | Size = 46685 bytes | Created Date = 5/02/2007 9:01:00 AM | Attr = ]
    avgas-setup-7.5.0.50.exe -> %UserDesktop%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 22/02/2007 5:40:55 PM | Attr = ]
    HijackThis_v1.99.1.exe -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 22/02/2007 1:13:18 PM | Attr = ]
    Invite-To-Sydney-Fair.gif -> %UserDesktop%\Invite-To-Sydney-Fair.gif -> [Ver = | Size = 187880 bytes | Created Date = 19/02/2007 11:32:00 AM | Attr = ]
    lps.zip -> %UserDesktop%\lps.zip -> [Ver = | Size = 575138 bytes | Created Date = 21/02/2007 2:47:19 PM | Attr = ]
    Sprite_Love_cute__commercial.mpg -> %UserDesktop%\Sprite_Love_cute__commercial.mpg -> [Ver = | Size = 4040708 bytes | Created Date = 19/02/2007 9:54:00 PM | Attr = ]
    spywaredetectorb.exe -> %UserDesktop%\spywaredetectorb.exe -> Max Secure Software [Ver = 19.0.0.029 | Size = 6425672 bytes | Created Date = 21/02/2007 8:37:04 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344820 bytes | Created Date = 1/03/2007 12:47:24 AM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 16/02/2007 8:23:34 PM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 16/02/2007 8:23:34 PM | Attr = H ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 15/02/2007 7:01:27 PM | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 15/02/2007 7:01:27 PM | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 15/02/2007 7:01:27 PM | Attr = ]
    SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 179 bytes | Created Date = 21/02/2007 8:42:27 PM | Attr = ]
    VchReg.dll -> %System32%\VchReg.dll -> Max Secure Software [Ver = 6, 0, 2, 2 | Size = 1032192 bytes | Created Date = 21/02/2007 8:39:39 PM | Attr = ]
    AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 22/02/2007 5:46:57 PM | Attr = ]
    cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Created Date = 22/02/2007 2:23:32 PM | Attr = ]
    inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Created Date = 22/02/2007 2:23:32 PM | Attr = ]
    tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 22/02/2007 12:23:24 PM | Attr = ]
    hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 734 bytes | Created Date = 21/02/2007 8:39:38 PM | Attr = ]

    [Files - Modified Within 30 days]
    boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 22/02/2007 2:24:08 PM | Attr = HS]
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 165888 bytes | Modified Date = 21/02/2007 2:58:20 PM | Attr = ]
    AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 22/02/2007 5:47:00 PM | Attr = ]
    COMODO Firewall Pro.lnk -> %AllUsersDesktop%\COMODO Firewall Pro.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 22/02/2007 2:24:08 PM | Attr = ]
    Second Life.lnk -> %AllUsersDesktop%\Second Life.lnk -> [Ver = | Size = 710 bytes | Modified Date = 31/01/2007 12:21:02 AM | Attr = ]
    100206.pst -> %UserDesktop%\100206.pst -> [Ver = | Size = 1479033856 bytes | Modified Date = 1/03/2007 10:50:24 AM | Attr = ]
    1F330627.gif -> %UserDesktop%\1F330627.gif -> [Ver = | Size = 46685 bytes | Modified Date = 5/02/2007 9:01:00 AM | Attr = ]
    avgas-setup-7.5.0.50.exe -> %UserDesktop%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 22/02/2007 5:41:22 PM | Attr = ]
    HijackThis_v1.99.1.exe -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 22/02/2007 1:13:14 PM | Attr = ]
    Invite-To-Sydney-Fair.gif -> %UserDesktop%\Invite-To-Sydney-Fair.gif -> [Ver = | Size = 187880 bytes | Modified Date = 19/02/2007 11:32:00 AM | Attr = ]
    lps.zip -> %UserDesktop%\lps.zip -> [Ver = | Size = 575138 bytes | Modified Date = 21/02/2007 2:47:14 PM | Attr = ]
    Sprite_Love_cute__commercial.mpg -> %UserDesktop%\Sprite_Love_cute__commercial.mpg -> [Ver = | Size = 4040708 bytes | Modified Date = 19/02/2007 9:54:00 PM | Attr = ]
    spywaredetectorb.exe -> %UserDesktop%\spywaredetectorb.exe -> Max Secure Software [Ver = 19.0.0.029 | Size = 6425672 bytes | Modified Date = 21/02/2007 8:37:38 PM | Attr = ]
    Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 90624 bytes | Modified Date = 21/02/2007 2:58:20 PM | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344820 bytes | Modified Date = 1/03/2007 12:47:20 AM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/03/2007 12:11:30 AM | Attr = S]
    DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 101 bytes | Modified Date = 1/03/2007 1:50:40 AM | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/03/2007 10:37:48 AM | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 16/02/2007 8:23:36 PM | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/03/2007 11:23:36 AM | Attr = H ]
    SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 179 bytes | Modified Date = 21/02/2007 8:42:28 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 1/03/2007 12:11:34 AM | Attr = ]
    cmdmon.sys -> %System32%\drivers\cmdmon.sys -> Comodo Research Lab., Inc. [Ver = 2.3.035 built by: WinDDK | Size = 75520 bytes | Modified Date = 22/02/2007 2:23:24 PM | Attr = ]
    Dvd43.sys -> %System32%\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Modified Date = 1/03/2007 1:50:36 AM | Attr = ]
    inspect.sys -> %System32%\drivers\inspect.sys -> COMODO [Ver = 2, 0, 0, 1 | Size = 51328 bytes | Modified Date = 22/02/2007 2:23:24 PM | Attr = ]
    tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 22/02/2007 12:18:26 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    File scan skipped for file %UserDocuments%\backup.pst -> File size too big (1204765696 bytes) ->
    UPX! , UPX0 , -> %UserDocuments%\daemon344.exe -> [Ver = | Size = 501248 bytes | Modified Date = 1/02/2004 6:51:40 PM | Attr = ]
    @Alternate Data Stream - 26 bytes -> %UserDocuments%\getmsg.htm:Zone.Identifier ->
    File scan skipped for file %UserDocuments%\gmtrial2.dbf -> File size too big (155260609 bytes) ->
    @Alternate Data Stream - 26 bytes -> %UserDocuments%\MsgPlus-325.exe:Zone.Identifier ->
    @Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
    File scan skipped for file %UserDesktop%\100206.pst -> File size too big (1479033856 bytes) ->
    UPX0 , -> %UserDesktop%\adsl.test -> [Ver = | Size = 13631488 bytes | Modified Date = 31/10/2006 4:14:36 PM | Attr = ]
    UPX! , UPX0 , -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 22/02/2007 1:13:14 PM | Attr = ]
    @Alternate Data Stream - 26 bytes -> %UserDesktop%\ndntenst.exe:Zone.Identifier ->
    UPX! , PEC2 , WSUD , UPX0 , -> %UserDesktop%\ndntenst.exe -> [Ver = | Size = 8446517 bytes | Modified Date = 4/07/2005 10:03:32 PM | Attr = ]
    Thawte Consulting , -> %UserDesktop%\spywaredetectorb.exe -> Max Secure Software [Ver = 19.0.0.029 | Size = 6425672 bytes | Modified Date = 21/02/2007 8:37:38 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
    @Alternate Data Stream - 26 bytes -> %UserDesktop%\zmatrixsetupnt_1_5_2.exe:Zone.Identifier ->
    FSG! , -> %UserDesktop%\zmatrixsetupnt_1_5_2.exe -> [Ver = | Size = 2071626 bytes | Modified Date = 2/04/2005 11:57:06 PM | Attr = ]
    UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.44.0.0 | Size = 68608 bytes | Modified Date = 27/12/2003 8:43:24 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
    WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.26 | Size = 14268928 bytes | Modified Date = 14/05/2004 5:26:34 PM | Attr = ]
    aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 1/08/2005 7:46:08 PM | Attr = ]
    aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 1/08/2005 7:46:48 PM | Attr = ]
    UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 0, 7, 0 | Size = 123904 bytes | Modified Date = 23/11/2002 1:21:28 AM | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
    Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 3 | Size = 331776 bytes | Modified Date = 28/04/1999 3:01:12 PM | Attr = ]
    PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 12/07/2005 6:04:22 PM | Attr = ]
    @Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
    UPX! , UPX0 , -> %System32%\UninstXviDDec.exe -> [Ver = | Size = 22782 bytes | Modified Date = 21/11/2005 3:38:26 PM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 3/08/2004 10:41:38 PM | Attr = ]

    < End of report >
     
  17. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Nothing bad in the WinPFind log. So thats good.

    As for what PeerGuardian was detecting... I'm not sure... I don't use the program.

    As for Comodo... I tested the Firewall when it first came out for a bit. Seemed like a good alternative to ZoneAlarm if one didn't like ZA. So I'm not sure about that either.

    May want to ask about those at the program's respective forums.
     
  18. ozsurfie

    ozsurfie Guest

    ok well i will continue on using the programs you suggested to keep the nasties at bay - many thanks for your help again -
    one last thing is i have avg anti spyware, ad aware , spy bot and ca e pest and nod 32 running are any conflicting with each other ??
    cheers and thanks again for your help
     
  19. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Shouldn't be any conflicts between those, I don't think.
     
  20. ozsurfie

    ozsurfie Guest

    Hi Kotaguy

    Dont seem to have had any major problems since you helped out so again thanks. In using AVG i stumbled upon the "program " trying to dial out to IBM corp that pg2 kept alerting me to it was listed as SYSTEM and UDO protocol ? can anyone suggest what is going on and if i try and delete the application it that going to cause me grief :)

    thanks to all
     

Share This Page