I need help with this Trojan Horse....please!!

I have been alerted by AVG on a number of occasions about this trojan horse, I have instructed AVG to heal it each time which it does....but it still keeps re occurring. I ran an AVG Virus scan and it picked up 4 trojan horse viruses which it supposedly fixed. Since the Scan it still alerts me to the fact it's still present. I have done a screen shot and also a Hijack this scan...can someone please help with this one, Cheers






Logfile of HijackThis v1.99.1
Scan saved at 9:38:46 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nton.NTON-4F9C0F7\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: xxyyayx - C:\WINDOWS\SYSTEM32\xxyyayx.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

 

Gwen im just testing the waters here and in no way can tell a person what to do to fix something yet. I just want to post what I see that would bug be if I had these in my report. Its likely AVG did not catch all that is wrong but I want to see how I fair as the real experts answer in here.

O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll

O20 - Winlogon Notify: xxyyayx - C:\WINDOWS\SYSTEM32\xxyyayx.dll

O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe (file missing

 

The 02 and 020 look like a possible Vundo infection.

Please download VundoFix.exe to your desktop.

[*]Double-click VundoFix.exe to run it.
[*]Click the Scan for Vundo button.
[*]Once it's done scanning, click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will reboot your computer, click OK.
[*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

 

Thanks to both of you for your reply. I have done as instructed, heres the vundofix.txt

C:\WINDOWS\system32\awttstt.dll
C:\WINDOWS\system32\awturqo.dll
C:\WINDOWS\system32\ddcdbya.dll
C:\WINDOWS\system32\khfgfeb.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\nnnkklm.dll
C:\WINDOWS\system32\pmnolmk.dll
C:\WINDOWS\system32\xxyyayx.dll

and the hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 8:02:44 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\nton.NTON-4F9C0F7\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

 

Hi Gwendolin.

It looks like you didn't post the complete VundoFix log. Can I get you to retry that please. I need to see the complete log.

Thanks.

 

Hi Gwen,
Here is a nifty little trick that can help to eliminate some nasties straight away.

Once you get this problem sorted:

Open Internet Explorer, go to Tools, Internet Options, Advance Tab, scroll down to Security heading, under the security heading is a check box that says "Empty Temporary Internet Files Folder When Browser is Closed", if you pick up a trojan that is in that foler (generally they are) as soon as you close IE it will be deleted. It can save some grief.

Hope this helps.

M

 

I checked again and that was the only txt file there,plus 8 Bad Files.

I did another scan (Vundo Fix) and it found nothing....

Logfile of HijackThis v1.99.1
Scan saved at 8:51:38 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\nton.NTON-4F9C0F7\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

I am pretty certain that I got this little NASTY from files I loaded from a disc given to me. The original files were d/l and were obviously on the disc when I opened it.

 

I see you got rid of one of the trigger entries and I have no doubt Kotaguy is going to have you run another test or two and also a clean up of a now orphaned entry. You got a tough log to read
But that is just me. Wait for the experts advice. Many good people in here.

That last 023 still bothers me. Im still reading up on that one but I don't think it belongs there. I have 2 lsass's running both for udp. Mine are the real deal under System 32. You did have a winlogon trigger with your problem.

lsass.exe:1364 UDP a7n8x:isakmp *:*
lsass.exe:1364 UDP a7n8x:4500 *:*

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm!

 

When I go to delete the "Suspect" folder heres what I get

 

Because something is still active likley using the file. You be fixed straight away soon

hope my spelling is to

 

Hi Gwendolin. Yeah... that .txt file should be the only one there... just what you posted from it doesn't seem to be complete... there is typically more info in the log that just that short file list.

No matter though... look like the tool did its job as the 02 is orphaned and the 020 isn't showing in your log anymore.

And as bkf suspected... that 023 is not legit... its a Bot.

Print this out for reference(you'll be booting into Safe Mode) and can you do the following for me please.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.
[*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

OK , Ive done all that..now lets see if we've got the little blighter.


afe Mode:
Checking Services:

Name:
Windows Registry Service

Path:
"C:\WINDOWS\lsass.exe"

Windows Registry Service Deleted



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\HEA~2.BAY\LOCALS~1\Temp\ICD1.tmp\jinstall-1_5_0_11.inf - Deleted
C:\DOCUME~1\HEA~2.BAY\LOCALS~1\Temp\ICD1.tmp\jinstall.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted


Folder C:\DOCUME~1\HEA~2.BAY\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :


Finished


Hijack Log


Logfile of HijackThis v1.99.1
Scan saved at 11:37:52 AM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\nton.NTON-4F9C0F7\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

 

Looking good.

Run and scan with HijackThis and place checks beside the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FF6BA890-9B83-48EC-9575-6D9DC88A3140} - C:\WINDOWS\system32\xxyyayx.dll (file missing)

Close all open windows/browsers and click the Fix button.

Reboot.

I'd like to make sure there isn't anything that HijackThis isn't showing me.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Post the WinPFind3 log and a new HijackThis log please.

You may need to post those over a couple of posts to avoid cutting them off.

Thanks.

 

Both Firefox and Opera are greyed out....did the Main stage with success. Heres the other log info.

WinPFind3 logfile created on: 3/11/2007 3:06:26 PM
WinPFind3U by OldTimer - Version 1.0.20 Folder = C:\Documents and Settings\nton.NTON-4F9C0F7\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1048048 Kb Total Physical Memory | 721288 Kb Available Physical Memory | 68.82% Memory free
2521312 Kb Paging File | 2228128 Kb Available in Paging File | 88.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39078080 Kb Total Space | 20195632 Kb Free Space | 51.68% Space Free
Drive D: | 78148160 Kb Total Space | 74325592 Kb Free Space | 95.11% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 350053 bytes | Modified Date = 3/5/2007 1:38:10 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
backweb-8876480.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> [Ver = | Size = 16384 bytes | Modified Date = 3/8/2007 5:53:00 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 3/10/2007 1:32:18 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
kem.exe -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.11.459 | Size = 573440 bytes | Modified Date = 5/14/2004 10:42:32 AM | Attr = ]
khalmnpr.exe -> %ProgramFiles%\Logitech\SetPoint\KHALMNPR.exe -> Logitech Inc. [Ver = 2.11.427 | Size = 29696 bytes | Modified Date = 4/26/2004 8:06:12 AM | Attr = ]
medialifeservice.exe -> %ProgramFiles%\Logitech\MediaLife\MediaLifeService.exe -> Logitech Corp. [Ver = 3.00.0000 | Size = 73728 bytes | Modified Date = 4/28/2004 4:10:18 PM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.20.0119 | Size = 118784 bytes | Modified Date = 3/30/2004 11:12:56 PM | Attr = ]
mmtask.exe -> %ProgramFiles%\MusicMatch\MusicMatch Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 3/30/2004 11:12:56 PM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 8:04:20 PM | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 11/16/2006 7:58:32 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.20.0 | Size = 310784 bytes | Modified Date = 3/4/2007 1:21:48 PM | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 389120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/9/2007 1:02:44 PM | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 8:18:02 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 5:20:00 AM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
Easy-PrintToolBox -> %ProgramFiles%\Canon\Easy-PrintToolBox\BJPSMAIN.EXE -> File not found
mmtask -> %ProgramFiles%\MusicMatch\MusicMatch Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 3/30/2004 11:12:56 PM | Attr = ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.20.0119 | Size = 118784 bytes | Modified Date = 3/30/2004 11:12:56 PM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr = ]
PCMService -> %ProgramFiles%\Logitech\MediaLife\MediaLifeService.exe -> Logitech Corp. [Ver = 3.00.0000 | Size = 73728 bytes | Modified Date = 4/28/2004 4:10:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 12/15/2006 4:23:28 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 350053 bytes | Modified Date = 3/5/2007 1:38:10 PM | Attr = ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 8:04:20 PM | Attr = ]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> [Ver = | Size = 16384 bytes | Modified Date = 3/8/2007 5:53:00 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 3/10/2007 1:32:18 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 1.4.40 | Size = 196608 bytes | Modified Date = 3/8/2007 5:53:02 PM | Attr = ]
%AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> Logitech Inc. [Ver = 2.11.459 | Size = 573440 bytes | Modified Date = 5/14/2004 10:42:32 AM | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 389120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 4:22:02 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 11:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 11:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050) | Size = 1494528 bytes | Modified Date = 1/4/2007 6:37:04 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050) | Size = 3056640 bytes | Modified Date = 1/4/2007 6:36:48 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 2:52:18 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 7:56:52 AM | Attr = ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
{FF6BA890-9B83-48EC-9575-6D9DC88A3140} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 0, 25 | Size = 405504 bytes | Modified Date = 4/16/2004 8:43:12 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8192 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 12/15/2006 4:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 12/15/2006 4:23:24 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 12:07:16 PM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 12:07:16 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 128512 bytes | Modified Date = 3/1/2007 3:16:56 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 2, 0 | Size = 73728 bytes | Modified Date = 11/10/2006 8:18:26 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 4:40:48 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 128512 bytes | Modified Date = 3/1/2007 3:16:56 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 4:40:48 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 128512 bytes | Modified Date = 3/1/2007 3:16:56 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 2, 0 | Size = 73728 bytes | Modified Date = 11/10/2006 8:18:26 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 3/8/2007 10:55:36 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 128512 bytes | Modified Date = 3/1/2007 3:16:56 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 11/10/2006 12:00:00 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 12:07:16 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{5F74AB2B-7B08-4E70-9575-BA757A80496E} -> (VIA Compatable Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->


[Files - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 3/7/2007 7:55:02 PM | Attr = ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 3/7/2007 7:55:02 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
.zreglib -> %AllUsersAppData%\.zreglib -> [Ver = | Size = 125 bytes | Created Date = 3/8/2007 4:27:33 PM | Attr = HS]
desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/7/2007 1:37:46 PM | Attr = HS]
.zreglib -> %UserAppData%\.zreglib -> [Ver = | Size = 125 bytes | Created Date = 3/8/2007 9:09:18 AM | Attr = HS]
desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/7/2007 10:13:39 PM | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Created Date = 3/8/2007 10:32:24 AM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 42168 bytes | Created Date = 3/8/2007 7:40:05 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 5346658 bytes | Created Date = 3/7/2007 10:39:44 PM | Attr = H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/7/2007 1:37:46 PM | Attr = HS]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 85 bytes | Created Date = 3/7/2007 10:13:43 PM | Attr = HS]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Created Date = 3/8/2007 9:55:44 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 3/8/2007 9:54:40 AM | Attr = ]
CloneDVD2.lnk -> %AllUsersDesktop%\CloneDVD2.lnk -> [Ver = | Size = 852 bytes | Created Date = 3/8/2007 4:25:22 PM | Attr = ]
Easy-PhotoPrint.lnk -> %AllUsersDesktop%\Easy-PhotoPrint.lnk -> [Ver = | Size = 808 bytes | Created Date = 3/8/2007 11:52:42 AM | Attr = ]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk -> [Ver = | Size = 2361 bytes | Created Date = 3/8/2007 11:30:15 AM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/11/2007 1:58:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 3/8/2007 9:59:19 AM | Attr = ]
CD-LabelPrint.lnk -> %UserDesktop%\CD-LabelPrint.lnk -> [Ver = | Size = 833 bytes | Created Date = 3/8/2007 11:54:06 AM | Attr = ]
Ebay.url -> %UserDesktop%\Ebay.url -> [Ver = | Size = 242 bytes | Created Date = 3/8/2007 4:54:54 PM | Attr = ]
Freecell.lnk -> %UserDesktop%\Freecell.lnk -> [Ver = | Size = 1522 bytes | Created Date = 3/9/2007 7:44:52 AM | Attr = ]
haxfix.exe -> %UserDesktop%\haxfix.exe -> Marckie [Ver = | Size = 438201 bytes | Created Date = 3/10/2007 8:24:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\haxfix.exe:Zone.Identifier ->
HijackThis_v1.99.1.exe -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 3/10/2007 8:25:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThis_v1.99.1.exe:Zone.Identifier ->
Internet Explorer.lnk -> %UserDesktop%\Internet Explorer.lnk -> [Ver = | Size = 767 bytes | Created Date = 3/8/2007 7:40:37 AM | Attr = ]
LimeWire 4.13.2.lnk -> %UserDesktop%\LimeWire 4.13.2.lnk -> [Ver = | Size = 1580 bytes | Created Date = 3/8/2007 10:47:54 AM | Attr = ]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Created Date = 3/8/2007 7:54:48 AM | Attr = ]
Nero Recode.lnk -> %UserDesktop%\Nero Recode.lnk -> [Ver = | Size = 2291 bytes | Created Date = 3/8/2007 11:35:22 AM | Attr = ]
Nero Vision.lnk -> %UserDesktop%\Nero Vision.lnk -> [Ver = | Size = 2339 bytes | Created Date = 3/8/2007 11:35:30 AM | Attr = ]
P_MPEG4.dll -> %UserDesktop%\P_MPEG4.dll -> [Ver = 1, 0, 0, 3 | Size = 282624 bytes | Created Date = 3/11/2007 12:55:03 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\P_MPEG4.dll:Zone.Identifier ->
SDFix.exe -> %UserDesktop%\SDFix.exe -> [Ver = | Size = 686229 bytes | Created Date = 3/11/2007 10:17:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.Identifier ->
Shortcut to ConvertXtoDvd.lnk -> %UserDesktop%\Shortcut to ConvertXtoDvd.lnk -> [Ver = | Size = 686 bytes | Created Date = 3/8/2007 2:14:50 PM | Attr = ]
Shortcut to DVD Shrink 3.2.lnk -> %UserDesktop%\Shortcut to DVD Shrink 3.2.lnk -> [Ver = | Size = 566 bytes | Created Date = 3/8/2007 9:19:07 AM | Attr = ]
Shortcut to DVDDecrypter.lnk -> %UserDesktop%\Shortcut to DVDDecrypter.lnk -> [Ver = | Size = 577 bytes | Created Date = 3/8/2007 9:25:59 AM | Attr = ]
Shortcut to firefox.lnk -> %UserDesktop%\Shortcut to firefox.lnk -> [Ver = | Size = 564 bytes | Created Date = 3/8/2007 9:17:13 AM | Attr = ]
Shortcut to Nero Documents.lnk -> %UserDesktop%\Shortcut to Nero Documents.lnk -> [Ver = | Size = 445 bytes | Created Date = 3/8/2007 8:37:14 AM | Attr = ]
Shortcut to SnagIt32.lnk -> %UserDesktop%\Shortcut to SnagIt32.lnk -> [Ver = | Size = 798 bytes | Created Date = 3/8/2007 9:53:34 AM | Attr = ]
Shortcut to SpybotSD.lnk -> %UserDesktop%\Shortcut to SpybotSD.lnk -> [Ver = | Size = 641 bytes | Created Date = 3/8/2007 9:25:13 AM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Created Date = 3/11/2007 6:49:41 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 3/7/2007 1:37:46 PM | Attr = HS]
Logitech Desktop Messenger.lnk -> %AllUsersStartup%\Logitech Desktop Messenger.lnk -> [Ver = | Size = 1885 bytes | Created Date = 3/8/2007 4:53:06 PM | Attr = ]
Logitech SetPoint.lnk -> %AllUsersStartup%\Logitech SetPoint.lnk -> [Ver = | Size = 1646 bytes | Created Date = 3/8/2007 4:49:50 PM | Attr = ]
WinZip Quick Pick.lnk -> %AllUsersStartup%\WinZip Quick Pick.lnk -> [Ver = | Size = 1518 bytes | Created Date = 3/8/2007 4:22:40 PM | Attr = ]
desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 3/7/2007 10:13:38 PM | Attr = HS]
BJPSUNST.EXE -> %SystemRoot%\BJPSUNST.EXE -> CANON INC. [Ver = 1, 0, 0, 0 | Size = 163840 bytes | Created Date = 3/8/2007 11:53:38 AM | Attr = ]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 3/7/2007 10:04:32 PM | Attr = S]
bwUnin-6.1.4.68-8876480L.exe -> %SystemRoot%\bwUnin-6.1.4.68-8876480L.exe -> [Ver = | Size = 81920 bytes | Created Date = 3/8/2007 4:52:59 PM | Attr = R ]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 3/7/2007 10:00:37 PM | Attr = ]
desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 3/7/2007 9:57:42 PM | Attr = ]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Created Date = 3/7/2007 1:38:23 PM | Attr = ]
IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 3/8/2007 11:59:12 AM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 3/8/2007 9:16:34 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 3/8/2007 7:50:42 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 3/7/2007 1:38:18 PM | Attr = ]
OpPrintServer.INI -> %SystemRoot%\OpPrintServer.INI -> [Ver = | Size = 0 bytes | Created Date = 3/8/2007 11:58:41 AM | Attr = ]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 3/7/2007 9:55:48 PM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 3/7/2007 10:05:26 PM | Attr = ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 3/7/2007 9:55:48 PM | Attr = ]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 3/7/2007 9:55:48 PM | Attr = ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 3/7/2007 9:55:48 PM | Attr = ]
SET3.tmp -> %SystemRoot%\SET3.tmp -> [Ver = | Size = 1042903 bytes | Created Date = 3/7/2007 1:37:36 PM | Attr = R ]
SET4.tmp -> %SystemRoot%\SET4.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 3/7/2007 1:37:38 PM | Attr = R ]
SET8.tmp -> %SystemRoot%\SET8.tmp -> [Ver = | Size = 13753 bytes | Created Date = 3/7/2007 1:37:40 PM | Attr = R ]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 3/7/2007 9:56:26 PM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 3/7/2007 9:56:26 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 3/7/2007 9:57:43 PM | Attr = HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 3/7/2007 9:57:43 PM | Attr = HS]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 3/7/2007 10:00:25 PM | Attr = ]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 3/7/2007 9:55:48 PM | Attr = ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 623 bytes | Created Date = 3/7/2007 1:36:02 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 3/7/2007 10:00:26 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 3/10/2007 8:28:22 PM | Attr = ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 3/7/2007 1:37:57 PM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Created Date = 3/8/2007 9:10:48 AM | Attr = ]
bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
CNMCP64.exe -> %System32%\CNMCP64.exe -> CANON INC. [Ver = 1.71.2.0 | Size = 86016 bytes | Created Date = 3/8/2007 11:56:17 AM | Attr = R ]
CNMLM64.DLL -> %System32%\CNMLM64.DLL -> CANON INC. [Ver = 1.80.2.50 | Size = 116736 bytes | Created Date = 3/8/2007 11:56:23 AM | Attr = ]
CNMVS64.DLL -> %System32%\CNMVS64.DLL -> [Ver = | Size = 7680 bytes | Created Date = 3/8/2007 11:56:24 AM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 3/7/2007 10:00:37 PM | Attr = ]
CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 2577 bytes | Created Date = 3/7/2007 1:37:58 PM | Attr = ]
c_10006.nls -> %System32%\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_10007.nls -> %System32%\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
c_10010.nls -> %System32%\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_10017.nls -> %System32%\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
c_10029.nls -> %System32%\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_10081.nls -> %System32%\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_10082.nls -> %System32%\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:01 PM | Attr = ]
C_28594.NLS -> %System32%\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
C_28595.NLS -> %System32%\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
C_28597.NLS -> %System32%\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_28599.nls -> %System32%\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_28603.nls -> %System32%\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:14 PM | Attr = ]
c_737.nls -> %System32%\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_852.nls -> %System32%\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_855.nls -> %System32%\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
c_857.nls -> %System32%\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_866.nls -> %System32%\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
c_869.nls -> %System32%\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_875.nls -> %System32%\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 3/7/2007 9:57:42 PM | Attr = ]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
Dvbpws.dll -> %System32%\Dvbpws.dll -> [Ver = | Size = 2 bytes | Created Date = 3/8/2007 10:33:20 AM | Attr = ]
ElbyCDIO.dll -> %System32%\ElbyCDIO.dll -> Elaborate Bytes AG [Ver = 6, 0, 5, 6 | Size = 86016 bytes | Created Date = 2/28/2007 3:05:26 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 3/7/2007 9:56:40 PM | Attr = ]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 188200 bytes | Created Date = 3/7/2007 1:36:52 PM | Attr = ]
gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/10/2007 8:27:40 PM | Attr = ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 3/7/2007 9:55:54 PM | Attr = ]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 3/7/2007 9:55:34 PM | Attr = ]
ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 3/7/2007 9:57:21 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 3/8/2007 11:20:37 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 3/8/2007 11:20:37 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 3/8/2007 11:20:37 AM | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 3/8/2007 11:20:37 AM | Attr = ]
kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 3/7/2007 9:58:48 PM | Attr = RH ]
msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 3/7/2007 9:55:42 PM | Attr = ]
msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 3/7/2007 9:55:43 PM | Attr = ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 3/7/2007 10:00:26 PM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 3/7/2007 1:41:21 PM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/10/2007 8:27:38 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 3/7/2007 1:38:19 PM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 3/7/2007 9:55:46 PM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 3/7/2007 9:55:47 PM | Attr = ]
tslabels.h -> %System32%\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 3/7/2007 9:55:44 PM | Attr = ]
tslabels.ini -> %System32%\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 3/7/2007 9:55:44 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 3/10/2007 8:27:41 PM | Attr = ]
usrlogon.cmd -> %System32%\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 3/7/2007 9:55:44 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 3/7/2007 9:58:48 PM | Attr = RH ]
wmimgmt.msc -> %System32%\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 3/7/2007 9:55:35 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/7/2007 9:58:39 PM | Attr = RH ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/10/2007 8:28:22 PM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 3/7/2007 10:01:31 PM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 3/7/2007 10:01:32 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 3/7/2007 10:01:43 PM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 3/7/2007 10:01:46 PM | Attr = ]
c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 3/7/2007 10:01:33 PM | Attr = ]
c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 3/7/2007 10:01:33 PM | Attr = ]
c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 3/7/2007 10:01:33 PM | Attr = ]
c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:33 PM | Attr = ]
c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:33 PM | Attr = ]
c_10006.nls -> %System32%\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_10007.nls -> %System32%\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/7/2007 10:01:34 PM | Attr = ]
c_10010.nls -> %System32%\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_10017.nls -> %System32%\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:34 PM | Attr = ]
c_10029.nls -> %System32%\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_10081.nls -> %System32%\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_10082.nls -> %System32%\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:34 PM | Attr = ]
c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:34 PM | Attr = ]
c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:35 PM | Attr = ]
c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:36 PM | Attr = ]
c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 3/7/2007 10:01:36 PM | Attr = ]
c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 3/7/2007 10:01:36 PM | Attr = ]
c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 3/7/2007 10:01:36 PM | Attr = ]
c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/7/2007 10:01:36 PM | Attr = ]
c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:37 PM | Attr = ]
c_20127.nls -> %System32%\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:01 PM | Attr = ]
c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:38 PM | Attr = ]
c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:39 PM | Attr = ]
c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:40 PM | Attr = ]
c_28594.nls -> %System32%\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
c_28595.nls -> %System32%\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:10 PM | Attr = ]
c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:41 PM | Attr = ]
c_28597.nls -> %System32%\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_28599.nls -> %System32%\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_28603.nls -> %System32%\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:14 PM | Attr = ]
c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:41 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 10:01:41 PM | Attr = ]
c_737.nls -> %System32%\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_852.nls -> %System32%\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:03 PM | Attr = ]
c_855.nls -> %System32%\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
c_857.nls -> %System32%\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:12 PM | Attr = ]
c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 10:01:42 PM | Attr = ]
c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 10:01:42 PM | Attr = ]
c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 10:01:42 PM | Attr = ]
c_866.nls -> %System32%\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:06 PM | Attr = ]
c_869.nls -> %System32%\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 10:01:42 PM | Attr = ]
c_875.nls -> %System32%\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/7/2007 1:38:07 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 3/7/2007 10:02:00 PM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 3/7/2007 10:02:00 PM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 3/7/2007 10:02:00 PM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 3/7/2007 10:02:04 PM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 3/7/2007 10:02:10 PM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 3/7/2007 10:02:15 PM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 3/7/2007 10:02:24 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 3/7/2007 10:02:27 PM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 3/7/2007 10:02:28 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 3/7/2007 9:57:21 PM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 3/7/2007 10:02:41 PM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 3/7/2007 10:02:41 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 3/7/2007 9:57:23 PM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
msn7.cat -> %System32%\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
msn9.cat -> %System32%\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
netfx.cat -> %System32%\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 3/7/2007 9:58:16 PM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 3/7/2007 1:37:42 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 3/7/2007 10:03:15 PM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 3/7/2007 10:03:17 PM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 3/7/2007 10:03:17 PM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 3/7/2007 10:03:25 PM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/7/2007 10:03:26 PM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/7/2007 10:03:26 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 3/7/2007 1:37:43 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/7/2007 1:38:00 PM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 3/7/2007 9:57:36 PM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 3/7/2007 1:37:44 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 3/7/2007 10:04:15 PM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 77000 bytes | Created Date = 3/5/2007 7:24:46 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 3/8/2007 9:55:39 AM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/8/2007 9:55:41 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/8/2007 9:55:41 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/8/2007 9:54:38 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/8/2007 9:55:44 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 3/8/2007 9:55:43 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 3/8/2007 9:55:43 AM | Attr = ]
ElbyCDIO.sys -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Created Date = 2/28/2007 12:56:07 PM | Attr = ]
fetnd5.sys -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Created Date = 3/7/2007 1:40:29 PM | Attr = ]
L8042Kbd.sys -> %System32%\drivers\L8042Kbd.sys -> Logitech, Inc. [Ver = 2.11.427.00 | Size = 13105 bytes | Created Date = 3/8/2007 4:49:47 PM | Attr = ]
L8042mou.Sys -> %System32%\drivers\L8042mou.Sys -> Logitech, Inc. [Ver = 2.11.427.00 | Size = 54657 bytes | Created Date = 3/8/2007 4:49:49 PM | Attr = ]
LMouKE.Sys -> %System32%\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.11.427.00 | Size = 71405 bytes | Created Date = 3/8/2007 4:49:49 PM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Created Date = 3/8/2007 4:54:07 PM | Attr = ]
nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 3/7/2007 1:41:21 PM | Attr = ]
RegKill.sys -> %System32%\drivers\RegKill.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Created Date = 2/15/2007 4:56:49 PM | Attr = ]

[Files - Modified Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 3/7/2007 8:55:04 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 224 bytes | Modified Date = 3/7/2007 10:49:48 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 3/7/2007 8:55:04 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Modified Date = 3/11/2007 12:59:02 PM | Attr = HS]
Nero Documents.doc -> %SystemDrive%\Nero Documents.doc -> [Ver = | Size = 39936 bytes | Modified Date = 3/3/2007 6:14:36 PM | Attr = ]
.zreglib -> %AllUsersAppData%\.zreglib -> [Ver = | Size = 125 bytes | Modified Date = 3/11/2007 12:59:12 PM | Attr = HS]
desktop.ini -> %AllUsersAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/7/2007 2:37:48 PM | Attr = HS]
.zreglib -> %UserAppData%\.zreglib -> [Ver = | Size = 125 bytes | Modified Date = 3/8/2007 8:09:34 PM | Attr = HS]
desktop.ini -> %UserAppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/7/2007 2:37:48 PM | Attr = HS]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Modified Date = 3/8/2007 11:32:26 AM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 42168 bytes | Modified Date = 3/8/2007 10:53:26 AM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 5346658 bytes | Modified Date = 3/8/2007 12:30:42 PM | Attr = H ]
desktop.ini -> %AllUsersDocuments%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/7/2007 2:37:48 PM | Attr = HS]
desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 85 bytes | Modified Date = 3/7/2007 11:13:58 PM | Attr = HS]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 3/8/2007 10:55:46 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 3/8/2007 10:54:42 AM | Attr = ]
CloneDVD2.lnk -> %AllUsersDesktop%\CloneDVD2.lnk -> [Ver = | Size = 852 bytes | Modified Date = 3/8/2007 5:25:24 PM | Attr = ]
Easy-PhotoPrint.lnk -> %AllUsersDesktop%\Easy-PhotoPrint.lnk -> [Ver = | Size = 808 bytes | Modified Date = 3/8/2007 12:52:44 PM | Attr = ]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk -> [Ver = | Size = 2361 bytes | Modified Date = 3/8/2007 12:30:16 PM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/11/2007 2:58:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
CCleaner.lnk -> %UserDesktop%\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 3/8/2007 10:59:20 AM | Attr = ]
CD-LabelPrint.lnk -> %UserDesktop%\CD-LabelPrint.lnk -> [Ver = | Size = 833 bytes | Modified Date = 3/8/2007 12:54:08 PM | Attr = ]
Ebay.url -> %UserDesktop%\Ebay.url -> [Ver = | Size = 242 bytes | Modified Date = 3/8/2007 5:54:56 PM | Attr = ]
Freecell.lnk -> %UserDesktop%\Freecell.lnk -> [Ver = | Size = 1522 bytes | Modified Date = 3/9/2007 8:44:54 AM | Attr = ]
haxfix.exe -> %UserDesktop%\haxfix.exe -> Marckie [Ver = | Size = 438201 bytes | Modified Date = 3/10/2007 9:25:02 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\haxfix.exe:Zone.Identifier ->
HijackThis_v1.99.1.exe -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 3/10/2007 9:25:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThis_v1.99.1.exe:Zone.Identifier ->
Internet Explorer.lnk -> %UserDesktop%\Internet Explorer.lnk -> [Ver = | Size = 767 bytes | Modified Date = 3/8/2007 8:40:38 AM | Attr = ]
LimeWire 4.13.2.lnk -> %UserDesktop%\LimeWire 4.13.2.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 3/8/2007 11:47:56 AM | Attr = ]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 3/11/2007 3:00:22 PM | Attr = ]
Nero Recode.lnk -> %UserDesktop%\Nero Recode.lnk -> [Ver = | Size = 2291 bytes | Modified Date = 3/8/2007 12:35:24 PM | Attr = ]
Nero Vision.lnk -> %UserDesktop%\Nero Vision.lnk -> [Ver = | Size = 2339 bytes | Modified Date = 3/8/2007 12:35:32 PM | Attr = ]
P_MPEG4.dll -> %UserDesktop%\P_MPEG4.dll -> [Ver = 1, 0, 0, 3 | Size = 282624 bytes | Modified Date = 3/11/2007 1:55:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\P_MPEG4.dll:Zone.Identifier ->
SDFix.exe -> %UserDesktop%\SDFix.exe -> [Ver = | Size = 686229 bytes | Modified Date = 3/11/2007 11:17:34 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.Identifier ->
Shortcut to ConvertXtoDvd.lnk -> %UserDesktop%\Shortcut to ConvertXtoDvd.lnk -> [Ver = | Size = 686 bytes | Modified Date = 3/8/2007 3:14:52 PM | Attr = ]
Shortcut to DVD Shrink 3.2.lnk -> %UserDesktop%\Shortcut to DVD Shrink 3.2.lnk -> [Ver = | Size = 566 bytes | Modified Date = 3/8/2007 10:19:08 AM | Attr = ]
Shortcut to DVDDecrypter.lnk -> %UserDesktop%\Shortcut to DVDDecrypter.lnk -> [Ver = | Size = 577 bytes | Modified Date = 3/8/2007 10:26:00 AM | Attr = ]
Shortcut to firefox.lnk -> %UserDesktop%\Shortcut to firefox.lnk -> [Ver = | Size = 564 bytes | Modified Date = 3/8/2007 10:17:14 AM | Attr = ]
Shortcut to Nero Documents.lnk -> %UserDesktop%\Shortcut to Nero Documents.lnk -> [Ver = | Size = 445 bytes | Modified Date = 3/8/2007 9:37:16 AM | Attr = ]
Shortcut to SnagIt32.lnk -> %UserDesktop%\Shortcut to SnagIt32.lnk -> [Ver = | Size = 798 bytes | Modified Date = 3/10/2007 10:34:00 PM | Attr = ]
Shortcut to SpybotSD.lnk -> %UserDesktop%\Shortcut to SpybotSD.lnk -> [Ver = | Size = 641 bytes | Modified Date = 3/8/2007 10:25:14 AM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Modified Date = 3/11/2007 7:49:42 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
desktop.ini -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 3/7/2007 11:00:48 PM | Attr = HS]
Logitech Desktop Messenger.lnk -> %AllUsersStartup%\Logitech Desktop Messenger.lnk -> [Ver = | Size = 1885 bytes | Modified Date = 3/8/2007 5:53:08 PM | Attr = ]
Logitech SetPoint.lnk -> %AllUsersStartup%\Logitech SetPoint.lnk -> [Ver = | Size = 1646 bytes | Modified Date = 3/8/2007 5:49:52 PM | Attr = ]
WinZip Quick Pick.lnk -> %AllUsersStartup%\WinZip Quick Pick.lnk -> [Ver = | Size = 1518 bytes | Modified Date = 3/8/2007 5:22:42 PM | Attr = ]
desktop.ini -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 3/7/2007 11:00:48 PM | Attr = HS]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/11/2007 12:59:04 PM | Attr = S]
bwUnin-6.1.4.68-8876480L.exe -> %SystemRoot%\bwUnin-6.1.4.68-8876480L.exe -> [Ver = | Size = 81920 bytes | Modified Date = 3/8/2007 5:53:00 PM | Attr = R ]
control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 3/7/2007 11:00:38 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 3/8/2007 10:45:40 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 3/8/2007 10:16:36 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 3/8/2007 8:50:44 AM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 3/7/2007 11:00:14 PM | Attr = ]
OpPrintServer.INI -> %SystemRoot%\OpPrintServer.INI -> [Ver = | Size = 0 bytes | Modified Date = 3/8/2007 12:58:42 PM | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 3/7/2007 11:05:28 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 3/7/2007 2:38:16 PM | Attr = ]
vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 3/7/2007 10:56:28 PM | Attr = ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 3/7/2007 10:56:28 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 632 bytes | Modified Date = 3/10/2007 9:32:38 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 3/8/2007 5:54:36 PM | Attr = ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 623 bytes | Modified Date = 3/7/2007 11:04:38 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 3/7/2007 11:00:28 PM | Attr = ]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 3/8/2007 10:10:50 AM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 3/7/2007 11:00:38 PM | Attr = ]
Dvbpws.dll -> %System32%\Dvbpws.dll -> [Ver = | Size = 2 bytes | Modified Date = 3/8/2007 11:33:22 AM | Attr = ]
ElbyCDIO.dll -> %System32%\ElbyCDIO.dll -> Elaborate Bytes AG [Ver = 6, 0, 5, 6 | Size = 86016 bytes | Modified Date = 2/28/2007 4:05:28 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 3/7/2007 10:56:42 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 188200 bytes | Modified Date = 3/9/2007 8:22:40 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/10/2007 9:27:42 PM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 3/7/2007 10:58:50 PM | Attr = RH ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 3/7/2007 11:00:28 PM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/10/2007 9:27:42 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 3/11/2007 7:49:04 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 3/11/2007 7:49:04 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 3/11/2007 7:49:04 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/10/2007 9:27:42 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 3/7/2007 10:58:50 PM | Attr = RH ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/10/2007 9:00:36 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/7/2007 10:58:40 PM | Attr = RH ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.0 | Size = 77000 bytes | Modified Date = 3/5/2007 8:24:48 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/8/2007 10:55:40 AM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/8/2007 10:55:42 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/8/2007 10:55:42 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 3/8/2007 10:55:46 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 3/8/2007 10:55:44 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 3/8/2007 10:55:44 AM | Attr = ]
ElbyCDIO.sys -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 2/28/2007 1:56:08 PM | Attr = ]
MxlW2k.sys -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 3/8/2007 5:54:44 PM | Attr = ]
RegKill.sys -> %System32%\drivers\RegKill.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 2/15/2007 5:56:50 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/11/2007 2:58:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\haxfix.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThis_v1.99.1.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HijackThis_v1.99.1.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 3/10/2007 9:25:44 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\P_MPEG4.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0015 | Size = 95744 bytes | Modified Date = 3/11/2007 7:49:42 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 3/8/2007 10:55:40 AM | Attr = ]

< End of report >

 

OK... WinPFind3 log looks good.

Can you post one last HijackThis log please.

 

Logfile of HijackThis v1.99.1
Scan saved at 4:01:09 AM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\ea nton.NTON-4F9C0F7\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

 

Your log is clean

How is the PC behaving?

 

Just wanted to say thanks for letting me being a part of this, If I don't learn I can't help. Figured I had to start spreading my wings at some point. Still much for me to learn but I will do it with a passion. Gwen send that disc back and don't tell them what they are in for. LOL Ken

 

As always, you guys in this forum do a great job, you really know your stuff.
Many many thanks to all who assisted. The comp is once again running fine. It's a pity the IDIOTS who create these Viruses, trojans etc dont put their obvious skills to helping others rather than creating havoc...twisted little sh#ts
Until the next time Cheers and thanks.

 

Welcome... glad I could help