WinPFind35 logfile created on: 3/12/2008 3:08:12 PM WinPFind35U Version 1.0.5.0 Folder = C:\Documents and Settings\Stephen\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 198.23 Mb Available Physical Memory | 38.79% Memory free 1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 15.11 Gb Free Space | 27.04% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROBERT-LNO07DQQ Current User Name: Stephen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> MD5 = 5DCD235C061022BCDA9AA48670B64211 | GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> MD5 = 3C7B93F947355E374A49564D0D017B7B | GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/8/2008 3:52:25 PM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> MD5 = 30A14F65DB477DC00A64A5A24E96919C | GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/5/2007 3:53:06 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> MD5 = 76CD8B6DBB4B8A984193AD07ADC1BD3A | GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 3/8/2008 3:52:27 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> MD5 = CC6BC45DD5A58158645E7FB2953604FE | GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> MD5 = 836DC47E6CAD975304D1D3EB2F516A1C | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> MD5 = C918ACEB065E8C8FDA964752E1AABB86 | OldTimer Tools [Ver = 1.0.5.0 | Size = 310272 bytes | Modified Date = 3/10/2008 2:34:14 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> MD5 = 5DCD235C061022BCDA9AA48670B64211 | GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 AM | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> MD5 = 3C7B93F947355E374A49564D0D017B7B | GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/8/2008 3:52:25 PM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> MD5 = 30A14F65DB477DC00A64A5A24E96919C | GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/5/2007 3:53:06 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\CTsvcCDA.EXE -> MD5 = 3C8B6609712F4FF78E521F6DCFC4032B | Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (CWShredder Service) CWShredder Service [Win32_Own | Disabled | Stopped] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\KDIJS9Y7\CWShredder[1].exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (ewido security suite control) ewido security suite control [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido anti-malware\ewidoctrl.exe -> MD5 = 26830B750372AB1BF29C95DEEBEB802F | ewido networks [Ver = 3, 0, 0, 1 | Size = 13888 bytes | Modified Date = 11/30/2005 5:47:52 AM | Attr = ] (ewido security suite guard) ewido security suite guard [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido anti-malware\ewidoguard.exe -> MD5 = 34A50717AD686900F078F5208F8E908E | ewido networks [Ver = 3, 0, 0, 1 | Size = 151616 bytes | Modified Date = 12/18/2005 1:41:35 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> MD5 = 1CF03C69B49ACB70C722DF92755C0C8C | Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = F72AB8EC1EB97F4B6EDABFDC34BC84CB | Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 0FEBE37DB6650FAA5965C00545009D1D | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> MD5 = CC6BC45DD5A58158645E7FB2953604FE | GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> MD5 = 76CD8B6DBB4B8A984193AD07ADC1BD3A | GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 3/8/2008 3:52:27 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\bak\qttask.exe -> MD5 = 7FBE43046EFDF24FC9375024E4D02AC9 | Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> MD5 = 836DC47E6CAD975304D1D3EB2F516A1C | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] TypeAgentL -> %ProgramFiles%\TypeAgent\TypeAgent.exe -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpyDefender Shield -> %ProgramFiles%\SpyDefender Pro\SpyDefender.exe -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aida -> %ProgramFiles%\rdso\eetu.exe -> File not found AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> MD5 = B331EF4C7437F5093D703340678469EB | GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 3/8/2008 3:52:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aida -> %ProgramFiles%\rdso\eetu.exe -> File not found AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> MD5 = B331EF4C7437F5093D703340678469EB | GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 3/8/2008 3:52:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> MD5 = B331EF4C7437F5093D703340678469EB | GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 3/8/2008 3:52:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> MD5 = B331EF4C7437F5093D703340678469EB | GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 3/8/2008 3:52:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpyDefender Shield -> %ProgramFiles%\SpyDefender Pro\SpyDefender.exe -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Dad Startup Folder > -> C:\Documents and Settings\Dad\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Mom Startup Folder > -> C:\Documents and Settings\Mom\Start Menu\Programs\Startup -> < Stephen Startup Folder > -> C:\Documents and Settings\Stephen\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ewido anti-malware\shellhook.dll [ewido shell guard] -> MD5 = 7AE860799865F5D62B4049C0533CFC39 | [Ver = | Size = 39488 bytes | Modified Date = 9/30/2004 8:21:56 AM | Attr = ] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> MD5 = 3FD0B984601D65C6DA8E891A0D5905D1 | GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr = ] {81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> MD5 = CDE968DF7EA866320EFB8762B50E0AD7 | [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/3/2003 12:20:57 AM | Attr = R ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> MD5 = A1CC9E1DB0840F4DB88AF99CB584971D | [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 6:37:34 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (226974 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://gotfrag.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: Main\\Start Page -> http://gotfrag.com/ -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4242 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4431 domain(s) found. -> .[msn] -> My Computer -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4241 domain(s) found. -> 31 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4241 domain(s) found. -> 31 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4431 domain(s) found. -> .[msn] -> My Computer -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 9:12:08 PM | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> MD5 = 964621E8B2415FEAA99026ED4F29D198 | [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/3/2003 12:24:01 AM | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> MD5 = 5B42CB6A121256465B251840FDB1B2FE | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> MD5 = 9BC0B8E6DD2FDB3A6B1C4301E8482F8F | America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/21/2005 5:22:59 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [&Yahoo! Companion] -> MD5 = 29FE6033D0143FEFA73C3292A94DD9D0 | Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 298168 bytes | Modified Date = 10/8/2004 5:42:46 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> MD5 = 9BC0B8E6DD2FDB3A6B1C4301E8482F8F | America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/21/2005 5:22:59 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [&Yahoo! Companion] -> MD5 = 29FE6033D0143FEFA73C3292A94DD9D0 | Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 298168 bytes | Modified Date = 10/8/2004 5:42:46 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> MD5 = 4FDFB86D78994BD71CBB779A7809E9CD | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> MD5 = 5B42CB6A121256465B251840FDB1B2FE | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> MD5 = 92BE69A36A9504EDBA2CAB34A32B97B3 | America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> MD5 = 92BE69A36A9504EDBA2CAB34A32B97B3 | America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> MD5 = 9BC0B8E6DD2FDB3A6B1C4301E8482F8F | America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/21/2005 5:22:59 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> MD5 = 92BE69A36A9504EDBA2CAB34A32B97B3 | America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> MD5 = 92BE69A36A9504EDBA2CAB34A32B97B3 | America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> MD5 = B33A0BCE72CDC81B56154E9DF4AF34F6 | Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 1/22/2005 2:52:08 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> MD5 = 92BE69A36A9504EDBA2CAB34A32B97B3 | America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\] > -> HKEY_USERS\S-1-5-21-117609710-1979792683-839522115-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> MD5 = 9BC0B8E6DD2FDB3A6B1C4301E8482F8F | America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 1/21/2005 5:22:59 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> MD5 = 0CBE3E4166A08FC379EABF532B4EFE18 | InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {309C8EF5-F1B7-43C3-9D61-AF3DCED0BDE4} -> (D-Link AirPlus DWL-520+ Wireless PCI Adapter) -> {4637D038-84A4-4DE4-B107-D92918618F74} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> MD5 = 1F5A570AD942DFCFE4500326ABDD72B2 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bw+0:{7810b763-919d-4e99-85d5-8487379e2f08} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> MD5 = AA9F767125592D07DB4A0BC841D96D35 | BackWeb Technologies Inc. [Ver = Version 7.2.0 (Build 137R) | Size = 40999 bytes | Modified Date = 5/23/2005 6:11:33 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://download.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {3334504D-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB[Reg Error: Key does not exist or could not be opened.] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab[CDownloadCtrl Object] -> {5334504D-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab[Reg Error: Key does not exist or could not be opened.] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195415487859[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195415479156[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://www.windowsecurity.com/trojanscan/axscan.cab[ASquaredScanForm Element] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> [Files/Folders - Created Within 90 days] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Created Date = 3/11/2008 8:32:58 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 3/11/2008 11:05:35 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/11/2008 8:06:28 PM | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> MD5 = 400E920D2E3F42BF6F1F75DD1B069CE3 | GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 3/8/2008 3:52:52 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> MD5 = 8A7E25876955E06142EF65B52C906CF1 | GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 3/8/2008 3:52:57 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> MD5 = 04D823D681F0D53191A172C3E667FC33 | GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 3/8/2008 3:52:58 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> MD5 = 856B0CEE009946BF2D327E6B24FE7E3F | GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 3/8/2008 11:15:35 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> MD5 = 603DC17A48C65C637623A9BB5A5E6008 | GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 3/8/2008 3:53:01 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> MD5 = 0F471F46D155046BB58E4D6869A15382 | GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 3/8/2008 3:53:01 PM | Attr = ] autoexec.nt -> %SystemRoot%\System32\autoexec.nt -> MD5 = 4E966199AAC37B22E5831F800E6123BA | [Ver = | Size = 65 bytes | Created Date = 1/7/2008 6:13:52 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 1/11/2008 3:30:44 PM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 0C3EA89DBFC7F4A5761246C62E10DD0E | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/8/2008 3:55:06 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = 4D1DB6B7089DACACFCF5BC294A2E7990 | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 1/11/2008 5:21:23 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = 3472BAEB8D524D5CC7B5CE56BE5BD03B | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/8/2008 3:55:06 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = E3D19BC2EC623FA5DD547F3B3EB13DCB | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/8/2008 3:55:07 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 3/11/2008 8:24:16 PM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> MD5 = 2856361E5C02BCDD374624C837EB7ADB | [Ver = 30130 | Size = 54608 bytes | Created Date = 2/20/2008 9:57:30 PM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] CFE7-078B-0AF7-66D2.dat -> %SystemRoot%\CFE7-078B-0AF7-66D2.dat -> MD5 = 4D4C4EFCCE6E5AE13790B7B82B7AF9CC | [Ver = | Size = 13 bytes | Created Date = 1/9/2008 4:40:16 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/11/2008 8:07:17 PM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = 1D56C98258B6D70F56BAA32380DEA992 | NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/11/2008 8:06:25 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/11/2008 8:36:54 PM | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> MD5 = 984FA06B4AB2ECD6EE396B49EA5C84B6 | [Ver = | Size = 2552 bytes | Created Date = 3/8/2008 11:22:31 PM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> MD5 = FA216964C56ACEB2ECAFCE0815494DBC | [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 3/8/2008 11:22:31 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 3/9/2008 8:50:26 AM | Attr = RH ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Modified Date = 3/11/2008 8:36:57 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/12/2008 2:57:52 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 3/11/2008 11:05:35 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/12/2008 2:59:07 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/11/2008 8:36:54 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/12/2008 1:41:47 AM | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> MD5 = 400E920D2E3F42BF6F1F75DD1B069CE3 | GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 3/8/2008 3:52:53 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> MD5 = 8A7E25876955E06142EF65B52C906CF1 | GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 3/8/2008 3:52:57 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> MD5 = 04D823D681F0D53191A172C3E667FC33 | GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 3/8/2008 3:52:58 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> MD5 = 603DC17A48C65C637623A9BB5A5E6008 | GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 3/8/2008 3:53:01 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> MD5 = 0F471F46D155046BB58E4D6869A15382 | GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 3/8/2008 3:53:01 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/8/2008 11:28:33 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = 7F4E7D5F69E0470DCAC24B71B2E39C8B | [Ver = | Size = 226974 bytes | Modified Date = 3/8/2008 11:28:33 PM | Attr = R ] hosts.20080308-222828.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-222828.backup -> MD5 = 7F4E7D5F69E0470DCAC24B71B2E39C8B | [Ver = | Size = 226974 bytes | Modified Date = 3/8/2008 11:28:11 PM | Attr = R ] hosts.20080308-222833.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080308-222833.backup -> MD5 = 7F4E7D5F69E0470DCAC24B71B2E39C8B | [Ver = | Size = 226974 bytes | Modified Date = 3/8/2008 11:28:28 PM | Attr = R ] autoexec.nt -> %SystemRoot%\System32\autoexec.nt -> MD5 = 4E966199AAC37B22E5831F800E6123BA | [Ver = | Size = 65 bytes | Modified Date = 1/12/2008 4:11:24 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 12/26/2007 5:01:08 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/12/2008 11:50:21 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 12/25/2007 3:44:38 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/3/2008 10:55:50 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/11/2008 8:07:50 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 1/11/2008 3:30:44 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 0C3EA89DBFC7F4A5761246C62E10DD0E | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> MD5 = 4D1DB6B7089DACACFCF5BC294A2E7990 | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 3:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = 3472BAEB8D524D5CC7B5CE56BE5BD03B | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = E3D19BC2EC623FA5DD547F3B3EB13DCB | Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 3:33:32 AM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 3/11/2008 8:24:16 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 1/12/2008 3:30:05 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = 4B6B287D2B6F49D1283EB5111A1004F5 | [Ver = | Size = 76380 bytes | Modified Date = 3/9/2008 1:07:30 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = 14BECAF0A6DC16987FA1ED7D22EDB044 | [Ver = | Size = 437624 bytes | Modified Date = 3/9/2008 1:07:30 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 3E747B3DC66384CCF1CACE38D5AF321D | [Ver = | Size = 523118 bytes | Modified Date = 3/9/2008 1:07:30 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 12/25/2007 3:44:16 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = DD9CEA2052D3761A90FCA583CDDC339E | [Ver = | Size = 2206 bytes | Modified Date = 3/12/2008 3:02:01 PM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> MD5 = 2856361E5C02BCDD374624C837EB7ADB | [Ver = 30130 | Size = 54608 bytes | Modified Date = 2/20/2008 9:57:30 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/3/2008 10:40:25 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/9/2008 12:02:29 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 3/12/2008 3:00:57 PM | Attr = S] CFE7-078B-0AF7-66D2.dat -> %SystemRoot%\CFE7-078B-0AF7-66D2.dat -> MD5 = 4D4C4EFCCE6E5AE13790B7B82B7AF9CC | [Ver = | Size = 13 bytes | Modified Date = 1/9/2008 4:40:16 AM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/12/2008 4:06:27 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/11/2008 11:07:00 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/11/2008 11:06:03 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/11/2008 5:31:16 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/11/2008 5:36:06 AM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/24/2007 2:42:38 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/11/2008 8:24:16 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/12/2008 2:57:59 PM | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/9/2008 12:02:48 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/12/2008 3:07:01 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/25/2007 3:44:15 AM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 3/11/2008 5:58:32 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B | [Ver = | Size = 227 bytes | Modified Date = 3/11/2008 8:35:47 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/12/2008 2:57:38 PM | Attr = HS] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/12/2008 3:01:48 PM | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> MD5 = 984FA06B4AB2ECD6EE396B49EA5C84B6 | [Ver = | Size = 2552 bytes | Modified Date = 3/8/2008 11:22:32 PM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> MD5 = FA216964C56ACEB2ECAFCE0815494DBC | [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 3/8/2008 11:22:03 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/8/2008 10:56:03 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> MD5 = 3F85EBB1919D261DDAB7B06B5C511286 | [Ver = | Size = 284 bytes | Modified Date = 3/7/2008 12:21:01 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 3/12/2008 3:01:12 PM | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> MD5 = 504EB8115B1D9F181FBDAAD5CEB93BBF | [Ver = | Size = 10053 bytes | Modified Date = 12/25/2007 3:53:44 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 4232 bytes | Modified Date = 3/12/2008 3:06:17 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 4617 bytes | Modified Date = 3/12/2008 3:06:17 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> MD5 = 589D11F2C098D24304784653A9B3E7F7 | [Ver = | Size = 11234 bytes | Modified Date = 3/4/2006 12:56:20 PM | Attr = ] vmpremov.exe -> C:\Documents and Settings\Stephen\Local Settings\Temp\vmpremov.exe -> MD5 = 833C6FF063B08AA58AE360C330C462E0 | Viewpoint Corporation [Ver = 3, 2, 2, 26 | Size = 61440 bytes | Modified Date = 3/11/2004 1:14:15 PM | Attr = ] 1 C:\Documents and Settings\Stephen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Stephen\Local Settings\Temp\*.tmp -> [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU\doc] "MRUList"="a" scanning hidden files ... C:\WINDOWS\system32\Thumbs.db:encryptable 0 bytes C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db:encryptable 0 bytes C:\WINDOWS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\TEMP:4DB71D55 102 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mom\Desktop\MOMS EMAIL.url:favicon 1406 bytes C:\Documents and Settings\Stephen\.limewire\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\Desktop\cs folders\cs movies\PubmastersTwo\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\Desktop\cs folders\cs movies\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\Desktop\Torrent Files\Mission Impossible\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\Desktop\SMT 5600 Files\300000b01000001f.mpb:SummaryInformation 88 bytes C:\Documents and Settings\Stephen\Desktop\SMT 5600 Files\300000b01000001f.mpb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Stephen\Favorites\BF Clans\DCBB.url:favicon 5694 bytes C:\Documents and Settings\Stephen\Favorites\Gaming-Laddering-Leauges\ES Reality.url:favicon 1150 bytes C:\Documents and Settings\Stephen\Favorites\Gaming-Laddering-Leauges\GameSpy.url:favicon 1078 bytes C:\Documents and Settings\Stephen\Favorites\Gaming-Laddering-Leauges\Gametiger.url:favicon 8566 bytes C:\Documents and Settings\Stephen\Favorites\Google Image Result for http--www.games2download.com-images-clue-screen-small1.jpg.url:favicon 1406 bytes C:\Documents and Settings\Stephen\Favorites\hack the MOTORAZR V3xx - Google Search.url:favicon 1406 bytes C:\Documents and Settings\Stephen\Favorites\lazylaces cluedo.url:favicon 1406 bytes C:\Documents and Settings\Stephen\Favorites\Movies\Veoh.url:favicon 2550 bytes C:\Documents and Settings\Stephen\Favorites\My Space\My Space.url:favicon 1406 bytes C:\Documents and Settings\Stephen\Favorites\PSU Scheduling\Rate My Professors.url:favicon 3638 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\After Dawn.url:favicon 318 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\Intelore.url:favicon 2862 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\Kabam4.url:favicon 1150 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\Suave.url:favicon 1150 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\Weak Game.url:favicon 3742 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\WWE 54-24-48.url:favicon 22486 bytes C:\Documents and Settings\Stephen\Favorites\Random Websites\Yikers.url:favicon 3638 bytes C:\Documents and Settings\Stephen\Favorites\RazeR-Skill eSnips Folder.url:favicon 1406 bytes C:\Documents and Settings\Stephen\Favorites\Counter Strike\CS Pro Configs.url:favicon 894 bytes C:\Documents and Settings\Stephen\Favorites\Facebook\Facebook.url:favicon 1150 bytes C:\Documents and Settings\Stephen\My Documents\Erics Stuff\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\My Phone\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\My Pictures\e-mail picture jpg\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\My Pictures\e-mail pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\blue\img\flags\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\blue\img\gamepics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\blue\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\phpBB2\images\smiles\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\phpBB2\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.GT.13\Surreal-Media.GT.13\adminsm\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.GT.13\Surreal-Media.GT.13\img\flags\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.GT.13\Surreal-Media.GT.13\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.GT.13\Surreal-Media.GT.13\members\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.Skin.13\phpBB2\templates\SMF4\images\lang_english\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Stephen\My Documents\WAC Website\Surreal-Media.Skin.13\phpBB2\templates\SMF4\images\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 60 < End of report >