WinPFind3 logfile created on: 21/02/2007 22:46:17
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Garry\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
523764 Kb Total Physical Memory | 252932 Kb Available Physical Memory | 48.29% Memory free
2849324 Kb Paging File | 2495288 Kb Available in Paging File | 87.57% Paging File free
Paging file location(s): I:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 8193116 Kb Total Space | 1545204 Kb Free Space | 18.86% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 8193116 Kb Total Space | 2949264 Kb Free Space | 36.00% Space Free
[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 02/09/2006 23:36:34 | Attr = ]
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 15:17:24 | Attr = R ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 02/09/2006 04:33:40 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 12:20:00 | Attr = ]
capabilitymanager.exe -> %CommonProgramFiles%\Teleca Shared\CapabilityManager.exe -> Teleca Software Solutions AB [Ver = 0.0.1.48 | Size = 278528 bytes | Modified Date = 08/06/2005 15:45:04 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107112 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
e_s4i0m2.exe -> %System32%\spool\drivers\w32x86\3\E_S4I0M2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 11/09/2003 03:00:00 | Attr = ]
epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1182 | Size = 864256 bytes | Modified Date = 08/02/2006 09:20:50 | Attr = R ]
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Modified Date = 10/08/2005 06:54:34 | Attr = R ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 14:13:20 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09/11/2006 15:07:30 | Attr = ]
pupxpman.exe -> %System32%\Pupxpman.exe -> ashampoo GmbH & Co. KG [Ver = 1.04.0347 | Size = 114688 bytes | Modified Date = 16/04/2003 08:02:18 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 26/11/2006 16:08:46 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12/02/2007 21:39:14 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 01/02/2005 16:07:18 | Attr = ]
(Afdstac) Afdstac [Win32_Shared | Disabled | Stopped] -> -> File not found
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 02/09/2006 23:36:34 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 14:13:20 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 03/09/2006 07:54:52 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> F:\Program Files\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 06/09/2006 01:22:26 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 02/09/2006 23:36:34 | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 19/01/2005 20:07:22 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Modified Date = 26/11/2006 16:08:46 | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 02/09/2006 04:33:40 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 12:20:00 | Attr = ]
ADSL_A2 -> -> File not found
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 106.1.3.3 | Size = 107112 bytes | Modified Date = 28/11/2006 20:51:24 | Attr = ]
EPSON Stylus Photo RX600 -> %System32%\spool\drivers\w32x86\3\E_S4I0M2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 11/09/2003 03:00:00 | Attr = ]
GreasyPalmUpdate -> %SystemRoot%\GreasyPalmUpdate.exe -> GreasyPalm [Ver = 0, 0, 0, 12 | Size = 118784 bytes | Modified Date = 12/09/2005 15:07:52 | Attr = ]
mspwr -> %System32%\Pupxpman.exe -> ashampoo GmbH & Co. KG [Ver = 1.04.0347 | Size = 114688 bytes | Modified Date = 16/04/2003 08:02:18 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = ]
osCheck -> F:\Program Files\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 06/09/2006 01:22:28 | Attr = ]
PwrUpTweakMe -> %System32%\pupxptwk.exe -> ashampoo GmbH & Co. KG [Ver = 1.40.0084 | Size = 45056 bytes | Modified Date = 16/04/2003 08:02:44 | Attr = ]
QuickTime Task -> F:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 29/01/2006 23:07:40 | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Modified Date = 26/10/2005 15:17:24 | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09/11/2006 15:07:30 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX600 -> %System32%\spool\drivers\w32x86\3\E_S4I0M2.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 99840 bytes | Modified Date = 11/09/2003 03:00:00 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
jsfile [open] -> Reg Data - Key not found ->
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 14:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ -> ->
< HOSTS File > (9525 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page ->
http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch ->
http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL ->
http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant ->
http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL ->
http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page ->
http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page ->
http://www.google.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 11:02:04 | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modified Date = 06/09/2006 05:18:24 | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]
{8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} [HKLM] -> %SystemRoot%\GPalm.dll [Band Class] -> GreasyPalm [Ver = 1, 1, 0, 16 | Size = 335872 bytes | Modified Date = 12/09/2005 15:17:36 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} [HKLM] -> %SystemRoot%\GPalm.dll [Band Class] -> GreasyPalm [Ver = 1, 1, 0, 16 | Size = 335872 bytes | Modified Date = 12/09/2005 15:17:36 | Attr = ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 510152 bytes | Modified Date = 06/09/2006 05:18:36 | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8194 - Reg Data - Key not found ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8193 - Reg Data - Key not found ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09/11/2006 15:21:54 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09/11/2006 15:21:52 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 12:56:24 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.13.10.3100 | Size = 348231 bytes | Modified Date = 30/07/2002 15:50:00 | Attr = R ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.13.10.3100 | Size = 348231 bytes | Modified Date = 30/07/2002 15:50:00 | Attr = R ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{79BC0345-1015-11D2-A299-006008312725} [HKLM] -> Reg Data - Key not found [blue.shell] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
{A5110426-177D-4e08-AB3F-785F10B4439C} [HKLM] -> %ProgramFiles%\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll [Sony Ericsson File Manager] -> Sony Ericsson Mobile Communications AB [Ver = 1, 3, 10, 0 | Size = 397312 bytes | Modified Date = 02/12/2005 12:18:38 | Attr = R ]
{DBD8E168-244D-448C-9922-25508950D1DC} [HKLM] -> Reg Data - Key not found [Ulead UDF Driver] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2453 | Size = 54736 bytes | Modified Date = 17/09/2006 21:12:48 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 11:40:48 | Attr = ]
{1FE33981-7BF7-11d3-97B7-0020AF892ACF} [HKLM] -> %System32%\chckshll.dll [DiskChecker] -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 03/10/2004 18:28:58 | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 07/09/2006 05:38:28 | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 11:40:48 | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{1FE33981-7BF7-11d3-97B7-0020AF892ACF} [HKLM] -> %System32%\chckshll.dll [DiskChecker] -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 03/10/2004 18:28:58 | Attr = ]
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} [HKLM] -> F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Modified Date = 07/09/2006 05:38:28 | Attr = ]
Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [WinRAR] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> F:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 17/12/2004 09:00:00 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0FE96CC3-CC6C-4DBB-BD8A-7F70E79134DE} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{62ABE946-DF47-4268-9185-A7A9B5FB5D3B} -> (NVIDIA nForce MCP Networking Adapter) ->
{BD5EDD09-2900-44F6-BED0-43C386CFA78B} -> () ->
{C6B5DBCA-79C0-430A-BC42-B125EAE68652} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.1f | Size = 33280 bytes | Modified Date = 21/02/2006 12:17:30 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -> DjVuCtl Class - CodeBase =
http://www.lizardtec...ntrol_en_US.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase =
http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft....k/?linkid=39204 ->
{238F6F83-B8B4-11CF-8771-00A024541EE3} -> Citrix ICA Client - CodeBase =
http://a516.g.akamai...cat-no-eula.cab ->
{4D561B31-49A0-4E2C-8AFF-353468EC669B} -> GreasyPalmInstallHelper Class - CodeBase =
http://www.greasypal.../GreasyPalm.cab ->
{7F8C8173-AD80-4807-AA75-5672F22B4582} -> ICSScanner Class - CodeBase =
http://download.zone...anner371050.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase =
http://www.crucial.c.../cpcScanner.cab ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://fpdownload.ma...ent/swflash.cab ->
[Files - Created Within 30 days]
AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u -> [Ver = | Size = 0 bytes | Created Date = 11/02/2007 11:53:40 | Attr = ]
Garry SherwoodGuilplates.doc -> %UserDocuments%\Garry SherwoodGuilplates.doc -> [Ver = | Size = 20480 bytes | Created Date = 13/02/2007 19:03:17 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 21/02/2007 17:21:26 | Attr = ]
AVS DVD Player.lnk -> %AllUsersDesktop%\AVS DVD Player.lnk -> [Ver = | Size = 785 bytes | Created Date = 11/02/2007 11:46:15 | Attr = ]
Ease Audio Converter.lnk -> %UserDesktop%\Ease Audio Converter.lnk -> [Ver = | Size = 758 bytes | Created Date = 30/01/2007 21:28:51 | Attr = ]
requested-files[2007-02-21_20_37].cab -> %UserDesktop%\requested-files[2007-02-21_20_37].cab -> [Ver = | Size = 58499 bytes | Created Date = 21/02/2007 20:37:41 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 20/02/2007 21:48:17 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 21/02/2007 22:45:20 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx -> [Ver = | Size = 156910 bytes | Created Date = 11/02/2007 11:46:09 | Attr = ]
AC3ACM.acm -> %System32%\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 11/02/2007 11:46:10 | Attr = ]
alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 11/02/2007 11:46:10 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 20/02/2007 17:41:40 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 20/02/2007 17:41:08 | Attr = ]
mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 11/02/2007 11:46:09 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 20/02/2007 17:41:08 | Attr = ]
Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 11/02/2007 11:46:10 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3766 bytes | Created Date = 20/02/2007 17:30:37 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 20/02/2007 17:41:09 | Attr = ]
vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 11/02/2007 11:46:10 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 53248 bytes | Created Date = 11/02/2007 11:46:10 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 11/02/2007 11:46:09 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 11/02/2007 11:46:09 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 20/02/2007 17:41:40 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 21/02/2007 17:21:25 | Attr = ]
pshook11.sys -> %System32%\drivers\pshook11.sys -> TrekBlue, LLC [Ver = 5.2.3639.0 | Size = 67645 bytes | Created Date = 19/02/2007 20:47:47 | Attr = ]
[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 193 bytes | Modified Date = 18/02/2007 23:29:58 | Attr = HS]
AVSDVDPlayer.m3u -> %UserAppData%\AVSDVDPlayer.m3u -> [Ver = | Size = 0 bytes | Modified Date = 11/02/2007 11:53:42 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 52736 bytes | Modified Date = 13/02/2007 20:56:18 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 18312 bytes | Modified Date = 11/02/2007 11:50:48 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 8578926 bytes | Modified Date = 21/02/2007 20:48:28 | Attr = H ]
Garry SherwoodGuilplates.doc -> %UserDocuments%\Garry SherwoodGuilplates.doc -> [Ver = | Size = 20480 bytes | Modified Date = 13/02/2007 19:07:06 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 21/02/2007 17:21:28 | Attr = ]
AVS DVD Player.lnk -> %AllUsersDesktop%\AVS DVD Player.lnk -> [Ver = | Size = 785 bytes | Modified Date = 11/02/2007 11:46:16 | Attr = ]
Ease Audio Converter.lnk -> %UserDesktop%\Ease Audio Converter.lnk -> [Ver = | Size = 758 bytes | Modified Date = 30/01/2007 21:28:52 | Attr = ]
requested-files[2007-02-21_20_37].cab -> %UserDesktop%\requested-files[2007-02-21_20_37].cab -> [Ver = | Size = 58499 bytes | Modified Date = 21/02/2007 20:37:42 | Attr = ]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 20/02/2007 21:48:18 | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 21/02/2007 22:45:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
aceg.ini -> %SystemRoot%\aceg.ini -> [Ver = | Size = 31 bytes | Modified Date = 30/01/2007 21:30:44 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21/02/2007 20:49:44 | Attr = S]
EaseAudioConverter.ini -> %SystemRoot%\EaseAudioConverter.ini -> [Ver = | Size = 2555 bytes | Modified Date = 30/01/2007 21:31:00 | Attr = ]
ignore.bin -> %SystemRoot%\ignore.bin -> [Ver = | Size = 27092 bytes | Modified Date = 21/02/2007 19:25:18 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 18/02/2007 11:02:24 | Attr = ]
merchants2.bin -> %SystemRoot%\merchants2.bin -> [Ver = | Size = 8417276 bytes | Modified Date = 21/02/2007 19:25:18 | Attr = ]
MPLAYER.INI -> %SystemRoot%\MPLAYER.INI -> [Ver = | Size = 82 bytes | Modified Date = 03/02/2007 18:03:06 | Attr = ]
VFO.INI -> %SystemRoot%\VFO.INI -> [Ver = | Size = 1196 bytes | Modified Date = 03/02/2007 21:13:48 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 753 bytes | Modified Date = 20/02/2007 17:45:00 | Attr = ]
coh.cache -> %System32%\coh.cache -> [Ver = | Size = 13350 bytes | Modified Date = 21/02/2007 18:37:24 | Attr = ]
EraserAHS.tlg -> %System32%\EraserAHS.tlg -> [Ver = | Size = 44415 bytes | Modified Date = 04/02/2007 19:26:40 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 112584 bytes | Modified Date = 11/02/2007 15:46:06 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 21/02/2007 20:52:04 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 21/02/2007 20:52:04 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.3.0.15 | Size = 48776 bytes | Modified Date = 18/02/2007 21:40:56 | Attr = ]
ssnvfx.ini -> %System32%\ssnvfx.ini -> [Ver = | Size = 18254 bytes | Modified Date = 18/02/2007 11:14:02 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3766 bytes | Modified Date = 20/02/2007 17:34:58 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 21/02/2007 20:52:06 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10/02/2007 19:33:26 | Attr = ]
pshook11.sys -> %System32%\drivers\pshook11.sys -> TrekBlue, LLC [Ver = 5.2.3639.0 | Size = 67645 bytes | Modified Date = 20/02/2007 17:18:24 | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 8014 bytes | Modified Date = 18/02/2007 21:40:56 | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Modified Date = 18/02/2007 21:40:56 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.3.0.14 | Size = 115000 bytes | Modified Date = 18/02/2007 21:40:56 | Attr = ]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2 ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\50415_Demoablauf_Dampf_Schmalspur.wav:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\50516_Demoablauf_BR99-HSB.wav:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\FixWinXpCrypto.bat:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SpamShield3Setup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemRoot%\setup.exe -> [Ver = | Size = 424337 bytes | Modified Date = 06/01/2007 20:19:28 | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1328 | Size = 716800 bytes | Modified Date = 03/09/2004 18:03:48 | Attr = ]
Thawte Consulting , -> %System32%\mfimgvwr.ocx -> MyFamily.com, Inc. [Ver = 2.0.0.1 | Size = 181752 bytes | Modified Date = 09/04/2005 09:44:18 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 17/09/2006 21:12:54 | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626
[email protected] www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 14/06/2004 15:04:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedCry.dll -> Xceed Software Inc (450) 442-2626
[email protected] www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 19/11/2003 14:59:36 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626
[email protected] www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 14/06/2004 14:56:26 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 21:41:38 | Attr = ]
PEC2 , -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 05/11/2004 10:39:08 | Attr = ]
< End of report >