Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem with AVG deleted infected system files [RESOLVED]


  • This topic is locked This topic is locked

#16
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi there dtakehana,

Welcome back :) Your logs are clean. Do you still have issues with your PC? If so, we can investigate further.

P.S for future reference, the DSS main.txt log contains an HijackThis log :)

Tal
  • 0

Advertisements


#17
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tal!
Thank you very much for your valuable help! :-)
Well, if you are asking, I still would like to report some minor problems I´m having since I got back, the pages are taking too long to load and the pc has crashed two times this morning... I wonder if it´s something to do with some downloading programs I use in a very regular basis? But even so, that has never happened before...
Thanks once again if you have any suggestions!
Have a top weekend

Diana :)
  • 0

#18
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts

Hi Tal!
Thank you very much for your valuable help! :-)
Well, if you are asking, I still would like to report some minor problems I´m having since I got back, the pages are taking too long to load and the pc has crashed two times this morning... I wonder if it´s something to do with some downloading programs I use in a very regular basis? But even so, that has never happened before...
Thanks once again if you have any suggestions!
Have a top weekend

Diana :)


Well, if by 'downloading programs' you refer to Peer To Peer (BitTorrent, eMule, LimeWire and the like), then yes, they can be dangerous. As for the problems themselves... We can make a deeper scan to take a look.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
  • 0

#19
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tal,
Sorry about this, but before I start the scan, I´d like to inform/ask you about a warning I got from AVG, "Threat Found", i.e. the same original trojan virus we encountered when we started this thread is apparently back again... In one of our sata HD, then I´d like to ask you what should i do first? Thanks a lot! :-)
  • 0

#20
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Scan that drive with DSS please :) Include the log in your next reply.
  • 0

#21
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tal,
Sorry for the ignorance, but I am not being able to run the DSS scan only in the SATA HD, I have even tried to download it directly to it, but no luck... Please could you help? :)
  • 0

#22
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Is that drive hooked up into your computer directly? Then just run a DSS. That should do it.
  • 0

#23
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
HI Tal, thanks again!

Here is the Otscanit log:

[code=auto:0]OTScanIt logfile created on: 13/05/2008 18:06:09
OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Midori\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.48 Mb Total Physical Memory | 197.85 Mb Available Physical Memory | 44.31% Memory free
1.03 Gb Paging File | 0.64 Gb Available in Paging File | 61.94% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.55 Gb Total Space | 5.74 Gb Free Space | 16.14% Space Free | Partition Type: FAT32
Drive D: | 36.03 Gb Total Space | 35.66 Gb Free Space | 98.96% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 61.80 Gb Free Space | 41.46% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAKIS
Current User Name: Midori
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16/08/2004 15:17:20 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 31/07/2007 08:22:14 | Attr = ]
avgwdsvc.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
avgfws8.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 930584 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
avgam.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgam.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 658200 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
avgrsx.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 12/05/2008 14:57:22 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 07/10/2004 23:44:24 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 07/10/2004 23:43:12 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.36 | Size = 77824 bytes | Modified Date = 23/02/2005 18:13:10 | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 07/10/2004 19:50:52 | Attr = ]
keyhook.exe -> %SystemRoot%\system32\keyhook.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3654 | Size = 32768 bytes | Modified Date = 04/03/2005 13:13:04 | Attr = ]
pcmservice.exe -> %ProgramFiles%\Arcade\PCMService.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/03/2005 18:59:26 | Attr = ]
qtzgacer.exe -> %ProgramFiles%\Launch Manager\QtZgAcer.EXE -> Dritek System Inc. [Ver = 1, 0, 6, 812 | Size = 315392 bytes | Modified Date = 12/10/2005 15:16:04 | Attr = ]
monitor.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 3, 3, 9 | Size = 385024 bytes | Modified Date = 16/11/2005 16:54:56 | Attr = ]
ctsched.exe -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 05:43:42 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]
sistray.exe -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3650 | Size = 331776 bytes | Modified Date = 04/01/2005 16:52:52 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
avgnsx.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgnsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.93 | Size = 437016 bytes | Modified Date = 12/05/2008 14:57:22 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09/05/2008 21:51:12 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16/08/2004 15:17:20 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 31/07/2007 08:22:14 | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
(avgfws8) AVG8 Firewall [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 930584 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
(BMUService) Memeo [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Tanagra\Memeo\MemeoService.exe -> Tanagra, Inc. [Ver = 1.4.2.0 | Size = 192512 bytes | Modified Date = 28/02/2006 18:15:30 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]

[Driver Services - Non-Microsoft Only]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\AGRSM.sys -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:51:06 | Size = 1270540 bytes | Modified Date = 07/10/2004 19:51:08 | Attr = ]
(alcan5ln) Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\alcan5ln.sys -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 36048 bytes | Modified Date = 12/11/2002 11:01:46 | Attr = ]
(alcaudsl) Alcatel Speed Touch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\alcaudsl.sys -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 748544 bytes | Modified Date = 12/11/2002 11:01:42 | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5790 built by: WinDDK | Size = 2311680 bytes | Modified Date = 24/02/2005 14:20:22 | Attr = ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 11/08/2004 01:30:00 | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 31/07/2007 08:22:08 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05/09/2006 18:03:16 | Attr = ]
(Avgfwdx) Avgfwdx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\avgfwdx.sys -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 22528 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
(Avgfwfd) AVG network filter service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\avgfwdx.sys -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 22528 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> %SystemRoot%\System32\Drivers\avgrkx86.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 12424 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> Broadcom Corporation [Ver = 3.100.46.0 built by: WinDDK | Size = 369024 bytes | Modified Date = 21/12/2004 10:32:12 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\DKbFltr.sys -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 08/12/2004 14:10:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 14:44:04 | Attr = ]
(incdrm) InCD EasyWrite Reader [Kernel | System | Running] -> %SystemRoot%\System32\drivers\incdrm.sys -> Ahead Software AG [Ver = 4, 0, 0, 16 | Size = 25520 bytes | Modified Date = 21/08/2003 18:56:36 | Attr = ]
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 22/02/2007 11:15:56 | Attr = ]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 28/05/2006 07:43:34 | Attr = ]
(osaio) osaio [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\osaio.sys -> Avocent/OSA Technologies Inc. [Ver = 5.2.3790.0 built by: WinDDK | Size = 8704 bytes | Modified Date = 04/03/2005 16:37:26 | Attr = ]
(osanbm) osanbm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\osanbm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4010 bytes | Modified Date = 14/01/2005 15:57:16 | Attr = ]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 05/12/2003 18:46:36 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 23/02/2007 06:29:54 | Attr = ]
(RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RMSPPPOE.SYS -> Robert Schlabbach [Ver = 0.98.0715.0 | Size = 31232 bytes | Modified Date = 10/06/2002 00:09:08 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 08:25:54 | Attr = ]
(SiS315) SiS315 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3654 | Size = 240640 bytes | Modified Date = 02/03/2005 00:09:02 | Attr = ]
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\SISAGPX.sys -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1170 built by: WinDDK | Size = 36992 bytes | Modified Date = 18/07/2003 09:58:20 | Attr = ]
(SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3653 | Size = 13312 bytes | Modified Date = 25/02/2005 19:45:32 | Attr = ]
(SISNICXP) SiS PCI Fast Ethernet Adapter Driver for NDIS51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\sisnicxp.sys -> SiS Corporation [Ver = 2.0.1039.1180 built by: WinDDK | Size = 32768 bytes | Modified Date = 05/11/2004 01:43:58 | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 13:56:16 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 185824 bytes | Modified Date = 07/10/2004 23:33:46 | Attr = ]
(UBHelper) UBHelper [Kernel | System | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys -> [Ver = | Size = 13952 bytes | Modified Date = 17/12/2004 17:14:44 | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 15/01/2008 02:39:58 | Attr = ]
(V0260VID) Live! Cam Vista IM [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 0, 2, 0 | Size = 162176 bytes | Modified Date = 01/04/2006 18:16:44 | Attr = R ]
(int15.sys) int15.sys [Kernel | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\int15.sys -> [Ver = | Size = 69632 bytes | Modified Date = 13/01/2005 14:46:16 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 07/10/2004 19:50:52 | Attr = ]
AVG8_TRAY -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.88 | Size = 1177368 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
CreativeTaskScheduler -> %ProgramFiles%\Creative\Shared Files\CTSched.exe ["C:\Program Files\Creative\Shared Files\CTSched.exe" /logon] -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 05:43:42 | Attr = ]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe [C:\Acer\Empowering Technology\eRecovery\Monitor.exe] -> acer Inc. [Ver = 1, 3, 3, 9 | Size = 385024 bytes | Modified Date = 16/11/2005 16:54:56 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
LaunchApp -> %SystemRoot%\Alaunch.exe [Alaunch] -> Acer Inc. [Ver = 2, 1, 0, 0 | Size = 520192 bytes | Modified Date = 23/06/2005 01:36:20 | Attr = ]
LManager -> %ProgramFiles%\Launch Manager\QtZgAcer.EXE [C:\Program Files\Launch Manager\QtZgAcer.EXE] -> Dritek System Inc. [Ver = 1, 0, 6, 812 | Size = 315392 bytes | Modified Date = 12/10/2005 15:16:04 | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 13:50:42 | Attr = R ]
PCMService -> %ProgramFiles%\Arcade\PCMService.exe ["C:\Program Files\Arcade\PCMService.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/03/2005 18:59:26 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
RegistryMechanic -> [] -> File not found
SiS Windows KeyHook -> %SystemRoot%\system32\keyhook.exe [C:\WINDOWS\system32\keyhook.exe] -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3654 | Size = 32768 bytes | Modified Date = 04/03/2005 13:13:04 | Attr = ]
SiSPower -> %SystemRoot%\system32\SiSPower.DLL [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3654 | Size = 49152 bytes | Modified Date = 25/02/2005 19:35:12 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.36 | Size = 77824 bytes | Modified Date = 23/02/2005 18:13:10 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
Symantec NetDriver Monitor -> %SystemDrive%\PROGRA~1\SYMNET~1\SNDMon.exe [C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer] -> File not found
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 07/10/2004 23:43:12 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 07/10/2004 23:44:24 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 01/02/2008 17:32:54 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Utility Tray.lnk -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3650 | Size = 331776 bytes | Modified Date = 04/01/2005 16:52:52 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 15:06:48 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]
< Midori Startup Folder > -> C:\Documents and Settings\Midori\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Memeo Launcher.lnk -> %AppData%\Microsoft\Installer\{A494DB30-07BB-4D2A-A0BF-C60EC2593731}\_ABB6D16E06554E04B5B5D9DD97EFB09A.exe -> InstallShield Software Corp. [Ver = 10.0.159 | Size = 208896 bytes | Modified Date = 04/09/2007 16:31:34 | Attr = R ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 12/05/2008 14:57:36 | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 31/07/2007 08:22:10 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSlimtype_DVDRW_SOSW-833S________________VRS2____\5&325a9220&1&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 100 bytes | Modified Date = 09/03/2005 09:51:26 | Attr = ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.myspace.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
www_photobucket.com [https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar Helper] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 01:56:50 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 12/05/2008 14:57:24 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVGTOOLBAR] -> AVG, Inc. [Ver = 5.0.2.363 | Size = 2051328 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVGTOOLBAR] -> AVG, Inc. [Ver = 5.0.2.363 | Size = 2051328 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> Reg Error: Value does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2D775ABE-C1F2-4D1E-AF5B-A113997C51C5} -> (Broadcom 802.11g Network Adapter) ->
{35886F2B-F8CD-4473-928E-74A7BE57A2AC} -> () ->
{4AD6780B-6FFD-4A57-9E98-782D0282F6AF} -> (1394 Net Adapter) ->
{510F4A26-B174-4E82-80D3-0C14426BAD94} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{DF571A2A-086D-4D03-988F-FFDCA256AF99} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] ->
{9D190AE6-C81E-4039-8061-978EBAD10073}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.0] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Micr
  • 0

#24
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
And the DSS one!

Deckard's System Scanner v20071014.68
Run by Midori on 2008-05-13 17:57:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Midori.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:57, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Soulseek\slsk.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Midori\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Midori.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Plug-in 1.5.0_08) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7881 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 08:31:02 0 d--h----- C:\$AVG8.VAULT$
2008-05-12 14:57:28 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 14:57:28 0 d-------- C:\Documents and Settings\Midori\Application Data\AVGTOOLBAR
2008-05-12 14:55:42 0 d-------- C:\Program Files\AVG
2008-05-12 14:55:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 08:22:38 0 d--hs---- C:\FOUND.026
2008-05-09 13:11:10 0 d-------- C:\Program Files\Trend Micro
2008-05-09 12:48:19 68096 --a------ C:\WINDOWS\zip.exe
2008-05-09 12:48:19 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-09 12:48:19 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-09 12:48:19 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-09 12:48:19 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-09 12:48:19 98816 --a------ C:\WINDOWS\sed.exe
2008-05-09 12:48:19 80412 --a------ C:\WINDOWS\grep.exe
2008-05-09 12:48:19 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-09 09:33:44 0 d-------- C:\Documents and Settings\Scoot\Application Data\Adobe
2008-04-24 15:44:45 0 d-------- C:\Program Files\DiskInternals
2008-04-24 12:38:53 0 d-------- C:\Program Files\PTDD Group
2008-04-23 21:43:22 0 d--hs---- C:\FOUND.025
2008-04-23 18:46:42 0 d--hs---- C:\FOUND.024
2008-04-22 20:32:24 0 d--hs---- C:\FOUND.023
2008-04-21 14:40:24 0 d--hs---- C:\FOUND.022
2008-04-19 14:29:20 0 d-------- C:\Documents and Settings\Scoot\Application Data\MySpace
2008-04-19 09:51:48 34304 --a------ C:\WINDOWS\system32\RASPPPOE.EXE <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-04-19 09:51:48 38912 --a------ C:\WINDOWS\system32\RASPPPOE.DLL <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-04-19 09:51:48 31232 --a------ C:\WINDOWS\system32\drivers\RMSPPPOE.SYS <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>
2008-04-19 00:42:29 4956 --a------ C:\xp_drive_association_fix.reg
2008-04-15 01:54:42 5607 --a------ C:\WINDOWS\system32\stci.dll
2008-04-15 01:54:42 5312 --a------ C:\WINDOWS\system32\drivers\alcawh.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
2008-04-15 01:54:42 748544 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
2008-04-15 01:54:42 36048 --a------ C:\WINDOWS\system32\drivers\alcan5ln.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
2008-04-15 01:54:42 4000 --a------ C:\WINDOWS\system32\drivers\alcacr.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
2008-04-15 01:53:54 0 d-------- C:\Program Files\Programador de Modem


-- Find3M Report ---------------------------------------------------------------

2008-04-13 19:32:30 4194441 --a------ C:\Documents and Settings\Midori\Application Data\sdi.db
2008-03-16 18:26:00 0 d-------- C:\Program Files\Microsoft.NET


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
12/05/2008 14:57 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 23:43]
"SoundMan"="SOUNDMAN.EXE" [23/02/2005 18:13 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [07/10/2004 19:50 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [25/02/2005 19:35 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [04/03/2005 13:13]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [12/10/2005 15:16]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [16/11/2005 16:54]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"RegistryMechanic"="" []
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [09/01/2006 05:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 13:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15:10]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/01/2008 03:22]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [12/05/2008 14:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [01/02/2008 17:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Midori\Start Menu\Programs\Startup\
Memeo Launcher.lnk - C:\Documents and Settings\Midori\Application Data\Microsoft\Installer\{A494DB30-07BB-4D2A-A0BF-C60EC2593731}\_ABB6D16E06554E04B5B5D9DD97EFB09A.exe [04/09/2007 16:31:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [04/01/2005 16:52:52]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [29/05/2006 21:39:24]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGFWS8
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGTDIX
*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-05-13 17:58:29 ------------

Thanks a lot! :-)
  • 0

#25
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi,

First, looks like the OTScanIt log got cut. You will need to split it to several replies, until you see the <End Of Report> line. Secondly, the DSS log is the same, and it's clean again :) Perhaps you could explain your issue in more detail, since I might have misunderstood it.

Tal.
  • 0

Advertisements


#26
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tal,
So are we done with the DSS scan then? What I tried to say was that the same trojan horse I was having problem was caught by the AVG scan. I didn´t do anything as I wasn´t sure what to do, since I was following your instructions. SO the drive is clean now? That´s good news then! :-)
Well, anyway... Sorry about the scan log getting cut, here is it again ok? :)

[code=auto:0]
OTScanIt logfile created on: 14/05/2008 21:42:12
OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\Midori\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.48 Mb Total Physical Memory | 170.62 Mb Available Physical Memory | 38.21% Memory free
1.03 Gb Paging File | 0.64 Gb Available in Paging File | 62.18% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.55 Gb Total Space | 5.60 Gb Free Space | 15.76% Space Free | Partition Type: FAT32
Drive D: | 36.03 Gb Total Space | 35.66 Gb Free Space | 98.96% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 60.13 Gb Free Space | 40.34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAKIS
Current User Name: Midori
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16/08/2004 15:17:20 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 31/07/2007 08:22:14 | Attr = ]
avgwdsvc.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
avgfws8.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 930584 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
avgam.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgam.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 658200 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
avgrsx.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 12/05/2008 14:57:22 | Attr = ]
avgnsx.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgnsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.93 | Size = 437016 bytes | Modified Date = 12/05/2008 14:57:22 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 07/10/2004 23:44:24 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 07/10/2004 23:43:12 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.36 | Size = 77824 bytes | Modified Date = 23/02/2005 18:13:10 | Attr = ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 07/10/2004 19:50:52 | Attr = ]
keyhook.exe -> %SystemRoot%\system32\keyhook.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3654 | Size = 32768 bytes | Modified Date = 04/03/2005 13:13:04 | Attr = ]
monitor.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe -> acer Inc. [Ver = 1, 3, 3, 9 | Size = 385024 bytes | Modified Date = 16/11/2005 16:54:56 | Attr = ]
pcmservice.exe -> %ProgramFiles%\Arcade\PCMService.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/03/2005 18:59:26 | Attr = ]
qtzgacer.exe -> %ProgramFiles%\Launch Manager\QtZgAcer.EXE -> Dritek System Inc. [Ver = 1, 0, 6, 812 | Size = 315392 bytes | Modified Date = 12/10/2005 15:16:04 | Attr = ]
ctsched.exe -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 05:43:42 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
avgtray.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.88 | Size = 1177368 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 01/02/2008 17:32:54 | Attr = ]
sistray.exe -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3650 | Size = 331776 bytes | Modified Date = 04/01/2005 16:52:52 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
memeobackup.exe -> %ProgramFiles%\Tanagra\Memeo\MemeoBackup.exe -> Tanagra, Inc. [Ver = 1.4.2.0 | Size = 1007616 bytes | Modified Date = 28/02/2006 18:15:30 | Attr = ]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 01/02/2008 17:32:54 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09/05/2008 21:51:12 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16/08/2004 15:17:20 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 04/09/2007 19:04:36 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 31/07/2007 08:22:14 | Attr = ]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 282904 bytes | Modified Date = 12/05/2008 14:57:18 | Attr = ]
(avgfws8) AVG8 Firewall [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgfws8.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 930584 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
(BMUService) Memeo [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Tanagra\Memeo\MemeoService.exe -> Tanagra, Inc. [Ver = 1.4.2.0 | Size = 192512 bytes | Modified Date = 28/02/2006 18:15:30 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 03:22:44 | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 84, 83, 3 | Size = 300544 bytes | Modified Date = 15/06/2007 16:55:00 | Attr = ]

[Driver Services - Non-Microsoft Only]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\AGRSM.sys -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:51:06 | Size = 1270540 bytes | Modified Date = 07/10/2004 19:51:08 | Attr = ]
(alcan5ln) Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\alcan5ln.sys -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 36048 bytes | Modified Date = 12/11/2002 11:01:46 | Attr = ]
(alcaudsl) Alcatel Speed Touch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\alcaudsl.sys -> THOMSON multimedia [Ver = 201.2.0.0 | Size = 748544 bytes | Modified Date = 12/11/2002 11:01:42 | Attr = ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5790 built by: WinDDK | Size = 2311680 bytes | Modified Date = 24/02/2005 14:20:22 | Attr = ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\AmdK8.sys -> Advanced Micro Devices [Ver = 1.1.0 built by: dnsrv(wmbla) | Size = 39424 bytes | Modified Date = 11/08/2004 01:30:00 | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 31/07/2007 08:22:08 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05/09/2006 18:03:16 | Attr = ]
(Avgfwdx) Avgfwdx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\avgfwdx.sys -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 22528 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
(Avgfwfd) AVG network filter service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\avgfwdx.sys -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 22528 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgRkx86) avgrkx86.sys [File_System | Boot | Running] -> %SystemRoot%\System32\Drivers\avgrkx86.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 12424 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcmwl5.sys -> Broadcom Corporation [Ver = 3.100.46.0 built by: WinDDK | Size = 369024 bytes | Modified Date = 21/12/2004 10:32:12 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\DKbFltr.sys -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 08/12/2004 14:10:00 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 14:44:04 | Attr = ]
(incdrm) InCD EasyWrite Reader [Kernel | System | Running] -> %SystemRoot%\System32\drivers\incdrm.sys -> Ahead Software AG [Ver = 4, 0, 0, 16 | Size = 25520 bytes | Modified Date = 21/08/2003 18:56:36 | Attr = ]
(nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 22/02/2007 11:15:56 | Attr = ]
(nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 22/02/2007 11:15:14 | Attr = ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 28/05/2006 07:43:34 | Attr = ]
(osaio) osaio [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\osaio.sys -> Avocent/OSA Technologies Inc. [Ver = 5.2.3790.0 built by: WinDDK | Size = 8704 bytes | Modified Date = 04/03/2005 16:37:26 | Attr = ]
(osanbm) osanbm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\osanbm.sys -> Windows ® 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4010 bytes | Modified Date = 14/01/2005 15:57:16 | Attr = ]
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 05/12/2003 18:46:36 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 23/02/2007 06:29:54 | Attr = ]
(RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\RMSPPPOE.SYS -> Robert Schlabbach [Ver = 0.98.0715.0 | Size = 31232 bytes | Modified Date = 10/06/2002 00:09:08 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 08:25:54 | Attr = ]
(SiS315) SiS315 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3654 | Size = 240640 bytes | Modified Date = 02/03/2005 00:09:02 | Attr = ]
(SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\SISAGPX.sys -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1170 built by: WinDDK | Size = 36992 bytes | Modified Date = 18/07/2003 09:58:20 | Attr = ]
(SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3653 | Size = 13312 bytes | Modified Date = 25/02/2005 19:45:32 | Attr = ]
(SISNICXP) SiS PCI Fast Ethernet Adapter Driver for NDIS51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\sisnicxp.sys -> SiS Corporation [Ver = 2.0.1039.1180 built by: WinDDK | Size = 32768 bytes | Modified Date = 05/11/2004 01:43:58 | Attr = ]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 13:56:16 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 185824 bytes | Modified Date = 07/10/2004 23:33:46 | Attr = ]
(UBHelper) UBHelper [Kernel | System | Running] -> %SystemRoot%\System32\drivers\UBHelper.sys -> [Ver = | Size = 13952 bytes | Modified Date = 17/12/2004 17:14:44 | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 15/01/2008 02:39:58 | Attr = ]
(V0260VID) Live! Cam Vista IM [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 0, 2, 0 | Size = 162176 bytes | Modified Date = 01/04/2006 18:16:44 | Attr = R ]
(int15.sys) int15.sys [Kernel | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\int15.sys -> [Ver = | Size = 69632 bytes | Modified Date = 13/01/2005 14:46:16 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.47 2.1.47 10/08/2004 09:50:51 | Size = 88363 bytes | Modified Date = 07/10/2004 19:50:52 | Attr = ]
AVG8_TRAY -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.88 | Size = 1177368 bytes | Modified Date = 12/05/2008 14:57:20 | Attr = ]
CreativeTaskScheduler -> %ProgramFiles%\Creative\Shared Files\CTSched.exe ["C:\Program Files\Creative\Shared Files\CTSched.exe" /logon] -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 05:43:42 | Attr = ]
eRecoveryService -> %SystemDrive%\Acer\Empowering Technology\eRecovery\Monitor.exe [C:\Acer\Empowering Technology\eRecovery\Monitor.exe] -> acer Inc. [Ver = 1, 3, 3, 9 | Size = 385024 bytes | Modified Date = 16/11/2005 16:54:56 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 15/01/2008 03:22:56 | Attr = ]
LaunchApp -> %SystemRoot%\Alaunch.exe [Alaunch] -> Acer Inc. [Ver = 2, 1, 0, 0 | Size = 520192 bytes | Modified Date = 23/06/2005 01:36:20 | Attr = ]
LManager -> %ProgramFiles%\Launch Manager\QtZgAcer.EXE [C:\Program Files\Launch Manager\QtZgAcer.EXE] -> Dritek System Inc. [Ver = 1, 0, 6, 812 | Size = 315392 bytes | Modified Date = 12/10/2005 15:16:04 | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 13:50:42 | Attr = R ]
PCMService -> %ProgramFiles%\Arcade\PCMService.exe ["C:\Program Files\Arcade\PCMService.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/03/2005 18:59:26 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup] -> Nokia [Ver = 6, 84, 78, 3 | Size = 271360 bytes | Modified Date = 18/06/2007 15:10:32 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 10/01/2008 15:27:36 | Attr = ]
RegistryMechanic -> [] -> File not found
SiS Windows KeyHook -> %SystemRoot%\system32\keyhook.exe [C:\WINDOWS\system32\keyhook.exe] -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3654 | Size = 32768 bytes | Modified Date = 04/03/2005 13:13:04 | Attr = ]
SiSPower -> %SystemRoot%\system32\SiSPower.DLL [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3654 | Size = 49152 bytes | Modified Date = 25/02/2005 19:35:12 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.36 | Size = 77824 bytes | Modified Date = 23/02/2005 18:13:10 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
Symantec NetDriver Monitor -> %SystemDrive%\PROGRA~1\SYMNET~1\SNDMon.exe [C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer] -> File not found
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 07/10/2004 23:43:12 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 07/10/2004 23:44:24 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 01/02/2008 17:32:54 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Utility Tray.lnk -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3650 | Size = 331776 bytes | Modified Date = 04/01/2005 16:52:52 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 15:06:48 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]
< Midori Startup Folder > -> C:\Documents and Settings\Midori\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Memeo Launcher.lnk -> %AppData%\Microsoft\Installer\{A494DB30-07BB-4D2A-A0BF-C60EC2593731}\_ABB6D16E06554E04B5B5D9DD97EFB09A.exe -> InstallShield Software Corp. [Ver = 10.0.159 | Size = 208896 bytes | Modified Date = 04/09/2007 16:31:34 | Attr = R ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 12/05/2008 14:57:36 | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 31/07/2007 08:22:10 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSlimtype_DVDRW_SOSW-833S________________VRS2____\5&325a9220&1&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 100 bytes | Modified Date = 09/03/2005 09:51:26 | Attr = ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.myspace.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
www_photobucket.com [https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar Helper] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 01:56:50 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 12/05/2008 14:57:24 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVGTOOLBAR] -> AVG, Inc. [Ver = 5.0.2.363 | Size = 2051328 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVGTOOLBAR] -> AVG, Inc. [Ver = 5.0.2.363 | Size = 2051328 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [AVGTOOLBAR] -> AVG, Inc. [Ver = 5.0.2.363 | Size = 2051328 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> Reg Error: Value does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2D775ABE-C1F2-4D1E-AF5B-A113997C51C5} -> (Broadcom 802.11g Network Adapter) ->
{35886F2B-F8CD-4473-928E-74A7BE57A2AC} -> () ->
{4AD6780B-6FFD-4A57-9E98-782D0282F6AF} -> (1394 Net Adapter) ->
{510F4A26-B174-4E82-80D3-0C14426BAD94} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{DF571A2A-086D-4D03-988F-FFDCA256AF99} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 12/05/2008 14:57:28 | Attr = ]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.micr.../OGAControl.cab[Office Genuine Advantage Validation Tool] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoft...free/asinst.cab[ActiveScan Installer Class] ->
{9D190AE6-C81E-4039-8061-978EBAD10073}[HKEY_LOCAL_MACHINE] -> http://support.f-sec...m/ols/fscax.cab[F-Secure Online Scanner 3.0] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.micros...ntent/opuc4.cab[Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {9D190AE6-C81E-4039-8061-978EBAD10073} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{9D190AE6-C81E-4039-8061-978EBAD10073} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->

Edited by dtakehana, 14 May 2008 - 06:55 PM.

  • 0

#27
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 20:49:30 | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 17:21:16 | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1236 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 05:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE
[Files/Folders - Modified Within 30 days]
ISACER.ID -> %SystemDrive%\ISACER.ID -> [Ver = | Size = 6 bytes | Modified Date = 19/04/2008 12:32:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 468242432 bytes | Modified Date = 14/05/2008 19:40:40 | Attr = HS]
FOUND.023 -> %SystemDrive%\FOUND.023 -> [Folder | Modified Date = 22/04/2008 20:32:24 | Attr = HS]
FOUND.022 -> %SystemDrive%\FOUND.022 -> [Folder | Modified Date = 21/04/2008 14:40:24 | Attr = HS]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 13/05/2008 08:31:04 | Attr = H ]
graph.grf -> %SystemDrive%\graph.grf -> [Ver = | Size = 8192 bytes | Modified Date = 21/04/2008 18:04:40 | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 21/04/2008 20:36:40 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 09/05/2008 12:49:34 | Attr = ]
FOUND.024 -> %SystemDrive%\FOUND.024 -> [Folder | Modified Date = 23/04/2008 18:46:42 | Attr = HS]
FOUND.025 -> %SystemDrive%\FOUND.025 -> [Folder | Modified Date = 23/04/2008 21:43:22 | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 24/04/2008 13:50:46 | Attr = ]
FOUND.026 -> %SystemDrive%\FOUND.026 -> [Folder | Modified Date = 10/05/2008 08:22:38 | Attr = HS]
avgfwdx.sys -> %SystemRoot%\System32\drivers\avgfwdx.sys -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 22528 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 12/05/2008 14:57:30 | Attr = ]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Modified Date = 12/05/2008 14:57:30 | Attr = ]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 786367 bytes | Modified Date = 12/05/2008 14:57:30 | Attr = ]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 156300 bytes | Modified Date = 12/05/2008 15:21:28 | Attr = ]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 23604325 bytes | Modified Date = 14/05/2008 18:20:34 | Attr = ]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
avgrkx86.sys -> %SystemRoot%\System32\drivers\avgrkx86.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 12424 bytes | Modified Date = 12/05/2008 14:57:34 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 14/05/2008 19:41:48 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 54682 bytes | Modified Date = 22/04/2008 01:11:08 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 385164 bytes | Modified Date = 22/04/2008 01:11:08 | Attr = ]
avgfwdx.dll -> %SystemRoot%\System32\avgfwdx.dll -> GRISOFT, s.r.o. [Ver = 7.9.0.476 | Size = 45568 bytes | Modified Date = 12/05/2008 14:55:44 | Attr = ]
eRLog.ini -> %SystemRoot%\System32\eRLog.ini -> [Ver = | Size = 451 bytes | Modified Date = 14/05/2008 19:43:12 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 259840 bytes | Modified Date = 18/04/2008 12:02:10 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 443254 bytes | Modified Date = 22/04/2008 01:11:08 | Attr = ]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 12/05/2008 14:57:36 | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 09/05/2008 12:52:36 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 09/05/2008 12:51:52 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 18/04/2008 11:09:28 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 14/05/2008 19:40:46 | Attr = S]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 14/05/2008 19:42:32 | Attr = H ]
MotionDVSTUDIO.INI -> %SystemRoot%\MotionDVSTUDIO.INI -> [Ver = | Size = 28 bytes | Modified Date = 21/04/2008 19:04:14 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 21/04/2008 20:44:54 | Attr = ]
AviSplitter.INI -> %SystemRoot%\AviSplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 11/05/2008 09:12:52 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/05/2008 19:40:56 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 28/05/2006 10:43:34 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 8786 bytes | Modified Date = 14/05/2008 19:45:02 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8786 bytes | Modified Date = 14/05/2008 19:45:02 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 16/03/2008 18:26:00 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 21/03/2008 21:12:14 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 12/05/2008 14:55:42 | Attr = ]
AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Modified Date = 12/05/2008 14:57:30 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 117760 bytes | Modified Date = 14/05/2008 21:10:40 | Attr = ]
Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations -> [Folder | Modified Date = 22/04/2008 11:32:08 | Attr = ]
My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 20/04/2008 19:35:10 | Attr = ]
visto com base em relacao estavel.pdf -> %UserProfile%\My Documents\visto com base em relacao estavel.pdf -> [Ver = | Size = 23659 bytes | Modified Date = 23/04/2008 12:56:56 | Attr = ]
projeto finlândia.xls -> %UserProfile%\My Documents\projeto finlândia.xls -> [Ver = | Size = 33792 bytes | Modified Date = 14/05/2008 16:16:46 | Attr = ]
Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 941056 bytes | Modified Date = 09/05/2008 17:09:20 | Attr = HS]
MySpaceIM.lnk -> %AllUsersProfile%\Desktop\MySpaceIM.lnk -> [Ver = | Size = 647 bytes | Modified Date = 19/04/2008 01:00:22 | Attr = ]
PTDD Partition Table Doctor 3.5 Demo.lnk -> %AllUsersProfile%\Desktop\PTDD Partition Table Doctor 3.5 Demo.lnk -> [Ver = | Size = 1841 bytes | Modified Date = 24/04/2008 12:39:40 | Attr = ]
AVG 8.0.lnk -> %AllUsersProfile%\Desktop\AVG 8.0.lnk -> [Ver = | Size = 1415 bytes | Modified Date = 12/05/2008 14:57:36 | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 12/05/2008 17:24:06 | Attr = ]
shrub.jpg -> %UserProfile%\Desktop\shrub.jpg -> [Ver = | Size = 382849 bytes | Modified Date = 12/05/2008 12:51:10 | Attr = ]
FOTO.jpg -> %UserProfile%\Desktop\FOTO.jpg -> [Ver = | Size = 60961 bytes | Modified Date = 13/05/2008 11:06:36 | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543023 bytes | Modified Date = 12/05/2008 15:26:00 | Attr = ]
backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 20/04/2008 19:25:24 | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 12/05/2008 15:26:46 | Attr = ]
alehammernormal1.JPG -> %UserProfile%\Desktop\alehammernormal1.JPG -> [Ver = | Size = 773809 bytes | Modified Date = 19/04/2008 11:07:46 | Attr = ]
eMule.lnk -> %UserProfile%\Desktop\eMule.lnk -> [Ver = | Size = 568 bytes | Modified Date = 19/04/2008 11:28:04 | Attr = ]
l_bc120fcbce9d2c08abbf0196760a257a.jpg -> %UserProfile%\Desktop\l_bc120fcbce9d2c08abbf0196760a257a.jpg -> [Ver = | Size = 84264 bytes | Modified Date = 12/05/2008 12:52:00 | Attr = ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 21/04/2008 20:24:16 | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1642 bytes | Modified Date = 09/05/2008 13:11:12 | Attr = ]
ATF-Cleaner(2).exe -> %UserProfile%\Desktop\ATF-Cleaner(2).exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 12/05/2008 15:23:54 | Attr = ]
l_d089fd0ac65d3b8984e6e8958523929a.jpg -> %UserProfile%\Desktop\l_d089fd0ac65d3b8984e6e8958523929a.jpg -> [Ver = | Size = 102147 bytes | Modified Date = 12/05/2008 12:52:56 | Attr = ]
l_5a66e234f256253325cc433f2518990e.jpg -> %UserProfile%\Desktop\l_5a66e234f256253325cc433f2518990e.jpg -> [Ver = | Size = 104869 bytes | Modified Date = 12/05/2008 12:56:24 | Attr = ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1850821 bytes | Modified Date = 09/05/2008 12:47:48 | Attr = ]
DIANA PIX -> %UserProfile%\Desktop\DIANA PIX -> [Folder | Modified Date = 13/05/2008 10:41:20 | Attr = ]
Partition_Recovery.exe -> %UserProfile%\Desktop\Partition_Recovery.exe -> DiskInternals Research [Ver = 2.7 | Size = 4037109 bytes | Modified Date = 24/04/2008 15:44:12 | Attr = ]
Kopio Diana Takehana CV em portuguęs.doc -> %UserProfile%\Desktop\Kopio Diana Takehana CV em portuguęs.doc -> [Ver = | Size = 2068480 bytes | Modified Date = 13/05/2008 11:18:00 | Attr = ]
Finnish Companies in Brazil, Finpro, 28.03.2008.doc -> %UserProfile%\Desktop\Finnish Companies in Brazil, Finpro, 28.03.2008.doc -> [Ver = | Size = 209408 bytes | Modified Date = 13/05/2008 11:33:48 | Attr = ]
7 veliestä.doc -> %UserProfile%\Desktop\7 veliestä.doc -> [Ver = | Size = 26624 bytes | Modified Date = 13/05/2008 12:17:16 | Attr = ]
Diana Takehana´s CV with attached translated articles.doc -> %UserProfile%\Desktop\Diana Takehana´s CV with attached translated articles.doc -> [Ver = | Size = 584704 bytes | Modified Date = 13/05/2008 13:51:54 | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1665 bytes | Modified Date = 09/05/2008 12:17:58 | Attr = ]
Memeo Launcher.lnk -> %UserProfile%\Start Menu\Programs\Startup\Memeo Launcher.lnk -> [Ver = | Size = 2477 bytes | Modified Date = 14/05/2008 19:42:28 | Attr = ]

< End of report >
[/code]

Edited by dtakehana, 14 May 2008 - 06:56 PM.

  • 0

#28
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi Diana,

Logs look good. Nothing interesting there :) Any issues?

Tal
  • 0

#29
dtakehana

dtakehana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Tal!

Well that´s good news indeed! ;-)
In that case I´d like to thank you very much for your invaluable help!!
All the best & take it easy
D
  • 0

#30
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
You're welcome. I'll leave this topic open for a few days in case you have any other issues to report.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP