well

Hello heyyy and welcome to the G2G HijackThis forum. Let's see what else is hanging around in there.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT

Thanks for the reply, Oldtimer. I am running your program now and I will post a log once it's done running.

Well it finished! here ya go!


WinPFind3 logfile created on: 07-01-12 21:37:13
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 226712 Kb Available Physical Memory | 43.29% Memory free
1279236 Kb Paging File | 943188 Kb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150194516 Kb Total Space | 64446356 Kb Free Space | 42.91% Space Free
Drive D: | 6073888 Kb Total Space | 794496 Kb Free Space | 13.08% Space Free
Unable to calculate disk information.
Drive F: | 271404 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
bandwidth monitor pro.exe -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
hijackthis.exe -> %ProgramFiles%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 05-02-16 10:06:16 | Attr = ]
iftpsvc.exe -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
intfysvc.exe -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 350764 bytes | Modified Date = 07-01-11 22:58:54 | Attr = HS]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 4806144 bytes | Modified Date = 06-11-01 17:17:34 | Attr = ]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 164352 bytes | Modified Date = 06-11-01 17:17:26 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 07-01-12 16:20:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Abel) Abel [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Cain\Abel.exe -> oxid.it [Ver = 2.9 | Size = 27136 bytes | Modified Date = 06-05-22 22:13:12 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 06-07-19 20:41:46 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 251520 bytes | Modified Date = 06-08-05 01:22:48 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 844, 0 | Size = 370304 bytes | Modified Date = 06-08-05 01:22:38 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04-08-04 14:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
(iFtpSvc) Ipswitch WS_FTP Service [Win32_Own | Auto | Running] -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
(inotifysvr) Ipswitch Notification Server [Win32_Own | Auto | Running] -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 06-10-09 21:11:08 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
(WebrootDesktopFirewallDataService) Webroot Desktop Firewall Data Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\WDFDataService.exe -> Webroot Software, Inc. [Ver = 2.0.0.419 | Size = 665600 bytes | Modified Date = 05-09-29 21:46:50 | Attr = ]
(WebrootFirewall) Webroot Desktop Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\FirewallNTService.exe -> [Ver = | Size = 192512 bytes | Modified Date = 05-05-18 13:10:56 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
(wscsvc) Security Center [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\%System32%\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 4806144 bytes | Modified Date = 06-11-01 17:17:34 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bandwidth Monitor Pro -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> [Ver = | Size = 16423 bytes | Modified Date = 04-08-07 16:33:32 | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 01-11-27 07:10:00 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 99-11-04 14:06:48 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^HP Organize.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^SpamSubtract.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^UMAX VistaAccess.lnk -> %ProgramFiles%\VSTASCAN\vsaccess.exe -> UMAX [Ver = 1. 02 | Size = 159232 bytes | Modified Date = 00-01-06 07:26:36 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 04-06-29 19:06:38 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:12 | Attr = ]
BearShare -> %ProgramFiles%\BearShare\BearShare.exe -> File not found
CTFMon -> %System32%\CTF\ctfmon.exe -> File not found
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 05-12-10 09:57:20 | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 04-06-07 20:42:30 | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 04-06-07 20:53:26 | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 98-05-07 18:04:38 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 03-02-11 22:02:48 | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 03-09-13 21:36:52 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 02-10-16 18:57:10 | Attr = ]
PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 06-12-05 21:00:28 | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04-04-14 22:43:46 | Attr = ]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> File not found
Steam -> -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 04-08-07 14:37:00 | Attr = ]
VTTimer -> VTTimer.exe -> File not found
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 05-05-10 13:31:20 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
C:\WINDOWS\system32\fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 350764 bytes | Modified Date = 07-01-11 22:58:54 | Attr = HS]
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\DirectX For Microsoft® Windows -> C:\WINDOWS\system32\fservice.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{B4FE4312-0833-1033-0606-050923040001} -> "C:\Program Files\Common Files\{B4FE4312-0833-1033-0606-050923040001}\Update.exe" te-110-12-0000073 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 03-11-03 23:17:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509050} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMail Drive] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509052} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Property Sheet] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509054} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Drop Handler] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509056} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Context Menu] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 06-07-31 13:45:38 | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 715648 bytes | Modified Date = 06-10-08 09:04:56 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{6DEA92E9-8682-4b6a-97DE-354772FE5727} [HKLM] -> %CommonProgramFiles%\Autodesk Shared\AcDwfThmbPrxy16.dll [Autodesk DWF Preview] -> Autodesk [Ver = 16.2.54.0 | Size = 39032 bytes | Modified Date = 05-03-05 03:14:24 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 02-09-20 23:42:28 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic RecordNow!\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 04-06-07 16:02:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 04-08-03 20:47:00 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> Reg Data - Key not found [XPTools] -> File not found
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{C302D863-4E76-4BA1-BE82-93EFAEA842D4} -> (1394 Net Adapter) ->
{D8C10C11-EFCF-40E9-8540-A1A45C4A0852} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games....GamesPlugin.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1155341631876 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files - Created Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Created Date = 07-01-12 06:53:20 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Created Date = 07-01-12 06:59:52 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Created Date = 07-01-12 06:59:54 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Created Date = 07-01-12 07:09:55 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Created Date = 07-01-12 07:11:30 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Created Date = 07-01-12 07:08:10 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Created Date = 07-01-12 07:02:09 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 3783 bytes | Created Date = 07-01-12 06:51:13 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07-01-10 23:59:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07-01-10 23:59:30 | Attr = H ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 350764 bytes | Created Date = 07-01-11 22:59:04 | Attr = HS]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Created Date = 06-12-24 01:59:26 | Attr = ]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 06-12-29 12:46:32 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Created Date = 07-01-09 19:50:04 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 06-12-27 12:37:54 | Attr = ]
fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 350764 bytes | Created Date = 07-01-11 22:59:04 | Attr = HS]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Created Date = 07-01-12 16:37:41 | Attr = ]
reginv.dll -> %System32%\reginv.dll -> [Ver = | Size = 36864 bytes | Created Date = 07-01-12 16:37:38 | Attr = ]
reginv.dll_tobedeleted -> %System32%\reginv.dll_tobedeleted -> [Ver = | Size = 36864 bytes | Created Date = 07-01-11 22:59:08 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Created Date = 07-01-09 19:42:13 | Attr = ]
winkey.dll -> %System32%\winkey.dll -> [Ver = | Size = 13312 bytes | Created Date = 07-01-12 16:37:35 | Attr = ]
winkey.dll_tobedeleted -> %System32%\winkey.dll_tobedeleted -> [Ver = | Size = 13312 bytes | Created Date = 07-01-11 22:59:05 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 06-12-22 20:53:24 | Attr = ]

[Files - Modified Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Modified Date = 07-01-12 07:13:10 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Modified Date = 07-01-12 07:13:12 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Modified Date = 07-01-12 14:41:48 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Adobe Anchor Service\AMT\component.xml -> [Ver = | Size = 534 bytes | Modified Date = 07-01-12 06:59:58 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Modified Date = 07-01-12 14:42:28 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\DefaultLanguage\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:04:46 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:06:28 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 07-01-12 07:09:56 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Modified Date = 07-01-12 07:11:32 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Modified Date = 07-01-12 07:08:12 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\PDFL\8.0\AMT\component.xml -> [Ver = | Size = 528 bytes | Modified Date = 07-01-12 07:12:20 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\CMaps\AMT\component.xml -> [Ver = | Size = 532 bytes | Modified Date = 07-01-12 07:04:22 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Modified Date = 07-01-12 07:02:10 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Linguistics\Providers\WinSoft\WRLiloPlugin1.0\AMT\component.xml -> [Ver = | Size = 545 bytes | Modified Date = 07-01-12 07:06:50 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 07-01-12 16:40:38 | Attr = S]
IF40LE.INI -> %SystemRoot%\IF40LE.INI -> [Ver = | Size = 4816 bytes | Modified Date = 06-12-21 19:23:00 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 3783 bytes | Modified Date = 07-01-12 21:35:08 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 07-01-10 14:52:28 | Attr = ]
ppdrv.ini -> %SystemRoot%\ppdrv.ini -> [Ver = | Size = 114 bytes | Modified Date = 07-01-08 07:59:32 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07-01-10 23:59:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07-01-10 23:59:32 | Attr = H ]
services.exe -> %SystemRoot%\services.exe -> [Ver = | Size = 350764 bytes | Modified Date = 07-01-11 22:58:54 | Attr = HS]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1015 bytes | Modified Date = 07-01-10 03:03:26 | Attr = ]
wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 642 bytes | Modified Date = 07-01-12 15:57:58 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Modified Date = 07-01-09 19:50:06 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 06-12-27 12:35:24 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 06-12-28 12:46:06 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 227208 bytes | Modified Date = 06-12-26 16:05:46 | Attr = ]
fservice.exe -> %System32%\fservice.exe -> [Ver = | Size = 350764 bytes | Modified Date = 07-01-11 22:58:54 | Attr = HS]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Modified Date = 07-01-12 16:37:42 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 07-01-12 16:42:32 | Attr = ]
reginv.dll -> %System32%\reginv.dll -> [Ver = | Size = 36864 bytes | Modified Date = 07-01-12 16:41:14 | Attr = ]
reginv.dll_tobedeleted -> %System32%\reginv.dll_tobedeleted -> [Ver = | Size = 36864 bytes | Modified Date = 07-01-12 15:21:10 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Modified Date = 07-01-09 19:42:10 | Attr = ]
winkey.dll -> %System32%\winkey.dll -> [Ver = | Size = 13312 bytes | Modified Date = 07-01-12 16:40:52 | Attr = ]
winkey.dll_tobedeleted -> %System32%\winkey.dll_tobedeleted -> [Ver = | Size = 13312 bytes | Modified Date = 07-01-12 15:21:08 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 07-01-12 15:21:12 | Attr = ]

[File String Scan - Non-Microsoft Only]
PTech , -> %CommonProgramFiles%\Adobe\Adobe Asset Services CS3\Plug-Ins\Dicom.8bi -> Adobe Systems Incorporated [Ver = 1.0 | Size = 3399680 bytes | Modified Date = 06-11-28 19:10:26 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml -> [Ver = | Size = 4139685 bytes | Modified Date = 06-12-05 17:02:50 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml -> [Ver = | Size = 3978960 bytes | Modified Date = 06-12-01 17:50:28 | Attr = ]
CNNIC , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml -> [Ver = | Size = 1298334 bytes | Modified Date = 06-12-01 21:02:48 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.proxy.xml -> [Ver = | Size = 6009509 bytes | Modified Date = 06-12-08 08:03:06 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\cze108.lex -> [Ver = | Size = 3916800 bytes | Modified Date = 05-03-16 18:15:32 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\11.00\cze108.lex -> [Ver = | Size = 7915520 bytes | Modified Date = 06-12-01 16:37:40 | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 05-09-19 10:49:16 | Attr = ]
Umonitor , -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB -> [Ver = | Size = 508928 bytes | Modified Date = 06-10-22 17:27:44 | Attr = ]
UPX0 , -> %CommonProgramFiles%\Autodesk Shared\AcGradient16.dll -> Autodesk [Ver = 16.2.54.0 | Size = 12408 bytes | Modified Date = 05-03-05 04:18:10 | Attr = ]
PEC2 , -> %CommonProgramFiles%\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.6.6.0 | Size = 663547 bytes | Modified Date = 05-08-01 20:57:20 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 04-09-29 11:36:24 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 03-11-20 08:38:14 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 05-03-04 03:09:40 | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 99-01-12 10:29:28 | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 02-07-11 06:22:04 | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 02-11-22 10:27:36 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 04-09-20 14:20:44 | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 869, 0 | Size = 635520 bytes | Modified Date = 06-08-08 11:53:28 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 06-12-12 11:25:20 | Attr = ]
UPX! , UPX0 , -> %System32%\fservice.exe -> [Ver = | Size = 350764 bytes | Modified Date = 07-01-11 22:58:54 | Attr = HS]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
aspack , -> %System32%\winkey.dll -> [Ver = | Size = 13312 bytes | Modified Date = 07-01-12 16:40:52 | Attr = ]
aspack , -> %System32%\winkey.dll_tobedeleted -> [Ver = | Size = 13312 bytes | Modified Date = 07-01-12 15:21:08 | Attr = ]

< End of report >

Edited by heyyy, 12 January 2007 - 08:52 PM.

Hi heyyy. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.

• Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen, under "How to act" select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> services.exe -> %SystemRoot%\services.exe
[Registry - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^HP Organize.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^SpamSubtract.lnk -> Reg Data - Value does not exist
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> BearShare -> %ProgramFiles%\BearShare\BearShare.exe
YN -> CTFMon -> %System32%\CTF\ctfmon.exe
YN -> PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE
YN -> SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe
YN -> Steam ->
YN -> VTTimer -> VTTimer.exe
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> C:\WINDOWS\system32\fservice.exe -> %System32%\fservice.exe
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\DirectX For Microsoft® Windows -> C:\WINDOWS\system32\fservice.exe
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{B4FE4312-0833-1033-0606-050923040001} -> "C:\Program Files\Common Files\{B4FE4312-0833-1033-0606-050923040001}\Update.exe" te-110-12-0000073
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar]
[Files - Created Wihin 30 days]
NY -> ktd32.atm -> c:\windows\ktd32.atm
NY -> services.exe -> c:\windows\services.exe
NY -> fservice.exe -> c:\windows\system32\fservice.exe
NY -> fservice.exe.bat -> c:\windows\system32\fservice.exe.bat
NY -> reginv.dll -> c:\windows\system32\reginv.dll
NY -> reginv.dll_tobedeleted -> c:\windows\system32\reginv.dll_tobedeleted
NY -> Winhp32.exe -> c:\windows\system32\Winhp32.exe
NY -> winkey.dll -> %System32%\winkey.dll
NY -> winkey.dll_tobedeleted -> c:\windows\system32\winkey.dll_tobedeleted
[ Extra Files ]
c:\windows\winlogon.exe
[ Extra Registry Entries ]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y} ->
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\[A75aed00-d7bf-11d1-9947-00c0Cf98bbc9] ->
HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings ->
[Reboot]

The fix should only take a very short time and then you will be asked to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:

• As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
• Use the arrow keys to select the Safe Mode menu item.
• Press the Enter key.

Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
  • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
  • At the bottom of the window click on the "Apply all actions" button
  Note: Don't save the report until after you hit the Apply action button.
  
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Step #5

Post the following back here:

• a new WinPFind3U report
• the AVG Anti-Spyware report
• the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT

Edited by OldTimer, 12 January 2007 - 11:34 PM.

Ok, I'll do all that tonight. My printer is being rediculus right now, so I have to fiddle with that. Will reply soon!

man was that a long night for the computer! here's what you requested!.

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:57:35 AM 1/13/2007

+ Scan result:



C:\My Downloads\Sony Acid Pro V6 0 Incl Keygen Ssg.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\My Downloads\Sony Acid Pro V6 0 Incl Keygen Ssg.zip/Sony Acid Pro V6 0 Incl Keygen Ssg.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B4FE4312-0833-1033-0606-050923040001}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\johnyTech\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
N:\DSL.Cable.Speed.v3.7.Incl.Keygen-EXPLOSiON\EXPLOSiON.exe -> Backdoor.Delf.awa : Cleaned with backup (quarantined).
C:\My Downloads\_\AMS Photo Studio v2.21.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\ATani v4.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\AVD Video Processor 7.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Ableton Live v6.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Acoustica MP3 CD Burner 4.32 build 142.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Acoustica MP3 To Wave Converter PLUS 2.5 build23.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Adobe Acrobat 7 Professional.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Adobe PageMaker 7.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Adobe PhotoShop Elements 5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Adobe Photoshop Elements 5.0 ISO 552 Mb.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Adobe Photoshop Elements v5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\AdultPDF Collection 1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Advanced Host Monitor v5.88.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Advanced Task Manager v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\AhaView v3.14.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\All Audio To MP3 Converter v3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Amor MPEG to DVD Burner 2.1.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Amor SWF to Video Converter 2.3.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Amor Video Joiner 2.2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\AoA DVD Copy 2.7.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Apex Video Converter Pro v5.36.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Apollo Audio DVD Creator v1.1.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Atlas Of Human Anatomy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Audio Editor Gold v9.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Autodesk VIZ 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\BORIS Continuum Complete v4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\BSplayer Pro v2.0 Retail.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Bad City 2006 DVDRip XviD-BeStDivX.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Billy Blade and the Temple of Time ISO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Black Christmas (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Bonbon Quest.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Braveheart.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\CDWinder v2.5.0.241.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\CWH Spelling Test Practice 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\CWH Spelling Test Practice v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Cabelas Big Game Hunter 2007 Alaskan Adventure.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Cabelas big game hunter 2007 Alaskan adventures.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Carlitos Way - Rise to Power.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Cars - Radiator Springs Adventures PCCD English.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Cars 2006 TC.XviD-C14K.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Chaper 2.3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Classic Euphoria.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Classroom Spy Professional 1.1.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Clerks 2 (2006) Telesync.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Click DVDRip XViD-FEAR.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Close Call v1.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Collection Studio 1.36.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Company of Heroes.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Comstock 153 - Babies.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Control 2003 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Conversations With Other Women 2006 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Crazy Frog Racer.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\DaisyWords v1.15.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Dead Or Alive 2006 CAM VCD-OEM.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Delta Force Task Force Dagger.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\DeskShare Video Edit Magic v4.21.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Doom 3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Dragon Tiger Gate 2006 DVDRip XviD-ESPiSE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Dutch Trance Volume 1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\ESQuotes 2.0.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Empire Earth II.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Empire Earth.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Essential Club Mix Solid Sounds.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Evolution GT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\EyesShield v2.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\FIFA 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\FTP Now v2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Fatboy Slim That Old Pair Of Jeans.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Fix-It Utilities v7.0.2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\FlashFXP 3.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Flatout 2 + Reloaded.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Fragile.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\GTR 2 FIA GT Racing.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Garfield 2 A Tail of two kitties ALLIANCE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Gatecrasher Red.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Gatecrasher Wet.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Get More Visitors Premium 1.3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Glass House 2 - The Good Mother (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Goodfellas.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Halo Combat Evolved.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Hunting Unlimited 4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Ibiza Chill Session 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Icesun Audio Converter v2.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Juice (1992).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Just Cause RiP (600 MB) %100.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Just Cause, PC Reloaded!.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Just Cause.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Just Checking v3.06.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Kingdia DVD Ripper 3.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\LMA Manager 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Left in Darkness (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Lego Star Wars 2 The Original Trilogy UNLEASHED.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Lego.Star.Wars.2.The.Original.Trilogy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Lotus SmartSuite Release 9.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Loufa Kai Parallagi Seirines Sto Aigaio 2005 XviD-Ouzo (Greek).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Lounge Couture Vol.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\MOBILedit! Forensic v2.0.0.13.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Madden 07.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Madden NFL 07 DVD iso Reloaded.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Magic Utilities 2006 4.33.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Mashed.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\MemoriesOnTV Clipshow Package vol.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Microsoft Office Professional Plus 2007 Beta 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Microsoft Visual FoxPro v9.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Mini Expression Calculator 2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Ministry Of Sound Kink Vol 1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Ministry Of Sound Dance Nation 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Money Train.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Monopoly Deluxe PC game.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Mortuary.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Motorola Phone Tools 4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Multilizer v6.2.15.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\My IP Suite 6.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\NetPalpus 1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\NoClone v3.0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Nod32 Antivirus System 2.51.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Norton Antivirus 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Norton Antivirus and Internet Security 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Okoker Easy Recorder v1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Over the Hedge XVID DIAMOND.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\PANTERASoft SMART Cleaner v3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\PC Booster v4 Build 115.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\PHP Designer 2007 Pro v5.0.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\ParaWorld.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Pirates.Of.The.Caribbean.Dead.Mans.Chest.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Portable Snagit 8.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Power Archiver v9.63.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Prey.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Privacy Inspector 1.90.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\RapidCheck 0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\RapidShare Grabber 1.4.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Rat Race.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\RegCure 1.0.0.43.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Return of the Incredible Machine.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\San Andreas GTA 600 mb.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Saw (2004).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Saw II (2005).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Scorched DVDR.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Seven.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Shadow Dead Riot 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\ShapeShifters Presents House grooves 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\SmartFTP v2.0.998.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\SmartMovie Ver.3.25.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Sobotta - Atlas of Human Anatomy.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Spyware Doctor 4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Spyware Doctor v4.0.0.2603.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Stormbreaker TC XViD-BeStDiVx.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\System Mechanic Professional 6.0 t.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\TIE Fighter UFO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Tag&Rename 3.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Tatoo Tribal Drawing Tool v1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Terminator 3 Rise of the Machines.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The Break Up 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The Da Vinci Code 2006 EXTENDED DVDRip XviD-FLAiTE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The Elder Scrolls IV - Oblivion .iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The People Under The Stairs.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The Sentinel.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\The Transporter 2 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Tiger Woods PGA Tour 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Tin Soldiers Julius Caesar.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Toca Race Driver 3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Topaz Moment Production Edition 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Trillian Pro 3.1.0.121.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Tune Up Utilities 2006 + serial.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Underworld Evolution DVDRip XviD-KEG.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\United 93 DVDRip XviD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\VSO ConvertXtoDVD v2.1.1.151.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\ViewCompanion Pro v2.70.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\VueScan Pro 8.3.71.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\WarCommander.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\White Chicks DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\WiFi Hopper 1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\WinAntiSpyware 2006 v3.2.101.0 Retail.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Winamp 5.21 Pro Full Lite Bundle.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Windows Live Messenger 8.1.0068 Beta.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Windows Xp media center 2005.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\X-x-win32 7.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Xlight FTP Server v2.24.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\XtraTools 2006 v7.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Yokka Wars v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\YouTube to DVD AIO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\Yours mine and ours XVID-DIAMOND.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\bulkSMS 2.0.48 Silent Update.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\My Downloads\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winkey.dll -> Backdoor.Prorat.19.ah : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winkey.dll_tobedeleted -> Backdoor.Prorat.19.ah : Cleaned with backup (quarantined).
C:\!KillBox\fservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\!KillBox\fservice.exe( 1) -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\MovedFiles\fservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\MovedFiles\services.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\WINDOWS\system32\reginv.dll_tobedeleted -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\WINDOWS\system\sservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\Program Files\ShadowScan\patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Program Files\ShadowScan\patch.zip/patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
N:\eBay Source Code (1999).zip/ebay/WidgetParser/hometemplates/eBayHomeOffice.html -> Logger.Bayfraud.ib : Cleaned with backup (quarantined).
N:\ebay\WidgetParser\hometemplates\eBayHomeOffice.html -> Logger.Bayfraud.ib : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Cleaned with backup (quarantined).
C:\My Downloads\ADOBE PHOTOSHOP CS2 VERSION 9.0 (SERIAL NUMBER CRACK).zip/apcs2ge/Adobe Photoshop CS2 Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\HP_Owner.BUNDOCK\Application Data\altimit-dev\lolifox\Profiles\gvj5fjig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.8:C:\Documents and Settings\HP_Owner.BUNDOCK\Application Data\altimit-dev\lolifox\Profiles\gvj5fjig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\HP_Owner.BUNDOCK\Application Data\altimit-dev\lolifox\Profiles\gvj5fjig.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.32:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.54:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.43:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.47:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.13:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.14:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.10:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Keith\Application Data\Mozilla\Firefox\Profiles\nia4m4ik.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\My Downloads\MSN,Yahoo,And Aim Messenger Password Stealer 100% Working.zip/MSN,Yahoo,And Aim Messenger Password Stealer 100% Working/MSN,Yahoo,And Aim Messenger Password Stealer 100% Working.exe/setup.bat -> Trojan.Zapchast : Cleaned with backup (quarantined).
C:\My Downloads\Adobe Photoshop CS2 KeyGen Serial Crack.zip/Adobe Photoshop CS Activator.exe -> Worm.Delf.bd : Cleaned with backup (quarantined).


::Report end

winpfind

WinPFind3 logfile created on: 07-01-13 10:21:02
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 235192 Kb Available Physical Memory | 44.90% Memory free
1279236 Kb Paging File | 961400 Kb Available in Paging File | 75.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150194516 Kb Total Space | 64423176 Kb Free Space | 42.89% Space Free
Drive D: | 6073888 Kb Total Space | 794496 Kb Free Space | 13.08% Space Free
Unable to calculate disk information.
Drive F: | 271404 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 06-10-07 07:20:00 | Attr = ]
bandwidth monitor pro.exe -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
iftpsvc.exe -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
intfysvc.exe -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 07-01-12 16:20:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Abel) Abel [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Cain\Abel.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 06-07-19 20:41:46 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 251520 bytes | Modified Date = 06-08-05 01:22:48 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 844, 0 | Size = 370304 bytes | Modified Date = 06-08-05 01:22:38 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04-08-04 14:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
(iFtpSvc) Ipswitch WS_FTP Service [Win32_Own | Auto | Running] -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
(inotifysvr) Ipswitch Notification Server [Win32_Own | Auto | Running] -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 06-10-09 21:11:08 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
(WebrootDesktopFirewallDataService) Webroot Desktop Firewall Data Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\WDFDataService.exe -> Webroot Software, Inc. [Ver = 2.0.0.419 | Size = 665600 bytes | Modified Date = 05-09-29 21:46:50 | Attr = ]
(WebrootFirewall) Webroot Desktop Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\FirewallNTService.exe -> [Ver = | Size = 192512 bytes | Modified Date = 05-05-18 13:10:56 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
(wscsvc) Security Center [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\%System32%\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 06-10-07 07:20:00 | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 4806144 bytes | Modified Date = 06-11-01 17:17:34 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bandwidth Monitor Pro -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> [Ver = | Size = 16423 bytes | Modified Date = 04-08-07 16:33:32 | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 01-11-27 07:10:00 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 99-11-04 14:06:48 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^UMAX VistaAccess.lnk -> %ProgramFiles%\VSTASCAN\vsaccess.exe -> UMAX [Ver = 1. 02 | Size = 159232 bytes | Modified Date = 00-01-06 07:26:36 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 04-06-29 19:06:38 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:12 | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 05-12-10 09:57:20 | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 04-06-07 20:42:30 | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 04-06-07 20:53:26 | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 98-05-07 18:04:38 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 03-02-11 22:02:48 | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 03-09-13 21:36:52 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 02-10-16 18:57:10 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 06-12-05 21:00:28 | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04-04-14 22:43:46 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 04-08-07 14:37:00 | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 05-05-10 13:31:20 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 06-09-28 09:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 03-11-03 23:17:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509050} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMail Drive] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509052} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Property Sheet] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509054} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Drop Handler] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509056} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Context Menu] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 06-07-31 13:45:38 | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 715648 bytes | Modified Date = 06-10-08 09:04:56 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{6DEA92E9-8682-4b6a-97DE-354772FE5727} [HKLM] -> %CommonProgramFiles%\Autodesk Shared\AcDwfThmbPrxy16.dll [Autodesk DWF Preview] -> Autodesk [Ver = 16.2.54.0 | Size = 39032 bytes | Modified Date = 05-03-05 03:14:24 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 02-09-20 23:42:28 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic RecordNow!\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 04-06-07 16:02:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 04-08-03 20:47:00 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> Reg Data - Key not found [XPTools] -> File not found
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{C302D863-4E76-4BA1-BE82-93EFAEA842D4} -> (1394 Net Adapter) ->
{D8C10C11-EFCF-40E9-8540-A1A45C4A0852} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games....GamesPlugin.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1155341631876 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files - Created Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Created Date = 07-01-12 06:53:20 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Created Date = 07-01-12 06:59:52 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Created Date = 07-01-12 06:59:54 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Created Date = 07-01-12 07:09:55 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Created Date = 07-01-12 07:11:30 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Created Date = 07-01-12 07:08:10 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Created Date = 07-01-12 07:02:09 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 6243 bytes | Created Date = 07-01-12 06:51:13 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07-01-10 23:59:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07-01-10 23:59:30 | Attr = H ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Created Date = 06-12-24 01:59:26 | Attr = ]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 06-12-29 12:46:32 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Created Date = 07-01-09 19:50:04 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 06-12-27 12:37:54 | Attr = ]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Created Date = 07-01-12 16:37:41 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Created Date = 07-01-09 19:42:13 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 06-12-22 20:53:24 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 07-01-12 23:33:11 | Attr = ]

[Files - Modified Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Modified Date = 07-01-12 07:13:10 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Modified Date = 07-01-12 07:13:12 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Modified Date = 07-01-12 14:41:48 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Adobe Anchor Service\AMT\component.xml -> [Ver = | Size = 534 bytes | Modified Date = 07-01-12 06:59:58 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Modified Date = 07-01-12 14:42:28 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\DefaultLanguage\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:04:46 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:06:28 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 07-01-12 07:09:56 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Modified Date = 07-01-12 07:11:32 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Modified Date = 07-01-12 07:08:12 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\PDFL\8.0\AMT\component.xml -> [Ver = | Size = 528 bytes | Modified Date = 07-01-12 07:12:20 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\CMaps\AMT\component.xml -> [Ver = | Size = 532 bytes | Modified Date = 07-01-12 07:04:22 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Modified Date = 07-01-12 07:02:10 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Linguistics\Providers\WinSoft\WRLiloPlugin1.0\AMT\component.xml -> [Ver = | Size = 545 bytes | Modified Date = 07-01-12 07:06:50 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 07-01-13 10:14:14 | Attr = S]
IF40LE.INI -> %SystemRoot%\IF40LE.INI -> [Ver = | Size = 4816 bytes | Modified Date = 06-12-21 19:23:00 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 6243 bytes | Modified Date = 07-01-12 23:20:44 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 07-01-10 14:52:28 | Attr = ]
ppdrv.ini -> %SystemRoot%\ppdrv.ini -> [Ver = | Size = 114 bytes | Modified Date = 07-01-08 07:59:32 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07-01-10 23:59:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07-01-10 23:59:32 | Attr = H ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1015 bytes | Modified Date = 07-01-10 03:03:26 | Attr = ]
wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 642 bytes | Modified Date = 07-01-12 15:57:58 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Modified Date = 07-01-09 19:50:06 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 06-12-27 12:35:24 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 06-12-28 12:46:06 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 227208 bytes | Modified Date = 06-12-26 16:05:46 | Attr = ]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Modified Date = 07-01-12 16:37:42 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 07-01-13 10:15:00 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Modified Date = 07-01-09 19:42:10 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 07-01-12 15:21:12 | Attr = ]

[File String Scan - Non-Microsoft Only]
PTech , -> %CommonProgramFiles%\Adobe\Adobe Asset Services CS3\Plug-Ins\Dicom.8bi -> Adobe Systems Incorporated [Ver = 1.0 | Size = 3399680 bytes | Modified Date = 06-11-28 19:10:26 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml -> [Ver = | Size = 4139685 bytes | Modified Date = 06-12-05 17:02:50 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml -> [Ver = | Size = 3978960 bytes | Modified Date = 06-12-01 17:50:28 | Attr = ]
CNNIC , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml -> [Ver = | Size = 1298334 bytes | Modified Date = 06-12-01 21:02:48 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.proxy.xml -> [Ver = | Size = 6009509 bytes | Modified Date = 06-12-08 08:03:06 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\cze108.lex -> [Ver = | Size = 3916800 bytes | Modified Date = 05-03-16 18:15:32 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\11.00\cze108.lex -> [Ver = | Size = 7915520 bytes | Modified Date = 06-12-01 16:37:40 | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 05-09-19 10:49:16 | Attr = ]
Umonitor , -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB -> [Ver = | Size = 508928 bytes | Modified Date = 06-10-22 17:27:44 | Attr = ]
UPX0 , -> %CommonProgramFiles%\Autodesk Shared\AcGradient16.dll -> Autodesk [Ver = 16.2.54.0 | Size = 12408 bytes | Modified Date = 05-03-05 04:18:10 | Attr = ]
PEC2 , -> %CommonProgramFiles%\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.6.6.0 | Size = 663547 bytes | Modified Date = 05-08-01 20:57:20 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 04-09-29 11:36:24 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 03-11-20 08:38:14 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 05-03-04 03:09:40 | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 99-01-12 10:29:28 | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 02-07-11 06:22:04 | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 02-11-22 10:27:36 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 04-09-20 14:20:44 | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 869, 0 | Size = 635520 bytes | Modified Date = 06-08-08 11:53:28 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 06-12-12 11:25:20 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]

< End of report >




err, I couldn't find the .log file. hmm...

Edited by heyyy, 13 January 2007 - 09:37 AM.

Hi heyyy. Is there a file in the WinPFind3u folder with a .log extension? That would be the one.

Cheers.

OT

Theres a text file, but it's not in.log format. Should I switch it or no?

WinPFind3 logfile created on: 07-01-13 10:21:02
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 235192 Kb Available Physical Memory | 44.90% Memory free
1279236 Kb Paging File | 961400 Kb Available in Paging File | 75.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150194516 Kb Total Space | 64423176 Kb Free Space | 42.89% Space Free
Drive D: | 6073888 Kb Total Space | 794496 Kb Free Space | 13.08% Space Free
Unable to calculate disk information.
Drive F: | 271404 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 06-10-07 07:20:00 | Attr = ]
bandwidth monitor pro.exe -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
iftpsvc.exe -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
intfysvc.exe -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 07-01-12 16:20:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Abel) Abel [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Cain\Abel.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 06-07-19 20:41:46 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 251520 bytes | Modified Date = 06-08-05 01:22:48 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 844, 0 | Size = 370304 bytes | Modified Date = 06-08-05 01:22:38 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04-08-04 14:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
(iFtpSvc) Ipswitch WS_FTP Service [Win32_Own | Auto | Running] -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
(inotifysvr) Ipswitch Notification Server [Win32_Own | Auto | Running] -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 06-10-09 21:11:08 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
(WebrootDesktopFirewallDataService) Webroot Desktop Firewall Data Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\WDFDataService.exe -> Webroot Software, Inc. [Ver = 2.0.0.419 | Size = 665600 bytes | Modified Date = 05-09-29 21:46:50 | Attr = ]
(WebrootFirewall) Webroot Desktop Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\FirewallNTService.exe -> [Ver = | Size = 192512 bytes | Modified Date = 05-05-18 13:10:56 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
(wscsvc) Security Center [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\%System32%\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 06-10-07 07:20:00 | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 4806144 bytes | Modified Date = 06-11-01 17:17:34 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bandwidth Monitor Pro -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> [Ver = | Size = 16423 bytes | Modified Date = 04-08-07 16:33:32 | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 01-11-27 07:10:00 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 99-11-04 14:06:48 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^UMAX VistaAccess.lnk -> %ProgramFiles%\VSTASCAN\vsaccess.exe -> UMAX [Ver = 1. 02 | Size = 159232 bytes | Modified Date = 00-01-06 07:26:36 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 04-06-29 19:06:38 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:12 | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 05-12-10 09:57:20 | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 04-06-07 20:42:30 | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 04-06-07 20:53:26 | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 98-05-07 18:04:38 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 03-02-11 22:02:48 | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 03-09-13 21:36:52 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 02-10-16 18:57:10 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 06-12-05 21:00:28 | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04-04-14 22:43:46 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 04-08-07 14:37:00 | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 05-05-10 13:31:20 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 06-09-28 09:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 03-11-03 23:17:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509050} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMail Drive] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509052} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Property Sheet] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509054} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Drop Handler] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509056} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Context Menu] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 06-07-31 13:45:38 | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 715648 bytes | Modified Date = 06-10-08 09:04:56 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{6DEA92E9-8682-4b6a-97DE-354772FE5727} [HKLM] -> %CommonProgramFiles%\Autodesk Shared\AcDwfThmbPrxy16.dll [Autodesk DWF Preview] -> Autodesk [Ver = 16.2.54.0 | Size = 39032 bytes | Modified Date = 05-03-05 03:14:24 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 02-09-20 23:42:28 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic RecordNow!\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 04-06-07 16:02:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 04-08-03 20:47:00 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> Reg Data - Key not found [XPTools] -> File not found
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{C302D863-4E76-4BA1-BE82-93EFAEA842D4} -> (1394 Net Adapter) ->
{D8C10C11-EFCF-40E9-8540-A1A45C4A0852} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games....GamesPlugin.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1155341631876 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files - Created Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Created Date = 07-01-12 06:53:20 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Created Date = 07-01-12 06:59:52 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Created Date = 07-01-12 06:59:54 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Created Date = 07-01-12 07:09:55 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Created Date = 07-01-12 07:11:30 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Created Date = 07-01-12 07:08:10 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Created Date = 07-01-12 07:02:09 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 6243 bytes | Created Date = 07-01-12 06:51:13 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07-01-10 23:59:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07-01-10 23:59:30 | Attr = H ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Created Date = 06-12-24 01:59:26 | Attr = ]
unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 06-12-29 12:46:32 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Created Date = 07-01-09 19:50:04 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 06-12-27 12:37:54 | Attr = ]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Created Date = 07-01-12 16:37:41 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Created Date = 07-01-09 19:42:13 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 06-12-22 20:53:24 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 07-01-12 23:33:11 | Attr = ]

[Files - Modified Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Modified Date = 07-01-12 07:13:10 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Modified Date = 07-01-12 07:13:12 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Modified Date = 07-01-12 14:41:48 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Adobe Anchor Service\AMT\component.xml -> [Ver = | Size = 534 bytes | Modified Date = 07-01-12 06:59:58 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Modified Date = 07-01-12 14:42:28 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\DefaultLanguage\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:04:46 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:06:28 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 07-01-12 07:09:56 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Modified Date = 07-01-12 07:11:32 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Modified Date = 07-01-12 07:08:12 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\PDFL\8.0\AMT\component.xml -> [Ver = | Size = 528 bytes | Modified Date = 07-01-12 07:12:20 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\CMaps\AMT\component.xml -> [Ver = | Size = 532 bytes | Modified Date = 07-01-12 07:04:22 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Modified Date = 07-01-12 07:02:10 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Linguistics\Providers\WinSoft\WRLiloPlugin1.0\AMT\component.xml -> [Ver = | Size = 545 bytes | Modified Date = 07-01-12 07:06:50 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 07-01-13 10:14:14 | Attr = S]
IF40LE.INI -> %SystemRoot%\IF40LE.INI -> [Ver = | Size = 4816 bytes | Modified Date = 06-12-21 19:23:00 | Attr = ]
ktd32.atm -> %SystemRoot%\ktd32.atm -> [Ver = | Size = 6243 bytes | Modified Date = 07-01-12 23:20:44 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 07-01-10 14:52:28 | Attr = ]
ppdrv.ini -> %SystemRoot%\ppdrv.ini -> [Ver = | Size = 114 bytes | Modified Date = 07-01-08 07:59:32 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07-01-10 23:59:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07-01-10 23:59:32 | Attr = H ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 668 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> Jordan Russell [Ver = 51.5.0.0 | Size = 72748 bytes | Modified Date = 06-12-24 01:59:28 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1015 bytes | Modified Date = 07-01-10 03:03:26 | Attr = ]
wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 642 bytes | Modified Date = 07-01-12 15:57:58 | Attr = ]
winzipme.ini -> %SystemRoot%\winzipme.ini -> [Ver = | Size = 96 bytes | Modified Date = 07-01-09 19:50:06 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 06-12-27 12:35:24 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 06-12-28 12:46:06 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 227208 bytes | Modified Date = 06-12-26 16:05:46 | Attr = ]
fservice.exe.bat -> %System32%\fservice.exe.bat -> [Ver = | Size = 105 bytes | Modified Date = 07-01-12 16:37:42 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 07-01-13 10:15:00 | Attr = ]
Winhp32.exe -> %System32%\Winhp32.exe -> [Ver = | Size = 1355784 bytes | Modified Date = 07-01-09 19:42:10 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 07-01-12 15:21:12 | Attr = ]

[File String Scan - Non-Microsoft Only]
PTech , -> %CommonProgramFiles%\Adobe\Adobe Asset Services CS3\Plug-Ins\Dicom.8bi -> Adobe Systems Incorporated [Ver = 1.0 | Size = 3399680 bytes | Modified Date = 06-11-28 19:10:26 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml -> [Ver = | Size = 4139685 bytes | Modified Date = 06-12-05 17:02:50 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml -> [Ver = | Size = 3978960 bytes | Modified Date = 06-12-01 17:50:28 | Attr = ]
CNNIC , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml -> [Ver = | Size = 1298334 bytes | Modified Date = 06-12-01 21:02:48 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.proxy.xml -> [Ver = | Size = 6009509 bytes | Modified Date = 06-12-08 08:03:06 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\cze108.lex -> [Ver = | Size = 3916800 bytes | Modified Date = 05-03-16 18:15:32 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\11.00\cze108.lex -> [Ver = | Size = 7915520 bytes | Modified Date = 06-12-01 16:37:40 | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 05-09-19 10:49:16 | Attr = ]
Umonitor , -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB -> [Ver = | Size = 508928 bytes | Modified Date = 06-10-22 17:27:44 | Attr = ]
UPX0 , -> %CommonProgramFiles%\Autodesk Shared\AcGradient16.dll -> Autodesk [Ver = 16.2.54.0 | Size = 12408 bytes | Modified Date = 05-03-05 04:18:10 | Attr = ]
PEC2 , -> %CommonProgramFiles%\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.6.6.0 | Size = 663547 bytes | Modified Date = 05-08-01 20:57:20 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 04-09-29 11:36:24 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 03-11-20 08:38:14 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 05-03-04 03:09:40 | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 99-01-12 10:29:28 | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 02-07-11 06:22:04 | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 02-11-22 10:27:36 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 04-09-20 14:20:44 | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 869, 0 | Size = 635520 bytes | Modified Date = 06-08-08 11:53:28 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 06-12-12 11:25:20 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]

< End of report >



maybe?

Hi heyyy. No, that's from the scan. Let's do this. Re-run the WinPFind3u fix. If you get a Message at the end that the system needs to reboot click No. After that you will get a message that the scan is complete. Click Ok. Then Notepad will open with the log in it. Post that back here.

CHeers.

OT

Hm, this is weird. It looked like it was going to work, but one I clicked "run fix" it had to reload the desktop and it looks like the program is not responding. any help =]

Alright, try this:

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Files - Created Wihin 30 days]
NY -> ktd32.atm -> c:\windows\ktd32.atm
NY -> unvise32.exe -> c:\windows\unvise32.exe
NY -> winzipme.ini -> c:\windows\winzipme.ini
NY -> fservice.exe.bat -> c:\windows\system32\fservice.exe.bat
NY -> Winhp32.exe -> c:\windows\system32\Winhp32.exe
[Files - Modified Wihin 30 days]
NY -> ktd32.atm -> c:\windows\ktd32.atm
NY -> winzipme.ini -> c:\windows\winzipme.ini
NY -> WMSysPr9.prx -> c:\windows\WMSysPr9.prx
NY -> fservice.exe.bat -> c:\windows\system32\fservice.exe.bat
NY -> Winhp32.exe -> c:\windows\system32\Winhp32.exe

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Cheers.

OT

[Files - Created Wihin 30 days]
File c:\windows\ktd32.atm not found!
c:\windows\unvise32.exe moved successfully.
c:\windows\winzipme.ini moved successfully.
File c:\windows\system32\fservice.exe.bat not found!
File c:\windows\system32\Winhp32.exe not found!
[Files - Modified Wihin 30 days]
File c:\windows\ktd32.atm not found!
File c:\windows\winzipme.ini not found!
c:\windows\WMSysPr9.prx moved successfully.
File c:\windows\system32\fservice.exe.bat not found!
File c:\windows\system32\Winhp32.exe not found!
File not found!
< End of log >
Created on 01-13-2007 13:33:23


oh, new scan comming up


there ya go!

Edited by heyyy, 13 January 2007 - 12:41 PM.

WinPFind3 logfile created on: 07-01-13 13:42:19
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\HP_Owner.BUNDOCK\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523760 Kb Total Physical Memory | 231684 Kb Available Physical Memory | 44.23% Memory free
1279236 Kb Paging File | 947464 Kb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150194516 Kb Total Space | 64542608 Kb Free Space | 42.97% Space Free
Drive D: | 6073888 Kb Total Space | 794496 Kb Free Space | 13.08% Space Free
Unable to calculate disk information.
Drive F: | 271404 Kb Total Space | 0 Kb Free Space | 0.00% Space Free


[Processes - Non-Microsoft Only]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07-01-13 13:31:22 | Attr = ]
bandwidth monitor pro.exe -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 06-09-28 09:13:20 | Attr = ]
iftpsvc.exe -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
intfysvc.exe -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
pg2.exe -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 05-09-18 18:40:42 | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 07-01-12 16:20:26 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Abel) Abel [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Cain\Abel.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 06-07-19 20:41:46 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 06-08-05 10:10:10 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [Ver = 4, 7, 844, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:06 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 251520 bytes | Modified Date = 06-08-05 01:22:48 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 844, 0 | Size = 370304 bytes | Modified Date = 06-08-05 01:22:38 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 06-09-28 09:13:20 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 06-02-28 12:42:38 | Attr = R ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04-08-04 14:00:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
(iFtpSvc) Ipswitch WS_FTP Service [Win32_Own | Auto | Running] -> %SystemDrive%\iFtpSvc\iFtpSvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2006, 4, 17, 0 | Size = 565248 bytes | Modified Date = 06-04-21 10:34:32 | Attr = ]
(inotifysvr) Ipswitch Notification Server [Win32_Own | Auto | Running] -> %SystemDrive%\iNtfySvc\intfysvc.exe -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. [Ver = 2004, 6, 21, 0 | Size = 131072 bytes | Modified Date = 04-06-28 10:56:58 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 06-10-30 09:36:32 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 06-10-09 21:11:08 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 143436 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 05-04-01 12:51:48 | Attr = ]
(WebrootDesktopFirewallDataService) Webroot Desktop Firewall Data Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\WDFDataService.exe -> Webroot Software, Inc. [Ver = 2.0.0.419 | Size = 665600 bytes | Modified Date = 05-09-29 21:46:50 | Attr = ]
(WebrootFirewall) Webroot Desktop Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Webroot\Desktop Firewall\FirewallNTService.exe -> [Ver = | Size = 192512 bytes | Modified Date = 05-05-18 13:10:56 | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,2,3,2125 | Size = 3297792 bytes | Modified Date = 06-11-01 17:17:20 | Attr = ]
(wscsvc) Security Center [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\%System32%\svchost.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07-01-13 13:31:22 | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 05-06-06 23:46:24 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 4806144 bytes | Modified Date = 06-11-01 17:17:34 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bandwidth Monitor Pro -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe -> Pro²soft [Ver = 1.30 | Size = 224768 bytes | Modified Date = 07-01-11 22:49:48 | Attr = ]
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 05-09-18 18:40:42 | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> [Ver = | Size = 16423 bytes | Modified Date = 04-08-07 16:33:32 | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 01-11-27 07:10:00 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 99-11-04 14:06:48 | Attr = ]
C:^Documents and Settings^HP_Owner.BUNDOCK^Start Menu^Programs^Startup^UMAX VistaAccess.lnk -> %ProgramFiles%\VSTASCAN\vsaccess.exe -> UMAX [Ver = 1. 02 | Size = 159232 bytes | Modified Date = 00-01-06 07:26:36 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 04-06-29 19:06:38 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [Ver = 5, 0, 0, 0 | Size = 108160 bytes | Modified Date = 06-08-05 01:23:12 | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 05-12-10 09:57:20 | Attr = ]
HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 04-06-07 20:42:30 | Attr = ]
HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 04-06-07 20:53:26 | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 98-05-07 18:04:38 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 03-02-11 22:02:48 | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 03-09-13 21:36:52 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 86016 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 02-10-16 18:57:10 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 06-12-05 21:00:28 | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04-04-14 22:43:46 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 04-08-07 14:37:00 | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> %CommonProgramFiles%\stardock\MCPCore.dll [0aMCPClient] -> Stardock [Ver = 0, 0, 5, 4 | Size = 86016 bytes | Modified Date = 05-05-10 13:31:20 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 06-09-28 09:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 03-11-03 23:17:44 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Key not found ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05-08-05 14:08:26 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509050} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMail Drive] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509052} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Property Sheet] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509054} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Drop Handler] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2B3453E4-49DF-11D3-8229-0080BE509056} [HKLM] -> %System32%\ShellExt\GMailFS.dll [GMailFS Context Menu] -> Bjarke Viksoe [Ver = 1, 0, 0, 10 | Size = 289280 bytes | Modified Date = 06-04-18 17:49:18 | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 06-07-31 13:45:38 | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 715648 bytes | Modified Date = 06-10-08 09:04:56 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{6DEA92E9-8682-4b6a-97DE-354772FE5727} [HKLM] -> %CommonProgramFiles%\Autodesk Shared\AcDwfThmbPrxy16.dll [Autodesk DWF Preview] -> Autodesk [Ver = 16.2.54.0 | Size = 39032 bytes | Modified Date = 05-03-05 03:14:24 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} [HKLM] -> %System32%\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 02-09-20 23:42:28 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 06-10-30 09:36:36 | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic RecordNow!\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 04-06-07 16:02:00 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06-10-06 06:40:48 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.3882 | Size = 225280 bytes | Modified Date = 04-08-03 20:47:00 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8421 | Size = 7561216 bytes | Modified Date = 06-03-09 14:29:00 | Attr = ]
{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} [HKLM] -> Reg Data - Key not found [XPTools] -> File not found
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 06-10-09 21:11:32 | Attr = ]
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 869, 0 | Size = 13824 bytes | Modified Date = 06-08-05 01:17:58 | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,2,3,2125 | Size = 219136 bytes | Modified Date = 06-11-01 17:17:38 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 121344 bytes | Modified Date = 04-12-27 10:56:08 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 05-11-15 11:07:16 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 06-07-31 13:45:36 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{C302D863-4E76-4BA1-BE82-93EFAEA842D4} -> (1394 Net Adapter) ->
{D8C10C11-EFCF-40E9-8540-A1A45C4A0852} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{48884C41-EFAC-433D-958A-9FADAC41408E} -> EGamesPlugin Class - CodeBase = https://www.e-games....GamesPlugin.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1155341631876 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->


[Files - Created Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Created Date = 07-01-12 06:53:20 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Created Date = 07-01-12 06:59:52 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Created Date = 07-01-12 06:59:54 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Created Date = 07-01-12 06:58:42 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Created Date = 07-01-12 07:09:55 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Created Date = 07-01-12 07:11:30 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Created Date = 07-01-12 07:08:10 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Created Date = 07-01-12 07:02:09 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07-01-10 23:59:31 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07-01-10 23:59:30 | Attr = H ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 06-12-27 12:37:54 | Attr = ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 765952 bytes | Created Date = 06-12-22 20:53:25 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 180224 bytes | Created Date = 06-12-22 20:53:24 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 07-01-12 23:33:11 | Attr = ]

[Files - Modified Wihin 30 days]
pcd.db -> %CommonProgramFiles%\Adobe\Adobe PCD\pcd.db -> [Ver = | Size = 45056 bytes | Modified Date = 07-01-12 07:13:10 | Attr = ]
caps.db -> %CommonProgramFiles%\Adobe\caps\caps.db -> [Ver = | Size = 278528 bytes | Modified Date = 07-01-12 07:13:12 | Attr = ]
FNPLicensingService.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 07-01-12 06:59:54 | Attr = ]
fnp_registrations.xml -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml -> [Ver = | Size = 327 bytes | Modified Date = 07-01-12 14:41:48 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Adobe Anchor Service\AMT\component.xml -> [Ver = | Size = 534 bytes | Modified Date = 07-01-12 06:59:58 | Attr = ]
cache.db -> %CommonProgramFiles%\Adobe\Adobe PCD\cache\cache.db -> [Ver = | Size = 15360 bytes | Modified Date = 07-01-12 14:42:28 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\DefaultLanguage\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:04:46 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\AMT\component.xml -> [Ver = | Size = 548 bytes | Modified Date = 07-01-12 07:06:28 | Attr = ]
bridge.lnk -> %CommonProgramFiles%\Adobe\Launch\bridge\2.0\bridge.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 07-01-12 07:09:56 | Attr = ]
DeviceCentral.lnk -> %CommonProgramFiles%\Adobe\Launch\devicecentral\1.0\DeviceCentral.lnk -> [Ver = | Size = 889 bytes | Modified Date = 07-01-12 07:11:32 | Attr = ]
ExtendScript Toolkit 2.lnk -> %CommonProgramFiles%\Adobe\Launch\estoolkit\2.0\ExtendScript Toolkit 2.lnk -> [Ver = | Size = 1078 bytes | Modified Date = 07-01-12 07:08:12 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\PDFL\8.0\AMT\component.xml -> [Ver = | Size = 528 bytes | Modified Date = 07-01-12 07:12:20 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\TypeSupport\CMaps\AMT\component.xml -> [Ver = | Size = 532 bytes | Modified Date = 07-01-12 07:04:22 | Attr = ]
Adobe Photoshop CS3.lnk -> %CommonProgramFiles%\Adobe\Launch\photoshop\10.0\en_US\Adobe Photoshop CS3.lnk -> [Ver = | Size = 840 bytes | Modified Date = 07-01-12 07:02:10 | Attr = ]
component.xml -> %CommonProgramFiles%\Adobe\Linguistics\Providers\WinSoft\WRLiloPlugin1.0\AMT\component.xml -> [Ver = | Size = 545 bytes | Modified Date = 07-01-12 07:06:50 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 07-01-13 13:26:24 | Attr = S]
IF40LE.INI -> %SystemRoot%\IF40LE.INI -> [Ver = | Size = 4816 bytes | Modified Date = 06-12-21 19:23:00 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 07-01-10 14:52:28 | Attr = ]
ppdrv.ini -> %SystemRoot%\ppdrv.ini -> [Ver = | Size = 114 bytes | Modified Date = 07-01-08 07:59:32 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07-01-10 23:59:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07-01-13 12:27:00 | Attr = H ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1015 bytes | Modified Date = 07-01-10 03:03:26 | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 06-12-28 12:46:06 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 227208 bytes | Modified Date = 06-12-26 16:05:46 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 50257 bytes | Modified Date = 07-01-13 13:27:40 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 07-01-12 15:21:12 | Attr = ]

[File String Scan - Non-Microsoft Only]
PTech , -> %CommonProgramFiles%\Adobe\Adobe Asset Services CS3\Plug-Ins\Dicom.8bi -> Adobe Systems Incorporated [Ver = 1.0 | Size = 3399680 bytes | Modified Date = 06-11-28 19:10:26 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml -> [Ver = | Size = 4139685 bytes | Modified Date = 06-12-05 17:02:50 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml -> [Ver = | Size = 3978960 bytes | Modified Date = 06-12-01 17:50:28 | Attr = ]
CNNIC , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml -> [Ver = | Size = 1298334 bytes | Modified Date = 06-12-01 21:02:48 | Attr = ]
WSUD , -> %CommonProgramFiles%\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.proxy.xml -> [Ver = | Size = 6009509 bytes | Modified Date = 06-12-08 08:03:06 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\cze108.lex -> [Ver = | Size = 3916800 bytes | Modified Date = 05-03-16 18:15:32 | Attr = ]
PTech , -> %CommonProgramFiles%\Adobe\Linguistics\Providers\Proximity\11.00\cze108.lex -> [Ver = | Size = 7915520 bytes | Modified Date = 06-12-01 16:37:40 | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 05-09-19 10:49:16 | Attr = ]
Umonitor , -> %CommonProgramFiles%\Ahead\Lib\ROLLBACK.DB -> [Ver = | Size = 508928 bytes | Modified Date = 06-10-22 17:27:44 | Attr = ]
UPX0 , -> %CommonProgramFiles%\Autodesk Shared\AcGradient16.dll -> Autodesk [Ver = 16.2.54.0 | Size = 12408 bytes | Modified Date = 05-03-05 04:18:10 | Attr = ]
PEC2 , -> %CommonProgramFiles%\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.6.6.0 | Size = 663547 bytes | Modified Date = 05-08-01 20:57:20 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 04-09-29 11:36:24 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2_03-b02\core3.zip -> [Ver = | Size = 4622375 bytes | Modified Date = 03-11-20 08:38:14 | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 05-03-04 03:09:40 | Attr = ]
WSUD , -> %CommonProgramFiles%\Microsoft Shared\SpeechEngines\TTS\female.vce -> [Ver = | Size = 2053632 bytes | Modified Date = 99-01-12 10:29:28 | Attr = ]
PTech , -> %CommonProgramFiles%\Microsoft Shared\Works Shared\1033\WkCalLng.dll -> Microsoft® Corporation [Ver = 7.02.0710.1 | Size = 196608 bytes | Modified Date = 02-07-11 06:22:04 | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 02-11-22 10:27:36 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.516 -> [Ver = | Size = 13910687 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 05-03-25 12:28:04 | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Modified Date = 04-09-20 14:20:44 | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 869, 0 | Size = 635520 bytes | Modified Date = 06-08-08 11:53:28 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 06-12-12 11:25:20 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04-08-04 07:00:00 | Attr = ]

< End of report >