Hi
Scans done. Am getting lots of popups. They include:
my debt solution
your debts
winantispyware
certain dll's try load on my machine:
hotmwksndll
jvdbik.dll
sometimes my cursor moves across screen without me touching the mouse.
CCLEANER:
Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Advanced MP3 Catalog 3.36
AiOSoftware
AiO_Scan
allTunes
Apple Software Update
AutoUpdate
Avance AC'97 Audio
AVG 7.5
AVG Anti-Spyware 7.5
Bentley MicroStation (V 08.01.02.15) - 1
BitTorrent 5.0.7
CCleaner (remove only)
del.icio.us Buttons for Internet Explorer
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Fax
Flamingo 1.1
FrostWire 4.13.1.7 BETA
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
iTunes Library Updater
iTunes
IWF - Internet Safety Presentation
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Logitech MouseWare 9.79.1
Magic ISO Maker v5.4 (build 0237)
MarketResearch
Media Library Management Wizard
MGTEK dopisp
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.1
Microsoft LifeCam
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Works 7.0
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
Nero 7 Ultra Edition
Nero PhotoShow Express
neroxml
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Offline CD Browser 3.1
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerDVD
QFolder
QuickTime
Readme
Reasonable NoClone 4 Home
RedistSysFiles
Rhinoceros 3.0
Rhinoceros 4.0
RTLSetup 2.50.503
Scan
Scripts for iTunes
Security Update for Excel 2007 (KB934670)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Office 2007 (KB934062)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SiS 900 PCI Fast Ethernet Adapter Driver
Skype 3.1
Skype Plugin Manager
Sony Ericsson PC Suite
Spybot - Search & Destroy 1.4
SuperCat 4.4 (Trial Version)
TreeSize Professional 4.3
TrojanHunter 4.6
Tweak UI
Tweakui Powertoy for Windows XP
Update for Office 2007 (KB932080)
Update for Office 2007 (KB933688)
Update for Office 2007 (KB934393)
Update for Outlook 2007 Junk Email Filter (KB934655)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Word 2007 (KB934173)
V-Ray for Rhinoceros 3.0
Vallen JPegger
VBA (2720)
VectorWorks 11
VectorWorks
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPatrol 2007 Restore/Remove First
WinPatrol
WinRAR archiver
XoftSpy
ZoneAlarm
µTorrent
fsbl-20070528205508
05/28/07 21:55:08 [Info]: BlackLight Engine 1.0.61 initialized
05/28/07 21:55:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/28/07 21:55:08 [Note]: 7019 4
05/28/07 21:55:08 [Note]: 7005 0
05/28/07 21:55:13 [Note]: 7006 0
05/28/07 21:55:13 [Note]: 7011 968
05/28/07 21:55:13 [Note]: 7026 0
05/28/07 21:55:14 [Note]: 7026 0
05/28/07 21:55:18 [Note]: FSRAW library version 1.7.1021
05/28/07 22:50:12 [Note]: 7007 0
WinPFind3
WinPFind3 logfile created on: 28/05/2007 22:53:52
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\Neil D\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1023.48 Mb Total Physical Memory | 511.03 Mb Available Physical Memory | 49.93% Memory free
2.41 Gb Paging File | 1.92 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 46.58 Gb Free Space | 60.74% Space Free
Drive D: | 186.31 Gb Total Space | 107.67 Gb Free Space | 57.79% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: NEIL
Current User Name: Neil D
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003051500 | Size = 217193 bytes | Modified Date = 15/05/2003 01:19:50 | Attr = ]
application launcher.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 28/03/2007 01:07:42 | Attr = R ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 26/05/2007 12:17:10 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 26/05/2007 12:17:12 | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 08/01/2004 09:50:00 | Attr = ]
epmworker.exe -> %ProgramFiles%\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1229 | Size = 880640 bytes | Modified Date = 28/02/2007 10:55:18 | Attr = R ]
generic.exe -> %CommonProgramFiles%\Teleca Shared\Generic.exe -> Teleca AB [Ver = 1, 4, 14, 0 | Size = 983040 bytes | Modified Date = 09/02/2007 17:03:38 | Attr = R ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\ITUNESHELPER.EXE -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Avance Logic, Inc. [Ver = 5.0.10 | Size = 47104 bytes | Modified Date = 27/09/2002 12:44:12 | Attr = ]
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 202240 bytes | Modified Date = 29/04/2007 23:39:50 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]
winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 11, 3, 2007, 0 | Size = 271936 bytes | Modified Date = 19/04/2007 13:33:02 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22/05/2007 18:27:40 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(a2AntiMalware) a-squared Anti-Malware Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\A-SQUARED ANTI-MALWARE\a2service.exe -> File not found
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/04/2007 21:26:34 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 26/05/2007 12:17:12 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 10/04/2007 00:29:12 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(InstallShield Licensing Service) InstallShield Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield Shared\Service\InstallShield Licensing Service.exe -> Macrovision [Ver = 2.68.000 | Size = 72704 bytes | Modified Date = 26/05/2007 10:40:50 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 26/05/2007 12:17:10 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 09:41:54 | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 28/03/2007 01:07:42 | Attr = R ]
WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\winpatrol.exe -> BillP Studios [Ver = 11, 3, 2007, 0 | Size = 271936 bytes | Modified Date = 19/04/2007 13:33:02 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 06/10/2003 15:16:00 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 19:16:50 | Attr = ]
%AllUsersStartup%\Shortcut to avgas.lnk -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
< User Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 19:16:50 | Attr = ]
%AllUsersStartup%\Shortcut to avgas.lnk -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 26/05/2007 12:23:52 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{0777FDE1-50AB-4E2F-8DC8-23548E111F93} [HKLM] -> %System32%\efccdaa.dll [] -> File not found
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
efccdaa -> efccdaa.dll -> File not found
rqomn -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
windtv32 -> windtv32.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\svchost.exe -> C:\WINDOWS\svchost.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL ->
http://www.google.com/ie ->
HKLM: SearchAssistant ->
http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar ->
http://www.google.com/ie ->
HKCU: Search Page ->
http://www.google.com ->
HKCU: Start Page ->
http://www.google.co.uk/ ->
HKCU: SearchAssistant ->
http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 15/05/2003 00:47:54 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us Toolbar Helper] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
{84466F10-9770-4B84-8CA9-4F9FB1D77FA0} [HKLM] -> %System32%\rqomn.dll [Reg Data - Value does not exist] -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
{981FE6A8-260C-4930-960F-C3BC82746CB0} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:54 | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 01:03:46 | Attr = ]
WebBrowser\\{981FE6A8-260C-4930-960F-C3BC82746CB0} [HKLM] -> %ProgramFiles%\del.icio.us\Internet Explorer Buttons\dlcsIE.dll [del.icio.us] -> del.icio.us, a Yahoo! Company [Ver = 1.0.0.8 | Size = 271864 bytes | Modified Date = 26/09/2006 11:02:14 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{265FFA78-001F-4908-9A6F-9433B266DA87} -> (Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)) ->
{47B3AD68-B70F-4A49-8CCC-129451DDDB52} -> 192.168.2.1 (Belkin 54Mbps Wireless USB Network Adapter) ->
{621BB350-9E7B-471C-9306-80687C5047F4} -> (1394 Net Adapter) ->
{9378AC09-ACA3-47F9-85D0-7916189DB920} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{DF719B30-5A46-4ECB-98BF-CA729B49A136} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/2007 12:50:48 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0E5F0222-96B9-11D3-8997-00104BD12D94} -> PCPitstop Utility - CodeBase =
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 6156297066 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 6156286962 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macromedia.com/pub/shoc ... wflash.cab ->
DirectAnimation Java Classes -> - CodeBase =
file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->
[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 26/05/2007 11:18:16 | Attr = RH ]
bm_3dmodel_151206.bak -> %SystemDrive%\bm_3dmodel_151206.bak -> [Ver = | Size = 170768 bytes | Created Date = 27/05/2007 01:23:40 | Attr = ]
bm_3dmodel_151206.dwg -> %SystemDrive%\bm_3dmodel_151206.dwg -> [Ver = | Size = 160830 bytes | Created Date = 27/05/2007 01:23:40 | Attr = ]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1061, 0 | Size = 899952 bytes | Created Date = 28/05/2007 10:37:17 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Created Date = 01/01/1601 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 30/04/2007 21:29:43 | Attr = RH ]
$NtUninstallKB915800$ -> %SystemRoot%\$NtUninstallKB915800$ -> [Folder | Created Date = 01/05/2007 19:44:37 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 23/05/2007 07:25:33 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 16/05/2007 02:01:53 | Attr = H ]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini -> [Ver = | Size = 73 bytes | Created Date = 22/05/2007 00:15:19 | Attr = ]
g757549.exe -> %SystemRoot%\g757549.exe -> [Ver = | Size = 206 bytes | Created Date = 26/05/2007 11:16:45 | Attr = ]
hpoins05.dat.temp -> %SystemRoot%\hpoins05.dat.temp -> [Ver = | Size = 68302 bytes | Created Date = 19/05/2007 08:25:22 | Attr = ]
hpomdl05.dat.temp -> %SystemRoot%\hpomdl05.dat.temp -> [Ver = | Size = 19696 bytes | Created Date = 19/05/2007 08:25:21 | Attr = ]
Nero PhotoShow.scr -> %SystemRoot%\Nero PhotoShow.scr -> [Ver = | Size = 421888 bytes | Created Date = 30/04/2007 20:16:32 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Created Date = 30/04/2007 21:54:21 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 12/05/2007 16:42:42 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 28/05/2007 15:21:45 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 28/05/2007 15:21:45 | Attr = H ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75512 bytes | Created Date = 29/04/2007 22:47:51 | Attr = ]
autosys.exe -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Created Date = 26/05/2007 10:20:35 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 26/05/2007 14:29:29 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 05/05/2007 14:00:04 | Attr = ]
dunzip32.dll -> %System32%\dunzip32.dll -> Inner Media, Inc. [Ver = 4.00.04 | Size = 110592 bytes | Created Date = 22/05/2007 00:07:18 | Attr = ]
dzip32.dll -> %System32%\dzip32.dll -> Inner Media, Inc. [Ver = 4.00.04 | Size = 131072 bytes | Created Date = 22/05/2007 00:07:18 | Attr = ]
eaypchub.dll -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Created Date = 26/05/2007 10:27:53 | Attr = ]
hotmwksn.dll -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Created Date = 28/05/2007 11:12:17 | Attr = ]
ihwnonpk.ini -> %System32%\ihwnonpk.ini -> [Ver = | Size = 1083839 bytes | Created Date = 27/05/2007 11:10:37 | Attr = HS]
jbkohjkr.dll -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Created Date = 27/05/2007 11:10:57 | Attr = ]
jvdfkbik.dll -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Created Date = 28/05/2007 11:12:25 | Attr = ]
klikalka.exe -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Created Date = 26/05/2007 10:20:23 | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 29/04/2007 22:47:38 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 26/05/2007 10:27:44 | Attr = ]
nmoqr.bak1 -> %System32%\nmoqr.bak1 -> [Ver = | Size = 1006565 bytes | Created Date = 26/05/2007 10:27:20 | Attr = HS]
nmoqr.bak2 -> %System32%\nmoqr.bak2 -> [Ver = | Size = 1011838 bytes | Created Date = 27/05/2007 11:10:14 | Attr = HS]
nmoqr.ini -> %System32%\nmoqr.ini -> [Ver = | Size = 1031376 bytes | Created Date = 26/05/2007 10:26:49 | Attr = HS]
nmoqr.tmp -> %System32%\nmoqr.tmp -> [Ver = | Size = 0 bytes | Created Date = 28/05/2007 19:32:02 | Attr = ]
nskwmtoh.ini -> %System32%\nskwmtoh.ini -> [Ver = | Size = 1083839 bytes | Created Date = 28/05/2007 11:12:34 | Attr = HS]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 30/04/2007 19:18:47 | Attr = ]
picn20.dll -> %System32%\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 30/04/2007 20:16:13 | Attr = ]
RCM.dll -> %System32%\RCM.dll -> Robert McNeel & Associates [Ver = 1, 8, 338, 0 | Size = 2003032 bytes | Created Date = 26/05/2007 09:40:47 | Attr = ]
RhinoShExt.dll -> %System32%\RhinoShExt.dll -> Robert McNeel & Associates [Ver = 1, 0, 0, 1 | Size = 643072 bytes | Created Date = 26/05/2007 09:35:20 | Attr = ]
rqomn.dll -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Created Date = 26/05/2007 10:26:25 | Attr = ]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 30/04/2007 20:16:13 | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 46832 bytes | Created Date = 29/04/2007 22:47:30 | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 29/04/2007 22:47:29 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 26/05/2007 11:17:19 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 26/05/2007 11:17:02 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 26/05/2007 11:17:06 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 26/05/2007 11:17:07 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 26/05/2007 11:17:07 | Attr = ]
SE27bus.sys -> %System32%\drivers\SE27bus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]
SE27cm.sys -> %System32%\drivers\SE27cm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27cmnt.sys -> %System32%\drivers\SE27cmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
se27cr.sys -> %System32%\drivers\se27cr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 05/05/2007 14:17:43 | Attr = R ]
SE27mdfl.sys -> %System32%\drivers\SE27mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27mdm.sys -> %System32%\drivers\SE27mdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Created Date = 05/05/2007 14:17:24 | Attr = R ]
SE27mgmt.sys -> %System32%\drivers\SE27mgmt.sys -> MCCI [Ver = V4.34 | Size = 88688 bytes | Created Date = 05/05/2007 14:17:37 | Attr = R ]
se27nd5.sys -> %System32%\drivers\se27nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 05/05/2007 14:18:01 | Attr = R ]
SE27obex.sys -> %System32%\drivers\SE27obex.sys -> MCCI [Ver = V4.34 | Size = 86560 bytes | Created Date = 05/05/2007 14:17:33 | Attr = R ]
se27unic.sys -> %System32%\drivers\se27unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 05/05/2007 14:17:43 | Attr = R ]
SE27wh.sys -> %System32%\drivers\SE27wh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]
SE27whnt.sys -> %System32%\drivers\SE27whnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 05/05/2007 14:05:43 | Attr = R ]
[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 27/05/2007 16:22:28 | Attr = RH ]
bm_3dmodel_151206.bak -> %SystemDrive%\bm_3dmodel_151206.bak -> [Ver = | Size = 170768 bytes | Modified Date = 27/05/2007 02:23:42 | Attr = ]
bm_3dmodel_151206.dwg -> %SystemDrive%\bm_3dmodel_151206.dwg -> [Ver = | Size = 160830 bytes | Modified Date = 27/05/2007 02:24:30 | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 28/05/2007 13:32:38 | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 26/05/2007 12:44:44 | Attr = ]
fsbl.exe -> %SystemDrive%\fsbl.exe -> F-Secure Corporation [Ver = 2, 2, 1061, 0 | Size = 899952 bytes | Modified Date = 28/05/2007 11:37:06 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Modified Date = 28/05/2007 18:03:16 | Attr = HS]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 30/04/2007 22:29:44 | Attr = RH ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 27/05/2007 03:43:06 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 26/05/2007 09:44:04 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 28/05/2007 16:21:46 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 23/05/2007 08:25:24 | Attr = H ]
$NtUninstallKB915800$ -> %SystemRoot%\$NtUninstallKB915800$ -> [Folder | Modified Date = 01/05/2007 20:44:40 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 23/05/2007 08:25:36 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 16/05/2007 03:01:56 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 19/05/2007 11:08:30 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/05/2007 18:03:18 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 22/05/2007 00:36:50 | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 28/05/2007 13:29:08 | Attr = ]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini -> [Ver = | Size = 73 bytes | Modified Date = 22/05/2007 01:15:22 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 22/05/2007 01:04:04 | Attr = ]
g757549.exe -> %SystemRoot%\g757549.exe -> [Ver = | Size = 206 bytes | Modified Date = 26/05/2007 12:16:46 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 27/05/2007 02:16:08 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 16/05/2007 03:03:04 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 23/05/2007 08:25:40 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/05/2007 13:32:38 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 28/05/2007 22:53:58 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 28/05/2007 21:44:30 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 15/05/2007 21:40:22 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/05/2007 22:53:10 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/05/2007 17:44:20 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 28/05/2007 16:21:46 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 28/05/2007 16:21:46 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 19/05/2007 11:08:28 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 30/04/2007 23:18:04 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 30/04/2007 23:31:30 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 26/05/2007 12:16:26 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 28/05/2007 22:54:00 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/05/2007 17:42:24 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/05/2007 18:57:02 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 613 bytes | Modified Date = 12/05/2007 17:44:22 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 30/04/2007 23:06:52 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/05/2007 18:03:26 | Attr = H ]
autosys.exe -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Modified Date = 26/05/2007 11:20:36 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 18/05/2007 12:47:56 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 23/05/2007 08:25:24 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 30/04/2007 23:11:24 | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 26/05/2007 15:29:30 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 28/05/2007 23:34:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 26/05/2007 12:17:20 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 05/05/2007 15:02:58 | Attr = ]
eaypchub.dll -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Modified Date = 26/05/2007 11:27:54 | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 19/05/2007 09:23:32 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 273376 bytes | Modified Date = 24/05/2007 08:23:36 | Attr = ]
hotmwksn.dll -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Modified Date = 28/05/2007 12:12:24 | Attr = ]
ihwnonpk.ini -> %System32%\ihwnonpk.ini -> [Ver = | Size = 1083839 bytes | Modified Date = 27/05/2007 12:10:50 | Attr = HS]
jbkohjkr.dll -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Modified Date = 27/05/2007 12:11:00 | Attr = ]
jvdfkbik.dll -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Modified Date = 28/05/2007 12:12:30 | Attr = ]
klikalka.exe -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Modified Date = 26/05/2007 11:20:26 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 26/05/2007 11:27:46 | Attr = ]
nmoqr.bak1 -> %System32%\nmoqr.bak1 -> [Ver = | Size = 1006565 bytes | Modified Date = 26/05/2007 11:27:22 | Attr = HS]
nmoqr.bak2 -> %System32%\nmoqr.bak2 -> [Ver = | Size = 1011838 bytes | Modified Date = 28/05/2007 12:10:38 | Attr = HS]
nmoqr.ini -> %System32%\nmoqr.ini -> [Ver = | Size = 1031376 bytes | Modified Date = 28/05/2007 22:54:00 | Attr = HS]
nskwmtoh.ini -> %System32%\nskwmtoh.ini -> [Ver = | Size = 1083839 bytes | Modified Date = 28/05/2007 12:13:02 | Attr = HS]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 30/04/2007 20:19:40 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63188 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403968 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 463284 bytes | Modified Date = 19/05/2007 11:08:12 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 29/04/2007 13:00:32 | Attr = ]
rqomn.dll -> %System32%\rqomn.dll -> [Ver = | Size = 263220 bytes | Modified Date = 26/05/2007 11:26:26 | Attr = ]
URTTemp -> %System32%\URTTemp -> [Folder | Modified Date = 19/05/2007 11:07:26 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49616 bytes | Modified Date = 28/05/2007 18:04:04 | Attr = H ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 28/05/2007 18:04:50 | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 29/04/2007 23:48:50 | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 29/04/2007 23:50:10 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/05/2007 12:17:20 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 26/05/2007 12:17:04 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 26/05/2007 12:17:08 | Attr = ]
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\autosys.exe -> [Ver = | Size = 6144 bytes | Modified Date = 26/05/2007 11:20:36 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 27/03/2007 08:49:00 | Attr = ]
UPX! , -> %System32%\eaypchub.dll -> [Ver = | Size = 50745 bytes | Modified Date = 26/05/2007 11:27:54 | Attr = ]
UPX! , -> %System32%\hotmwksn.dll -> [Ver = | Size = 132660 bytes | Modified Date = 28/05/2007 12:12:24 | Attr = ]
UPX! , -> %System32%\jbkohjkr.dll -> [Ver = | Size = 50745 bytes | Modified Date = 27/05/2007 12:11:00 | Attr = ]
UPX! , -> %System32%\jvdfkbik.dll -> [Ver = | Size = 50745 bytes | Modified Date = 28/05/2007 12:12:30 | Attr = ]
PEC2 , PECompact2 , -> %System32%\klikalka.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 10240 bytes | Modified Date = 26/05/2007 11:20:26 | Attr = ]
PEC2 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 10/09/2001 22:15:36 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
PEC2 , -> %System32%\dllcache\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 10/09/2001 22:15:36 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 26/05/2007 12:17:20 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
< End of report >
thank you
neildush