explorer crashes at start

After downloading a zip folder Norton AV detected a Downloader and I allowed it to delete we.exe, being the infected file. Unfortunately this did not do the trick and when I reboot win2k my desktop wallpaper is as far as I get and windows explorer seems to crash. I can restart it with task manager but none of my start up programmes load and it is very flaky. When looking at the task manager processors there is a USERINIT.EXE entry which I am sure was not there before which disappears after a short period. I have attached the HJT and WinPFind logs with erroneous entries like awvvv.dll and pmnkkjh.dll, I have tried fixing these but they keep coming back. I have also run Adaware [no results] and Spybot SD [Virtumonde, Outerinfo, removal.bat - fixed], I have done a full deep scan with Norton AV which showed nothing. I have also tried Trend Micro Housecall, but it could not 'define a native binding'? Just tried Panda so I had to switch from Firefox to IE which completely crashed on startup, as far as I can see most of the online scanners require IE and active x. I am now downloading Fsecure BlackLight to see if I can identify any rootkits, am at my wits end someone pleeeeeeeease help, I need to do some work.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:10 AM, on 05.11.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planning.gov.je/bin/asd.dll/i?n=wrap-choice-wizard2&l=1&url=/content/Ask Wizard.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {FA1CC83B-E99A-45C2-B2F7-5CE576B7953A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07BE5653-9EAA-4127-987A-FED465855198} - C:\WINNT\system32\awvvv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEEventObj Class - {A69DD619-0385-4347-801D-781C09701BF2} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Autodesk DWF - {C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Tottenham Hotspur News Alerts] "C:\Program Files\Tottenham Hotspur News Alerts\spursnewsalerts.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (User 'Default user')
O4 - .DEFAULT Startup: RK Launcher.lnk = C:\Program Files\rklauncher\RKLauncher.exe (User 'Default user')
O4 - .DEFAULT Startup: RK Taskbar.lnk = C:\Program Files\rklauncher\task bar\RKLauncher.exe (User 'Default user')
O4 - .DEFAULT Startup: stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - .DEFAULT Startup: zonealarm.exe.lnk.disabled (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: RK Launcher.lnk = C:\Program Files\rklauncher\RKLauncher.exe
O4 - Startup: RK Taskbar.lnk = C:\Program Files\rklauncher\task bar\RKLauncher.exe
O4 - Startup: stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: zonealarm.exe.lnk.disabled
O4 - Global Startup: Panasonic Communications Utility.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\Program Files\WinSysClean 2008 Trial\UDManager\UDManager.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189069139187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189069608343
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE0BDAA-7C39-433C-94B7-27014E90EF90}: NameServer = 212.9.0.135,212.9.0.136
O20 - AppInit_DLLs:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: SilverStripe HTTP Server (silverstripehttp) - Unknown owner - C:\lighttpd\sbin\srvany.exe
O23 - Service: SilverSripe MySQL Server (silverstripemysql) - Unknown owner - C:\lighttpd\sbin\srvany.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: What Would You Like To Do? - http://www.planning.gov.je/bin/asd.dll/i?n=wrap-choice-wizard2&l=1&url=/content/Ask Wizard.htm
O24 - Desktop Component 2: Product Type Page - http://www.ajspecification.com/Products/P_Type_Page/
O24 - Desktop Component 3: Tottenham Hotspur FC: www.spurs.co.uk - http://www.spurs.co.uk/index.asp

--
End of file - 11324 bytes

 

WinPFind3 logfile created on: 05.11.2007 08:49:15 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\William Harben\Desktop\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

511.01 Mb Total Physical Memory | 263.93 Mb Available Physical Memory | 51.65% Memory free
1.72 Gb Paging File | 1.40 Gb Available in Paging File | 81.50% Paging File free
Paging file location(s): C:\pagefile.sys 1280 1280;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 35.20 Gb Free Space | 47.25% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: WILL
Current User Name: will
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30.07.2002 11:36:00 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.70.216 | Size = 28672 bytes | Modified Date = 01.07.2002 08:50:00 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 25.04.2007 10:21:18 AM | Attr = ]
ooccag.exe -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 28.01.2007 02:08:26 PM | Attr = ]
ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 28.01.2007 02:08:36 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30.07.2002 11:40:44 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06.09.2007 03:14:18 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04.09.2007 10:47:26 AM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06.09.2007 03:14:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(a2free) a-squared Free Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\a-squared free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 28.09.2007 08:36:54 AM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 03.11.2005 02:52:02 PM | Attr = ]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.67.010 | Size = 77944 bytes | Modified Date = 27.07.2005 03:20:48 PM | Attr = ]
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 32768 bytes | Modified Date = 30.07.2002 11:36:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 19.06.2003 07:05:04 PM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 30.04.2007 02:46:00 PM | Attr = ]
(GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.705.14375 | Size = 1831424 bytes | Modified Date = 04.07.2007 09:50:26 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 04.12.2006 04:53:56 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03.04.2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 500800 bytes | Modified Date = 02.03.2007 03:24:20 PM | Attr = ]
(Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.00.00.9374 | Size = 573440 bytes | Modified Date = 30.07.2002 11:40:44 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | On_Demand | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9136 | Size = 155715 bytes | Modified Date = 12.07.2006 12:19:00 PM | Attr = ]
(O&O Defrag) O&O Defrag [Win32_Own | On_Demand | Stopped] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11.05.2007 01:09:48 AM | Attr = ]
(OOCleverCacheAgent) O&O CleverCache Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\OO Software\CleverCache\ooccag.exe -> O&O Software GmbH [Ver = 6.0.1.2851 | Size = 391952 bytes | Modified Date = 28.01.2007 02:08:26 PM | Attr = ]
(silverstripehttp) SilverStripe HTTP Server [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\lighttpd\sbin\srvany.exe -> [Ver = | Size = 15360 bytes | Modified Date = 08.02.2006 12:56:14 PM | Attr = ]
(silverstripemysql) SilverSripe MySQL Server [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\lighttpd\sbin\srvany.exe -> [Ver = | Size = 15360 bytes | Modified Date = 08.02.2006 12:56:14 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 06.09.2007 03:14:18 PM | Attr = ]
(winvnc) VNC Server [Win32_Own | Auto | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
EM_EXEC -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.70.216 | Size = 28672 bytes | Modified Date = 01.07.2002 08:50:00 AM | Attr = ]
ooccctrl.exe -> %ProgramFiles%\OO Software\CleverCache\ooccctrl.exe -> O&O Software GmbH [Ver = 6.0.1.4036 | Size = 1911568 bytes | Modified Date = 28.01.2007 02:08:36 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 06.09.2007 03:14:18 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 02.05.2006 01:56:02 PM | Attr = ]
Tottenham Hotspur News Alerts -> %ProgramFiles%\Tottenham Hotspur News Alerts\spursnewsalerts.exe -> Skinkers Communications [Ver = 1.9.3.3238 | Size = 472064 bytes | Modified Date = 03.10.2005 06:41:08 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\Panasonic Communications Utility.lnk -> File not found
< User Startup > -> C:\Documents and Settings\William Harben\Start Menu\Programs\Startup ->
%UserStartup%\Mozilla Thunderbird.lnk -> %ProgramFiles%\Mozilla Thunderbird\thunderbird.exe -> Mozilla Corporation [Ver = 1.8.1.6: 2007072817 | Size = 8472936 bytes | Modified Date = 02.08.2007 09:04:44 AM | Attr = ]
%UserStartup%\RK Launcher.lnk -> %ProgramFiles%\rklauncher\RKLauncher.exe -> RaduKing [Ver = 0, 41, 0, 0 | Size = 708608 bytes | Modified Date = 16.03.2007 12:05:20 PM | Attr = ]
%UserStartup%\RK Taskbar.lnk -> %ProgramFiles%\rklauncher\task bar\RKLauncher.exe -> RaduKing [Ver = 0, 41, 0, 0 | Size = 708608 bytes | Modified Date = 16.03.2007 12:05:20 PM | Attr = ]
%UserStartup%\stickies.lnk -> %ProgramFiles%\stickies\stickies.exe -> Zhorn Software [Ver = 6.0c | Size = 700416 bytes | Modified Date = 08.03.2007 11:28:20 PM | Attr = ]
%UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.5 | Size = 2913584 bytes | Modified Date = 20.07.2007 05:57:16 PM | Attr = ]
-> %UserStartup%\zonealarm.exe -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKLM] -> Reg Data - Key not found [0aMCPClient] -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{E908A6A7-026C-4FBE-93A9-96020BEEAD53} [HKLM] -> %System32%\pmnkkjh.dll [] -> [Ver = | Size = 36352 bytes | Modified Date = 02.11.2007 10:25:38 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 18 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINNT\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.planning.gov.je/bin/asd.dll/i?n=wrap-choice-wizard2&l=1&url=/content/Ask Wizard.htm ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{FA1CC83B-E99A-45C2-B2F7-5CE576B7953A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 10:08:42 PM | Attr = ]
{07BE5653-9EAA-4127-987A-FED465855198} [HKLM] -> %System32%\awvvv.dll [Reg Data - Value does not exist] -> [Ver = | Size = 310368 bytes | Modified Date = 02.11.2007 10:30:48 AM | Attr = ]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.7.4.dll [BitComet Helper] -> BitComet [Ver = 20070704 | Size = 513336 bytes | Modified Date = 04.07.2007 04:28:28 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31.05.2005 12:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12.07.2007 03:00:36 AM | Attr = ]
{A69DD619-0385-4347-801D-781C09701BF2} [HKLM] -> %ProgramFiles%\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [IEEventObj Class] -> Autodesk, Inc. [Ver = 3.0.0.0 | Size = 102400 bytes | Modified Date = 16.11.2005 10:23:06 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Modified Date = 09.08.2006 04:52:58 PM | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10.05.2007 09:47:04 PM | Attr = ]
{C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} [HKLM] -> %ProgramFiles%\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [Autodesk DWF] -> Autodesk, Inc. [Ver = 3.0.0.0 | Size = 102400 bytes | Modified Date = 16.11.2005 10:23:06 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10.05.2007 09:47:04 PM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Modified Date = 09.08.2006 04:52:58 PM | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 10.05.2007 09:47:04 PM | Attr = ]
{C363E0F4-1D07-4ffb-A69F-BB7D3F4E70A5} [HKLM] -> %ProgramFiles%\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [Autodesk DWF] -> Autodesk, Inc. [Ver = 3.0.0.0 | Size = 102400 bytes | Modified Date = 16.11.2005 10:23:06 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{11359F4A-B191-42D7-905A-594F8CF0387B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{AACBDEE8-0813-4308-8121-94CB60848B2C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{11359F4A-B191-42D7-905A-594F8CF0387B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{AACBDEE8-0813-4308-8121-94CB60848B2C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12.07.2007 03:00:36 AM | Attr = ]
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> Reg Data - Value does not exist [ButtonText: Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> Reg Data - Value does not exist [ButtonText: Save] -> File not found
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} -> Reg Data - Value does not exist [ButtonText: BitComet Search] -> File not found
{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found
&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found
&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found
&Define -> Reg Data - Value does not exist -> File not found
&Google Search -> Reg Data - Value does not exist -> File not found
&Search -> Reg Data - Value does not exist -> File not found
&Translate English Word -> Reg Data - Value does not exist -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Backward Links -> Reg Data - Value does not exist -> File not found
Cached Snapshot of Page -> Reg Data - Value does not exist -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Customize Menu -> Reg Data - Value does not exist -> File not found
Customize Menu &4 -> Reg Data - Value does not exist -> File not found
Fill Forms -> Reg Data - Value does not exist -> File not found
Fill Forms &] -> Reg Data - Value does not exist -> File not found
Save Forms -> Reg Data - Value does not exist -> File not found
Save Forms &[ -> Reg Data - Value does not exist -> File not found
Search &Dictionary -> Reg Data - Value does not exist -> File not found
Search &Thesaurus -> Reg Data - Value does not exist -> File not found
Similar Pages -> Reg Data - Value does not exist -> File not found
Translate into English -> Reg Data - Value does not exist -> File not found
Translate Page into English -> Reg Data - Value does not exist -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
Avant Browser -> IEAK ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5FE0BDAA-7C39-433C-94B7-27014E90EF90} -> 212.9.0.135,212.9.0.136 (3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)) ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844560 bytes | Modified Date = 30.03.2005 11:10:40 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{288C5F13-7E52-4ADA-A32E-F5BF9D125F98} -> - CodeBase = http://www.miniclip.com/bestfriends/retro64_loader.dll ->
{31435657-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab ->
{31564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmvax.cab ->
{41F17733-B041-4099-A042-B518BB6A408C} -> - CodeBase = http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1189069139187 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189069608343 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37804.2427546296 ->
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab ->
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} -> - CodeBase = ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -> - CodeBase = ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> - CodeBase = ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -> - CodeBase = http://dictionary.reference.com/tools/toolbar/lexico.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINNT\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = ->
RaptisoftGameLoader -> - CodeBase = http://www.miniclip.com/haphazard/raptisoftgameloader.cab ->

continued
see next post

 

continued

[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 05.11.2007 08:22:58 AM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535834624 bytes | Created Date = 01.01.1601 | Attr = HS]
Panasonic -> %SystemDrive%\Panasonic -> [Folder | Created Date = 15.10.2007 11:07:12 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 02.11.2007 04:41:40 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 02.11.2007 04:53:35 PM | Attr = ]
zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Created Date = 01.11.2007 04:53:13 PM | Attr = ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 238 bytes | Created Date = 02.11.2007 02:32:26 PM | Attr = ]
awvvv.dll -> %System32%\awvvv.dll -> [Ver = | Size = 310368 bytes | Created Date = 02.11.2007 10:30:45 AM | Attr = ]
COMDLG32.DEP -> %System32%\COMDLG32.DEP -> [Ver = | Size = 2494 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
COMDLG32.oca -> %System32%\COMDLG32.oca -> [Ver = | Size = 35840 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
default_user_class.dat -> %System32%\default_user_class.dat -> [Ver = | Size = 8192 bytes | Created Date = 02.11.2007 12:07:13 PM | Attr = ]
DocMgrMon.dll -> %System32%\DocMgrMon.dll -> Panasonic Communications Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 20480 bytes | Created Date = 15.10.2007 11:07:49 AM | Attr = ]
inet4ap.dll -> %System32%\inet4ap.dll -> ?????????? (?) [Ver = 1, 0, 80, 10008 | Size = 275968 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
InstProc.dll -> %System32%\InstProc.dll -> [Ver = | Size = 38912 bytes | Created Date = 15.10.2007 11:07:55 AM | Attr = ]
killtrap.exe -> %System32%\killtrap.exe -> [Ver = | Size = 36864 bytes | Created Date = 15.10.2007 11:08:44 AM | Attr = ]
lfbmp10N.dll -> %System32%\lfbmp10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.022 | Size = 34304 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
LFCMP10N.DLL -> %System32%\LFCMP10N.DLL -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 271360 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
lffax10N.dll -> %System32%\lffax10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.018 | Size = 78336 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
lfpng10N.dll -> %System32%\lfpng10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 134144 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
lftif10N.dll -> %System32%\lftif10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 122368 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
LTDIS10N.dll -> %System32%\LTDIS10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 229888 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
ltefx10N.dll -> %System32%\ltefx10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.018 | Size = 221184 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
ltfil10N.DLL -> %System32%\ltfil10N.DLL -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 108032 bytes | Created Date = 15.10.2007 11:08:40 AM | Attr = ]
ltimg10N.dll -> %System32%\ltimg10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.018 | Size = 114176 bytes | Created Date = 15.10.2007 11:08:40 AM | Attr = ]
ltkrn10N.dll -> %System32%\ltkrn10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 297984 bytes | Created Date = 15.10.2007 11:08:40 AM | Attr = ]
LTOCX10N.OCX -> %System32%\LTOCX10N.OCX -> LEAD Technologies, Inc. [Ver = 10.0.0.019 | Size = 560640 bytes | Created Date = 15.10.2007 11:08:40 AM | Attr = ]
lttwn10N.dll -> %System32%\lttwn10N.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.024 | Size = 37376 bytes | Created Date = 15.10.2007 11:08:40 AM | Attr = ]
MGCSInst.dll -> %System32%\MGCSInst.dll -> [Ver = | Size = 75776 bytes | Created Date = 15.10.2007 11:07:55 AM | Attr = ]
mgcstilm.dll -> %System32%\mgcstilm.dll -> Panasonic Communications Co., Ltd. [Ver = 1.06 | Size = 62464 bytes | Created Date = 15.10.2007 11:08:48 AM | Attr = ]
MSCOMCT2.DEP -> %System32%\MSCOMCT2.DEP -> [Ver = | Size = 2492 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
MSCOMCT2.oca -> %System32%\MSCOMCT2.oca -> [Ver = | Size = 134656 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
MSCOMCT2.SRG -> %System32%\MSCOMCT2.SRG -> [Ver = | Size = 111 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
MSCOMCTL.DEP -> %System32%\MSCOMCTL.DEP -> [Ver = | Size = 2494 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
MSCOMCTL.oca -> %System32%\MSCOMCTL.oca -> [Ver = | Size = 266240 bytes | Created Date = 15.10.2007 11:08:37 AM | Attr = ]
MSCOMCTL.SRG -> %System32%\MSCOMCTL.SRG -> [Ver = | Size = 111 bytes | Created Date = 15.10.2007 11:08:38 AM | Attr = ]
MSFLXGRD.DEP -> %System32%\MSFLXGRD.DEP -> [Ver = | Size = 2494 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
msflxgrd.oca -> %System32%\msflxgrd.oca -> [Ver = | Size = 76288 bytes | Created Date = 15.10.2007 11:08:38 AM | Attr = ]
MSMAPI32.DEP -> %System32%\MSMAPI32.DEP -> [Ver = | Size = 2496 bytes | Created Date = 15.10.2007 11:08:38 AM | Attr = ]
MSMAPI32.oca -> %System32%\MSMAPI32.oca -> [Ver = | Size = 43008 bytes | Created Date = 15.10.2007 11:08:38 AM | Attr = ]
pmnkkjh.dll -> %System32%\pmnkkjh.dll -> [Ver = | Size = 36352 bytes | Created Date = 02.11.2007 10:25:36 AM | Attr = ]
TABCTL32.DEP -> %System32%\TABCTL32.DEP -> [Ver = | Size = 2492 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
TABCTL32.oca -> %System32%\TABCTL32.oca -> [Ver = | Size = 43008 bytes | Created Date = 15.10.2007 11:08:39 AM | Attr = ]
vvvwa.bak1 -> %System32%\vvvwa.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 02.11.2007 10:31:19 AM | Attr = HS]
vvvwa.bak2 -> %System32%\vvvwa.bak2 -> [Ver = | Size = 6505 bytes | Created Date = 05.11.2007 08:12:50 AM | Attr = HS]
vvvwa.ini -> %System32%\vvvwa.ini -> [Ver = | Size = 6968 bytes | Created Date = 02.11.2007 10:30:52 AM | Attr = HS]
3cisaadi.sys -> %System32%\dllcache\3cisaadi.sys -> U.S. Robotics, Inc. [Ver = 1.00.024 | Size = 792176 bytes | Created Date = 02.11.2007 01:19:55 PM | Attr = ]
3cisati.sys -> %System32%\dllcache\3cisati.sys -> U.S. Robotics, Inc. [Ver = 2.60.002 | Size = 774928 bytes | Created Date = 02.11.2007 01:19:56 PM | Attr = ]
3cpciadi.sys -> %System32%\dllcache\3cpciadi.sys -> U.S. Robotics, Inc. [Ver = 1.00.028 | Size = 801072 bytes | Created Date = 02.11.2007 01:19:57 PM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 763024 bytes | Created Date = 02.11.2007 01:19:52 PM | Attr = ]
a1base.sys -> %System32%\dllcache\a1base.sys -> AVM Berlin [Ver = 2.0 | Size = 387536 bytes | Created Date = 02.11.2007 01:20:58 PM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 17168 bytes | Created Date = 02.11.2007 01:20:03 PM | Attr = ]
atibt829.sys -> %System32%\dllcache\atibt829.sys -> [Ver = | Size = 42192 bytes | Created Date = 02.11.2007 01:20:05 PM | Attr = ]
atitvsnd.sys -> %System32%\dllcache\atitvsnd.sys -> [Ver = | Size = 16976 bytes | Created Date = 02.11.2007 01:20:04 PM | Attr = ]
brzwlan.sys -> %System32%\dllcache\brzwlan.sys -> BreezeCOM [Ver = 4.4.1.17 | Size = 31888 bytes | Created Date = 02.11.2007 01:20:05 PM | Attr = ]
cb325.sys -> %System32%\dllcache\cb325.sys -> Silicom Ltd. [Ver = 4.106.24 | Size = 39680 bytes | Created Date = 02.11.2007 01:20:06 PM | Attr = ]
digidbp.dll -> %System32%\dllcache\digidbp.dll -> Digi International Inc. [Ver = 3.4 | Size = 107280 bytes | Created Date = 02.11.2007 01:20:10 PM | Attr = ]
digifwrk.dll -> %System32%\dllcache\digifwrk.dll -> Digi International Inc. [Ver = 3.4 | Size = 203024 bytes | Created Date = 02.11.2007 01:20:11 PM | Attr = ]
digihlc.dll -> %System32%\dllcache\digihlc.dll -> Digi International Inc. [Ver = 3.4 | Size = 61712 bytes | Created Date = 02.11.2007 01:20:11 PM | Attr = ]
digiinf.dll -> %System32%\dllcache\digiinf.dll -> Digi International Inc. [Ver = 3.4 | Size = 52496 bytes | Created Date = 02.11.2007 01:20:12 PM | Attr = ]
digiisdn.dll -> %System32%\dllcache\digiisdn.dll -> Digi International Inc. [Ver = 3.4 | Size = 27408 bytes | Created Date = 02.11.2007 01:20:13 PM | Attr = ]
digiview.exe -> %System32%\dllcache\digiview.exe -> Digi International Inc. [Ver = 3.4 | Size = 598800 bytes | Created Date = 02.11.2007 01:20:13 PM | Attr = ]
dlh5xnd5.sys -> %System32%\dllcache\dlh5xnd5.sys -> D-Link Corporation [Ver = v1.00.05 | Size = 23216 bytes | Created Date = 02.11.2007 01:20:08 PM | Attr = ]
e100isa4.sys -> %System32%\dllcache\e100isa4.sys -> Intel Corporation [Ver = 5.0.4.0 | Size = 19824 bytes | Created Date = 02.11.2007 01:20:15 PM | Attr = ]
e100snt5.sys -> %System32%\dllcache\e100snt5.sys -> Intel Corporation [Ver = 2.30.00.0000 | Size = 51472 bytes | Created Date = 02.11.2007 01:20:16 PM | Attr = ]
eccommdd.sys -> %System32%\dllcache\eccommdd.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 100432 bytes | Created Date = 02.11.2007 01:20:16 PM | Attr = ]
ecdtrace.sys -> %System32%\dllcache\ecdtrace.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 7648 bytes | Created Date = 02.11.2007 01:20:17 PM | Attr = ]
eclandd.sys -> %System32%\dllcache\eclandd.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 23664 bytes | Created Date = 02.11.2007 01:20:19 PM | Attr = ]
ecnb.sys -> %System32%\dllcache\ecnb.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 38464 bytes | Created Date = 02.11.2007 01:20:21 PM | Attr = ]
ecpagex.dll -> %System32%\dllcache\ecpagex.dll -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 33792 bytes | Created Date = 02.11.2007 01:20:20 PM | Attr = ]
ecpinst.dll -> %System32%\dllcache\ecpinst.dll -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 21680 bytes | Created Date = 02.11.2007 01:20:17 PM | Attr = ]
ecsnadd.sys -> %System32%\dllcache\ecsnadd.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 8960 bytes | Created Date = 02.11.2007 01:20:18 PM | Attr = ]
ecvbus.sys -> %System32%\dllcache\ecvbus.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 7648 bytes | Created Date = 02.11.2007 01:20:18 PM | Attr = ]
ecwandd.sys -> %System32%\dllcache\ecwandd.sys -> Eicon Technology Corporation [Ver = 5.1 (Build 70) | Size = 17856 bytes | Created Date = 02.11.2007 01:20:20 PM | Attr = ]
el515.sys -> %System32%\dllcache\el515.sys -> 3Com Corporation [Ver = 1.07.03 | Size = 45840 bytes | Created Date = 02.11.2007 01:20:19 PM | Attr = ]
forehe.sys -> %System32%\dllcache\forehe.sys -> FORE Systems, Inc. [Ver = 5.00.00.06 | Size = 32528 bytes | Created Date = 02.11.2007 01:20:21 PM | Attr = ]
ibmexmp.sys -> %System32%\dllcache\ibmexmp.sys -> IBM Corp. [Ver = 3.14.00.0000 | Size = 28944 bytes | Created Date = 02.11.2007 01:20:23 PM | Attr = ]
ibmsgnet.dll -> %System32%\dllcache\ibmsgnet.dll -> IBM Corporation [Ver = 1.00.00.0000 | Size = 7680 bytes | Created Date = 02.11.2007 01:20:23 PM | Attr = ]
ibmtok.sys -> %System32%\dllcache\ibmtok.sys -> IBM Corporation [Ver = 12.23.01.0050 | Size = 100112 bytes | Created Date = 02.11.2007 01:20:24 PM | Attr = ]
ibmtrp.sys -> %System32%\dllcache\ibmtrp.sys -> IBM Corporation [Ver = 5.27.00.0050 | Size = 104720 bytes | Created Date = 02.11.2007 01:20:24 PM | Attr = ]
icam3.sys -> %System32%\dllcache\icam3.sys -> Intel Corporation [Ver = 0.00.000000 | Size = 140016 bytes | Created Date = 02.11.2007 01:20:28 PM | Attr = ]
icam3ext.dll -> %System32%\dllcache\icam3ext.dll -> Intel Corporation [Ver = 1.0.0.51 | Size = 27408 bytes | Created Date = 02.11.2007 01:20:29 PM | Attr = ]
jt1nd5.sys -> %System32%\dllcache\jt1nd5.sys -> Level One Communications [Ver = 1.02.00.000 | Size = 35856 bytes | Created Date = 02.11.2007 01:20:29 PM | Attr = ]
lit220p.sys -> %System32%\dllcache\lit220p.sys -> Litronic Industries [Ver = 1 | Size = 15952 bytes | Created Date = 02.11.2007 01:20:30 PM | Attr = ]
lvui32.dll -> %System32%\dllcache\lvui32.dll -> Logitech Inc. [Ver = 1.00.1363 | Size = 15120 bytes | Created Date = 02.11.2007 01:20:31 PM | Attr = ]
lvui32rc.dll -> %System32%\dllcache\lvui32rc.dll -> Logitech Inc. [Ver = 1.00.1363 | Size = 24848 bytes | Created Date = 02.11.2007 01:20:31 PM | Attr = ]
lwadihid.sys -> %System32%\dllcache\lwadihid.sys -> Logitech, Inc. [Ver = 5.00.0000.1050 | Size = 18576 bytes | Created Date = 02.11.2007 01:20:33 PM | Attr = ]
lwusbhid.sys -> %System32%\dllcache\lwusbhid.sys -> Logitech, Inc. [Ver = 5.00.0000.1063 | Size = 19408 bytes | Created Date = 02.11.2007 01:20:33 PM | Attr = ]
netflx3.sys -> %System32%\dllcache\netflx3.sys -> Compaq Computer Corporation [Ver = 5.0.1.8 | Size = 91216 bytes | Created Date = 02.11.2007 01:20:41 PM | Attr = ]
ngrpci.sys -> %System32%\dllcache\ngrpci.sys -> NETGEAR Corporation. [Ver = 4.54 | Size = 30992 bytes | Created Date = 02.11.2007 01:20:42 PM | Attr = ]
otceth5.sys -> %System32%\dllcache\otceth5.sys -> Ositech Communications, Inc. [Ver = 1.02.010.1 | Size = 43792 bytes | Created Date = 02.11.2007 01:20:42 PM | Attr = ]
pca200e.sys -> %System32%\dllcache\pca200e.sys -> FORE Systems, Inc. [Ver = 5.00.00.47613 | Size = 30064 bytes | Created Date = 02.11.2007 01:20:43 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.00.2134.1 | Size = 302352 bytes | Created Date = 02.11.2007 01:20:43 PM | Attr = ]
rnbo3531.sys -> %System32%\dllcache\rnbo3531.sys -> Rainbow Technologies Inc. [Ver = 1.00.26 | Size = 13680 bytes | Created Date = 02.11.2007 01:20:44 PM | Attr = ]
rtl8029.sys -> %System32%\dllcache\rtl8029.sys -> REALTEK Semiconductor Corp. [Ver = 5.29.98.1230 | Size = 18704 bytes | Created Date = 02.11.2007 01:20:44 PM | Attr = ]
rtl8139.sys -> %System32%\dllcache\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.366.0818.1999 | Size = 18704 bytes | Created Date = 02.11.2007 01:20:45 PM | Attr = ]
sis6306p.sys -> %System32%\dllcache\sis6306p.sys -> Silicon Integrated Systems Corporation [Ver = 4.11.01.1070 | Size = 71280 bytes | Created Date = 02.11.2007 01:20:49 PM | Attr = ]
sis6306v.dll -> %System32%\dllcache\sis6306v.dll -> Silicon Integrated Systems Corporation [Ver = 4.11.01.1070 | Size = 179792 bytes | Created Date = 02.11.2007 01:20:50 PM | Attr = ]
sisv.sys -> %System32%\dllcache\sisv.sys -> Silicon Integrated Systems Corporation [Ver = 4.11.01.1300 | Size = 49904 bytes | Created Date = 02.11.2007 01:20:50 PM | Attr = ]
sisv256.dll -> %System32%\dllcache\sisv256.dll -> Silicon Integrated Systems Corporation [Ver = 4.11.01.1300 | Size = 188688 bytes | Created Date = 02.11.2007 01:20:50 PM | Attr = ]
skfpwin.sys -> %System32%\dllcache\skfpwin.sys -> SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH. [Ver = 5.11 | Size = 104656 bytes | Created Date = 02.11.2007 01:20:50 PM | Attr = ]
spxports.dll -> %System32%\dllcache\spxports.dll -> Specialix International Ltd. [Ver = 1.0.0.0008 | Size = 420624 bytes | Created Date = 02.11.2007 01:20:51 PM | Attr = ]
stlnata.sys -> %System32%\dllcache\stlnata.sys -> Stallion Technologies [Ver = 5.5.13 | Size = 280912 bytes | Created Date = 02.11.2007 01:20:52 PM | Attr = ]
stlnprop.dll -> %System32%\dllcache\stlnprop.dll -> Stallion Technologies [Ver = 5.5.12 | Size = 176400 bytes | Created Date = 02.11.2007 01:20:52 PM | Attr = ]
tos4mo.sys -> %System32%\dllcache\tos4mo.sys -> TOSHIBA Corporation [Ver = 2.13 | Size = 28432 bytes | Created Date = 02.11.2007 01:20:54 PM | Attr = ]
tsbmce.sys -> %System32%\dllcache\tsbmce.sys -> Toshiba Corp. [Ver = Version 5.0.2 | Size = 17712 bytes | Created Date = 02.11.2007 01:20:53 PM | Attr = ]
w840nd.sys -> %System32%\dllcache\w840nd.sys -> Winbond Electronics Corporation [Ver = 2.40 | Size = 19728 bytes | Created Date = 02.11.2007 01:20:55 PM | Attr = ]
winacisa.sys -> %System32%\dllcache\winacisa.sys -> Rockwell [Ver = 2,0,2,111 | Size = 771824 bytes | Created Date = 02.11.2007 01:20:56 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
BACKUPS -> %SystemDrive%\BACKUPS -> [Folder | Modified Date = 01.11.2007 01:00:02 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 05.11.2007 08:27:04 AM | Attr = HS]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 23.10.2007 10:36:14 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535834624 bytes | Modified Date = 05.11.2007 08:27:08 AM | Attr = HS]
Panasonic -> %SystemDrive%\Panasonic -> [Folder | Modified Date = 15.10.2007 11:07:50 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 05.11.2007 08:23:00 AM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 02.11.2007 05:04:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 17.10.2007 02:43:44 PM | Attr = ]
WINNT -> %SystemRoot% -> [Folder | Modified Date = 02.11.2007 04:53:36 PM | Attr = ]
ccolwiz.ini -> %SystemRoot%\ccolwiz.ini -> [Ver = | Size = 170 bytes | Modified Date = 31.10.2007 04:45:44 PM | Attr = ]
crackpdf.INI -> %SystemRoot%\crackpdf.INI -> [Ver = | Size = 446 bytes | Modified Date = 10.10.2007 03:33:24 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 05.11.2007 08:27:58 AM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 02.11.2007 04:53:40 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 15.10.2007 11:21:32 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 05.11.2007 08:23:10 AM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 05.11.2007 08:46:56 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 01.11.2007 04:19:46 PM | Attr = ]
render.ini -> %SystemRoot%\render.ini -> [Ver = | Size = 35 bytes | Modified Date = 30.10.2007 11:51:00 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 05.11.2007 08:25:14 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 05.11.2007 08:28:42 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 02.11.2007 03:17:28 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 05.11.2007 08:28:46 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1162 bytes | Modified Date = 18.10.2007 11:41:14 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 05.11.2007 08:23:00 AM | Attr = ]
zipinst.exe -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 01.11.2007 04:53:14 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 02.11.2007 03:17:28 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 02.11.2007 03:17:28 PM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 238 bytes | Modified Date = 02.11.2007 02:33:00 PM | Attr = ]
awvvv.dll -> %System32%\awvvv.dll -> [Ver = | Size = 310368 bytes | Modified Date = 02.11.2007 10:30:48 AM | Attr = ]
default_user_class.dat -> %System32%\default_user_class.dat -> [Ver = | Size = 8192 bytes | Modified Date = 02.11.2007 12:07:20 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 05.11.2007 08:23:56 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 05.11.2007 08:27:22 AM | Attr = ]
HPANT.DAT -> %System32%\HPANT.DAT -> [Ver = | Size = 2563 bytes | Modified Date = 05.11.2007 08:25:12 AM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 01.11.2007 07:21:36 AM | Attr = ]
oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 239574 bytes | Modified Date = 05.11.2007 08:27:04 AM | Attr = ]
pmnkkjh.dll -> %System32%\pmnkkjh.dll -> [Ver = | Size = 36352 bytes | Modified Date = 02.11.2007 10:25:38 AM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353248 bytes | Modified Date = 05.11.2007 08:29:06 AM | Attr = H ]
vvvwa.bak1 -> %System32%\vvvwa.bak1 -> [Ver = | Size = 6465 bytes | Modified Date = 02.11.2007 10:31:20 AM | Attr = HS]
vvvwa.bak2 -> %System32%\vvvwa.bak2 -> [Ver = | Size = 6505 bytes | Modified Date = 05.11.2007 08:12:52 AM | Attr = HS]
vvvwa.ini -> %System32%\vvvwa.ini -> [Ver = | Size = 6968 bytes | Modified Date = 05.11.2007 08:28:36 AM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 02.11.2007 04:54:28 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 408 bytes -> %SystemDrive%\ama.logoemboss.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemDrive%\ama.logoemboss.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %SystemRoot%\dbplugin.ocx -> [Ver = 6, 1, 0, 8 | Size = 2682965 bytes | Modified Date = 16.11.2006 02:44:20 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\MusicMatch Wallpaper.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 6.810-1005 | Size = 965632 bytes | Modified Date = 19.12.2003 01:02:08 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\winnt256.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
UPX! , UPX0 , -> %SystemRoot%\zipinst.exe -> NirSoft [Ver = 1.21 | Size = 39424 bytes | Modified Date = 01.11.2007 04:53:14 PM | Attr = ]
PEC2 , -> %System32%\flt1chk2.dll -> [Ver = | Size = 31744 bytes | Modified Date = 15.07.2003 12:57:20 AM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\getstart.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 1908 bytes -> %System32%\n2k.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\n2k.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 1256 bytes -> %System32%\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\ntimage.gif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
aspack , -> %System32%\Selfupdate.exe -> Alexis Ríos Negrón [Ver = 2.1.0.12 | Size = 188928 bytes | Modified Date = 17.12.2001 09:56:02 AM | Attr = ]
aspack , -> %System32%\ShellPicture.dll -> BAxBEx Software [Ver = 1.6.1.0 | Size = 134656 bytes | Modified Date = 03.06.2002 02:49:12 AM | Attr = ]
@Alternate Data Stream - 2936 bytes -> %System32%\SpoonUninstall-Ogg Vorbis CLI.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\SpoonUninstall-Ogg Vorbis CLI.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 2188 bytes -> %System32%\SpoonUninstall-Shutdown.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\SpoonUninstall-Shutdown.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 8348 bytes -> %System32%\sppic.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\sppic.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 1900 bytes -> %System32%\tunes.bmp:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\tunes.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
aspack , -> %System32%\Webupdate2.dll -> [Ver = | Size = 215552 bytes | Modified Date = 02.01.2002 10:42:28 AM | Attr = ]
aspack , -> %System32%\WebUpdate2.exe -> Alexis Ríos Negrón [Ver = 2.1.9.388 | Size = 316928 bytes | Modified Date = 03.01.2002 02:09:02 PM | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS.MVP -> [Ver = | Size = 640176 bytes | Modified Date = 21.09.2007 03:41:34 AM | Attr = ]
qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS01 -> [Ver = | Size = 498133 bytes | Modified Date = 30.10.2006 12:39:20 AM | Attr = ]

< End of report >