Results 1 to 10 of 29

Thread: Another click.giftload one

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2011-03-27, 18:45 #1
    sam2011
    sam2011 is offline
    Junior Member
    Join Date
    Mar 2011
    Posts
    17

    Default Another click.giftload one

    Greeting computer experts! As with others I have found it impossible to get rid of click.giftload. I've noticed lag when booting up; and something called offerbox.exe(I've noticed using task manager) begins running and causes IE to pop up to various sites. Anyway here's the DDS stuff (I'd really appreciate some help please):

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by colin at 17:20:30.95 on Sun 03/27/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.392 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\OfferBox\OfferBox.exe
    C:\Documents and Settings\colin\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
    TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
    mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
    mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
    mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ssdiag] c:\windows\ssdiag.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\documents and settings\colin\start menu\programs\startup\BBC iPlayer Desktop.lnk.disabled
    StartupFolder: c:\documents and settings\colin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0b\aoltray.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2009-2-17 55936]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-6 297752]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-11-5 30104]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    .
    =============== Created Last 30 ================
    .
    2011-03-22 12:43:40 0 ----a-w- c:\windows\Ytocakor.bin
    2011-03-22 12:43:35 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\{104856CE-9875-4766-BA7A-758338F643D1}
    2011-03-22 12:42:15 -------- d-----w- c:\docume~1\colin\applic~1\OfferBox
    2011-03-22 12:42:12 -------- d-----w- c:\program files\OfferBox
    2011-03-22 12:42:00 -------- d-----w- c:\docume~1\colin\applic~1\A6B03AF72E542747E886F291D4CE1A71
    2011-03-22 08:05:33 5943120 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{f16d095e-7eca-4855-85b0-d8a503a42fcc}\mpengine.dll
    2011-03-17 00:04:35 8704 ----a-w- c:\windows\system32\vidccleaner.exe
    2011-03-17 00:04:35 61440 ----a-w- c:\windows\system32\xvid.ax
    2011-03-17 00:04:35 552960 ----a-w- c:\windows\system32\xvidcore.dll
    2011-03-17 00:04:35 159744 ----a-w- c:\windows\system32\xvidvfw.dll
    2011-03-17 00:04:06 217088 ----a-w- c:\windows\system32\skjpeg40.dll
    2011-03-17 00:04:05 83968 ----a-w- c:\windows\system32\Skbase40.dll
    2011-03-17 00:04:03 -------- d-----w- c:\program files\Samsung
    2011-03-17 00:03:48 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2011-03-17 00:03:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2011-03-17 00:03:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2011-03-17 00:03:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-03-17 00:03:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2011-03-17 00:03:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2011-03-17 00:03:48 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2011-03-17 00:03:47 323584 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2011-03-16 23:12:20 -------- d-----w- c:\docume~1\colin\locals~1\applic~1\ArcSoft
    2011-03-16 23:11:11 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
    2011-03-16 23:10:40 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2011-03-16 23:10:38 245408 ----a-w- c:\windows\system32\unicows.dll
    .
    ==================== Find3M ====================
    .
    2011-02-27 15:59:04 90112 ----a-w- c:\windows\DUMPc4b7.tmp
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-11 16:30:30 90112 ----a-w- c:\windows\DUMPa047.tmp
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2007-11-10 23:16:25 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
    2007-11-10 23:16:09 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
    2007-11-10 23:15:40 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
    2005-08-11 10:47:16 5671936 -c--a-w- c:\program files\aq3d.exe
    2005-08-04 02:23:07 45056 -c--a-w- c:\program files\FreeDVD.exe
    2005-08-04 02:22:53 891020 -c--a-w- c:\program files\DVDFabDecrypter29.exe
    2005-08-04 01:47:43 536894 -c--a-w- c:\program files\DVD43_3-5-3_Setup.exe
    2005-08-02 23:16:46 414470 -c--a-w- c:\program files\SetupImgTool_1.2.0_63.exe
    2005-08-02 23:08:10 899414 -c--a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
    2005-08-02 02:22:38 1245802 -c--a-w- c:\program files\dvd-ripper.exe
    2005-07-31 10:52:31 1665325 -c--a-w- c:\program files\agsetup.exe
    2005-07-30 23:22:45 21904216 -c--a-w- c:\program files\iTunesSetup.exe
    2005-07-28 23:59:25 9278904 -c--a-w- c:\program files\heavyweaponsetup.exe
    2004-08-09 23:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    2004-06-14 16:04:29 954123 -c--a-w- c:\program files\ChankastUtilv02a3.exe
    2004-03-11 13:40:34 308448 -c--a-w- c:\program files\unmsjvm.exe
    1997-07-03 09:35:04 109056 -c--a-w- c:\program files\Unwise.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: SAMSUNG_SP0802N rev.TK100-28 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8737F439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873857d0]; MOV EAX, [0x8738584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x873D1AB8]
    3 CLASSPNP[0xF7817FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x87315380]
    \Driver\atapi[0x873E2B60] -> IRP_MJ_CREATE -> 0x8737F439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-28#5&2713bb34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8737F27F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 17:23:06.89 ===============

    ps I've tried Spybot (which picks up the hijack deletes, but its back again after reboot) MalwareBytes and superantispyware both updated (but as this is a rootkit probably not suprising) but none get rid of this. This is my spybot scan log:

    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

    DoubleClick: Tracking cookie (Firefox: colin (default)) (Cookie, nothing done)


    Common Dialogs: History (101 files) (Registry key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Activity: ntbtlog.txt (Backup file, nothing done)
    C:\WINDOWS\ntbtlog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    7-Zip: [SBI $0D2606FE] Extracted archives history (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\7-ZIP\Extraction\PathHistory

    Internet Explorer: [SBI $D9A946AF] Last used directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Internet Explorer\Main\Save Directory

    Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Internet Explorer\Download Directory

    Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $D5C3373A] AutoComplete data (1 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\colin\Application Data\Macromedia\Flash Player\#SharedObjects\TGJMFAHT\s.ytimg.com\soundData.sol
    Properties.size=49
    Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
    Properties.filedate=1301078372
    Properties.filedatetext=2011-03-25 19:39:31

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\PZD99DCJ\s.ytimg.com\videostats.sol
    Properties.size=199
    Properties.md5=A23D7E75417304DA459788EFB4FD8D73
    Properties.filedate=1301079140
    Properties.filedatetext=2011-03-25 19:52:19

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\com.quantserve.sol
    Properties.size=74
    Properties.md5=7AAD593AA5FBE79E52ED809F2654AB40
    Properties.filedate=1222020795
    Properties.filedatetext=2008-09-21 19:13:15

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\EAPUSER.sol
    Properties.size=51
    Properties.md5=CB4C2D307356625CCDD711249FDB75BE
    Properties.filedate=1222020613
    Properties.filedatetext=2008-09-21 19:10:12

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\adcontent.videoegg.com\vepui.sol
    Properties.size=68
    Properties.md5=C691E8775164758709EEB1FD8DD1EFB5
    Properties.filedate=1222020774
    Properties.filedatetext=2008-09-21 19:12:54

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\as1.suitesmart.com\6thElement.sol
    Properties.size=151
    Properties.md5=79202DE553CAC8F203BA65E4C1886381
    Properties.filedate=1227191884
    Properties.filedatetext=2008-11-20 15:38:04

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\assets.espn.go.com\s_br.sol
    Properties.size=35
    Properties.md5=760FCA2DC2B18E30543493B04290322A
    Properties.filedate=1228268466
    Properties.filedatetext=2008-12-03 02:41:05

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\bandtools.nabbr.com\com.quantserve.sol
    Properties.size=74
    Properties.md5=7AAD593AA5FBE79E52ED809F2654AB40
    Properties.filedate=1233266015
    Properties.filedatetext=2009-01-29 22:53:35

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\sean\Application Data\Macromedia\Flash Player\#SharedObjects\LXWTGJMC\bin.clearspring.com\clearspring.sol
    Properties.size=1214
    Properties.md5=717D5457148E1966122D3C64765BD10F
    Properties.filedate=1232723340
    Properties.filedatetext=2009-01-23 16:08:59

    MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Management Console: [SBI $ECD50EAD] Recent command list (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Management Console: [SBI $ECD50EAD] Recent command list (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $E48560B4] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

    MS Media Player: [SBI $3B46EBCE] Manually modified tags history (1 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id

    MS Paint: [SBI $07867C39] Recent file list (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

    MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Search Assistant\ACMru

    MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    MS Wordpad: [SBI $4C02334D] Recent file list (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

    Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (4 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

    Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

    Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

    Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

    Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

    Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

    Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

    Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList

    Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList

    Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

    Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

    Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

    Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

    Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

    Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

    Windows.OpenWith: [SBI $9BE3FA35] Open with list - .007 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.007\OpenWithList

    Windows.OpenWith: [SBI $F6619696] Open with list - .008 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.008\OpenWithList

    Windows.OpenWith: [SBI $D9249DD0] Open with list - .009 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.009\OpenWithList

    Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (5 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

    Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

    Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (5 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

    Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (9 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $C92C6763] Open with list - .BUP extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (157 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (102 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (12 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (7 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (11 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (13 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (13 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (11 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (8 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (12 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (110 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (6 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (116 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (166 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (214 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (21 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (17 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $B7EBA926] Last visited history (16 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $B7EBA926] Last visited history (16 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $B7EBA926] Last visited history (19 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\ArcHistory

    WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\ArcHistory

    WinRAR: [SBI $0B56E92B] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\WinRAR\ArcHistory

    WinRAR: [SBI $0B56E92B] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\ArcHistory

    WinRAR: [SBI $A59A1C0A] Recent exe file list (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\DialogEditHistory\ArcName

    WinRAR: [SBI $A59A1C0A] Recent exe file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ArcName

    WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1004\Software\WinRAR\General\LastFolder

    WinRAR: [SBI $B510882E] Extraction directory history (2 files) (Registry key, nothing done)
    HKEY_USERS\PE_C0_S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ExtrPath

    WinRAR: [SBI $B510882E] Extraction directory history (16 files) (Registry key, nothing done)
    HKEY_USERS\PE_C_COLIN BOWDEN.D1SSKL1J.000\Software\WinRAR\DialogEditHistory\ExtrPath

    WinRAR: [SBI $B510882E] Extraction directory history (14 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\ExtrPath

    WinRAR: [SBI $3F9F3F01] Search by archive type history (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\FindArcNames

    WinRAR: [SBI $15BFF857] Search by archive name history (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-515967899-527237240-839522115-1005\Software\WinRAR\DialogEditHistory\FindNames

    Cookie: [SBI $49804B54] Cookie (10) (Cookie, nothing done)


    Cache: [SBI $49804B54] Cache (140) (Cache, nothing done)


    History: [SBI $49804B54] History (59) (History, nothing done)


    Cookie: [SBI $49804B54] Cookie (392) (Cookie, nothing done)


    Cookie: [SBI $49804B54] Cookie (54) (Cookie, nothing done)


    History: [SBI $49804B54] History (1) (History, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2004-04-27 unins000.exe (51.13.0.0)
    2009-07-25 unins001.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2004-05-12 borlndmm.dll (7.0.4.453)
    2004-05-12 delphimm.dll (7.0.4.453)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2004-05-12 UnzDll.dll (1.73.1.1)
    2004-05-12 ZipDll.dll (1.73.2.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2010-11-30 Includes\Hijackers.sbi (*)
    2011-03-08 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2011-02-24 Includes\Malware.sbi (*)
    2011-03-22 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-22 Includes\TrojansC-02.sbi (*)
    2011-03-03 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-21 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by Blade81; 2011-03-28 at 15:28. Reason: Two posts merged. Helpers look for topics with 0 replies.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules