Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Has Found 'tr/vundo.dty.2'


  • Please log in to reply
24 replies to this topic

#1 hishaamsiddiqi

hishaamsiddiqi

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 17 January 2008 - 08:51 PM

I'm using an Avira Anti Virus program which has been working great. A week ago, my computer started showing many inappropriate pop-ups which is embarassing because it's the family computer and my 10 year-old siblings and others use it. I touched some of my antivirus settings, and I don't see the pop-ups anymore, but antime I open a window, whether it be Internet Explorer, Mozilla FireFox, My Documents, My Computer, etc, my antivirus will pop up saying it's found 'TR/Vundo.DTY.2'. All it says is that it's a trojan, I haven't been able to find any other information on it. It gives me an option of delete, quarintine, access deny, or ignore. I usually delete or quarintine it, but it comes up no matter what everytime I open a window, or ocasionally it will be random. Here is the Hijack This Log: (thanks in advance :D )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:54 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\Hot Keyboard\HotKeyb.exe
C:\Program Files\Hot Keyboard\HotKeyb .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqo.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO .exe -rem
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files\Hot Keyboard\HotKeyb .exe -minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\horandmx.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6751 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 20 January 2008 - 11:52 PM

Hello hishaamsiddiqi and welcome to the BC HijackThis forum. I use AntiVir also and really like it. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Session Manager Settings
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 21 January 2008 - 01:05 PM

Thankyou so much. Here it is, it's pretty long:

WinPFind35 logfile created on: 1/21/2008 10:03:13 AM
WinPFind35U Version Beta28 Folder = C:\Documents and Settings\Siddiqi Family\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

509.98 Mb Total Physical Memory | 205.40 Mb Available Physical Memory | 40.28% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.89% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 55.64 Gb Free Space | 77.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SIDDIQI
Current User Name: Siddiqi Family
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 6/13/2004 11:00:00 PM | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12/12/2001 11:01:00 PM | Attr = ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 1/14/2008 3:36:41 PM | Attr = ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:22 PM | Attr = ]
brmfbags.exe -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 9/10/2004 2:32:48 PM | Attr = ]
atnsbmoi.exe -> %System32%\atnsbmoi.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/20/2008 10:04:01 AM | Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.357 | Size = 31744 bytes | Modified Date = 4/8/2005 12:17:28 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1753088 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
smax4pnp .exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp .exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 1/20/2008 9:14:38 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Modified Date = 1/20/2008 9:14:39 PM | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 834560 bytes | Modified Date = 1/20/2008 9:11:31 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Modified Date = 1/20/2008 9:14:41 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 526336 bytes | Modified Date = 1/20/2008 9:11:31 PM | Attr = ]
acrotray .exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray .exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 483328 bytes | Modified Date = 1/20/2008 9:14:45 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 873984 bytes | Modified Date = 1/20/2008 9:11:28 PM | Attr = ]
hotkeyb.exe -> %ProgramFiles%\Hot Keyboard\HotKeyb.exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/13/2008 4:55:35 PM | Attr = ]
dsagnt .exe -> %ProgramFiles%\DellSupport\DSAgnt .exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1/20/2008 9:14:51 PM | Attr = ]
realsched .exe -> %CommonProgramFiles%\Real\Update_OB\realsched .exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 1/20/2008 9:14:55 PM | Attr = ]
hotkeyb .exe -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/21/2008 9:59:44 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 1/21/2008 6:17:08 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:22 PM | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 1/14/2008 3:36:41 PM | Attr = ]
(brmfbags) Brother BidiAgent Service for Resource manager [Win32_Own | Auto | Running] -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 9/10/2004 2:32:48 PM | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 6/13/2004 11:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\atnsbmoi.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/20/2008 10:04:01 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 11:59:48 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr = ]
(ASPI32) ASPI32 [Kernel | System | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 9/10/1999 12:06:00 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2/27/2007 3:25:10 PM | Attr = ]
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 9/17/2007 11:25:03 AM | Attr = ]
(avipbb) avipbb [Kernel | System | Running] -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 1/14/2008 3:37:00 PM | Attr = ]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %System32%\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 6:18:38 PM | Attr = ]
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrFilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Modified Date = 8/17/2001 12:12:12 PM | Attr = ]
(brparimg) Brother Multi Function Parallel Image driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrParImg.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 3168 bytes | Modified Date = 8/17/2001 12:12:24 PM | Attr = ]
(BrParWdm) Brother WDM Parallel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrParwdm.sys -> Brother Industries Ltd. [Ver = 1.00 | Size = 39552 bytes | Modified Date = 8/17/2001 12:12:18 PM | Attr = ]
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 10/15/2004 11:50:20 AM | Attr = ]
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 9/29/2004 2:24:38 AM | Attr = ]
(BrSerWDM) Brother WDM Serial driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.23 built by: WinDDK | Size = 61440 bytes | Modified Date = 11/23/2004 4:39:36 PM | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Modified Date = 8/17/2001 12:12:20 PM | Attr = ]
(BrUsbScn) Brother MFC USB Scanner driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbScn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Modified Date = 8/17/2001 12:12:22 PM | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 1/10/2004 3:28:18 AM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr = S]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 6:49:14 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4299 | Size = 830684 bytes | Modified Date = 4/5/2005 5:46:28 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MR97310_USB_DUAL_CAMERA) MR97310 CIF Dual Mode Camera [Kernel | On_Demand | Stopped] -> system32\DRIVERS\mr97310c.sys -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 8:29:56 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr = ]
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.01.0000 | Size = 245504 bytes | Modified Date = 11/3/2005 8:39:02 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %System32%\drivers\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 12:02:54 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 9:07:44 PM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.7000 | Size = 260224 bytes | Modified Date = 3/22/2005 3:08:40 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr = ]
(ssmdrv) ssmdrv [Kernel | System | Running] -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 3/1/2007 10:34:36 AM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/16/2008 8:00:27 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 834560 bytes | Modified Date = 1/20/2008 9:11:31 PM | Attr = ]
Active Web Reader -> %ProgramFiles%\Deskshare\Active Web Reader\Active Web Reader.exe -> File not found
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> File not found
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> File not found
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1753088 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 526336 bytes | Modified Date = 1/20/2008 9:11:31 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
AROReminder -> %ProgramFiles%\Advanced Registry Optimizer\ARO .exe -> File not found
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 873984 bytes | Modified Date = 1/20/2008 9:11:28 PM | Attr = ]
Hot Keyboard -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/21/2008 9:59:44 AM | Attr = ]
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe -> File not found
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Modified Date = 1/21/2008 9:59:51 AM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 4/14/2007 10:16:36 AM | Attr = R ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 9/18/2003 10:08:22 AM | Attr = ]
< Siddiqi Family Startup Folder > -> C:\Documents and Settings\Siddiqi Family\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\efcyxyv.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
efcyxyv -> efcyxyv.dll -> File not found
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4299 | Size = 131072 bytes | Modified Date = 4/5/2005 5:18:22 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (222979 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.dell.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/hws/sb/dell/en/side....amp;client=dell ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 9:12:08 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AD5EC7A3-7ECC-486A-A9F6-8B06A1853E43} [HKEY_LOCAL_MACHINE] -> %System32%\sstqo.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 341504 bytes | Modified Date = 1/19/2008 12:11:01 PM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\efcyxyv.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.2 | Size = 90112 bytes | Modified Date = 1/25/2006 5:36:16 PM | Attr = ]
{fd3d25ab-fa35-4225-916e-d7788f444253} [HKEY_LOCAL_MACHINE] -> %System32%\esyttchl.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6F079AF0-6711-4DB3-978E-8C1CC54A81AA} -> (Intel® PRO/100 VE Network Connection) ->
{B18E51AD-BFB9-4E12-A6AB-5EC2DF843A9E} -> () ->
{FD96E707-EC7E-4519-956A-9884CA9F4DCC} -> (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{A7ECD556-D6F6-4F41-8C6B-14AB246801A0}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalcity.com/video/kdx.cab[Secure Delivery] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
C:\WINDOWS\system32\sstqo -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Modified Date = 1/21/2008 9:59:51 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 676 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8196 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Conference\Conference.dll -> C:\Program Files\Conference\Conference.dll [C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Paltalk Messenger\paltalk.exe -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk Messenger 8.5] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\YSFLIGHT\fsmaino.exe -> C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\YSFLIGHT\fsmaino.exe [C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\YSFLIGHT\fsmaino.exe:*:Enabled:fsmaino] -> [Ver = | Size = 2383916 bytes | Modified Date = 4/2/2005 12:39:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\kdx\khost.exe -> C:\WINDOWS\kdx\khost.exe [C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager] -> Kontiki Inc. [Ver = 4.22.60714.0 | Size = 2242120 bytes | Modified Date = 10/5/2006 9:51:04 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.1.1 | Size = 10800 bytes | Modified Date = 10/10/2006 9:53:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe -> C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe [C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 1:17:26 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Programs\Empire Earth\Empire Earth.exe -> C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Programs\Empire Earth\Empire Earth.exe [C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Programs\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth] -> [Ver = | Size = 3695616 bytes | Modified Date = 11/5/2001 8:18:02 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\atnsbmoi.exe -> C:\WINDOWS\system32\atn ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
ExcludeFromKnownDlls -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 1/21/2008 9:59:52 AM | Attr = ]
%SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 11:20:05 AM | Attr = ]
%SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 8/10/2004 10:52:56 AM | Attr = ]
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 12/1/2006 6:57:01 PM | Attr = ]
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4 -> File not found
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 8:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
Ś -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Created Date = 3/8/2008 12:45:11 PM | Attr = HS]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 3/8/2008 3:44:22 PM | Attr = ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/16/2008 8:01:45 PM | Attr = ]
asioqcle.ini -> %System32%\asioqcle.ini -> [Ver = | Size = 1056916 bytes | Created Date = 1/14/2008 10:07:43 AM | Attr = HS]
atnsbmoi.exe -> %System32%\atnsbmoi.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 1/20/2008 10:03:59 AM | Attr = ]
Dell -> %System32%\Dell -> [Folder | Created Date = 3/7/2008 8:54:40 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Created Date = 1/12/2008 7:36:28 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Created Date = 1/12/2008 7:36:29 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 1/18/2008 7:53:04 PM | Attr = ]
occhaurg.ini -> %System32%\occhaurg.ini -> [Ver = | Size = 1056976 bytes | Created Date = 1/14/2008 10:10:27 AM | Attr = HS]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 51025 bytes | Created Date = 1/12/2008 3:58:26 PM | Attr = HS]
oqtss.ini2 -> %System32%\oqtss.ini2 -> [Ver = | Size = 51025 bytes | Created Date = 1/12/2008 3:58:26 PM | Attr = HS]
sstqo.dll -> %System32%\sstqo.dll -> [Ver = | Size = 341504 bytes | Created Date = 1/19/2008 12:11:00 PM | Attr = ]
sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Created Date = 1/12/2008 3:58:41 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3218 bytes | Created Date = 3/7/2008 8:47:52 PM | Attr = ]
?icrosoft.NET -> %System32%\Мicrosoft.NET -> [Folder | Modified Date = 8/25/2007 5:20:16 PM | Attr = ]
marscam.ini -> %SystemRoot%\marscam.ini -> [Ver = | Size = 90 bytes | Created Date = 1/2/2008 1:27:40 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/18/2008 6:51:13 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/18/2008 6:51:13 PM | Attr = H ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 198 bytes | Created Date = 1/19/2008 11:20:05 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
addr_file.html -> %AllUsersAppData%\addr_file.html -> [Ver = | Size = 305 bytes | Created Date = 1/14/2008 3:36:41 PM | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Created Date = 3/8/2008 3:44:21 PM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Created Date = 1/14/2008 2:14:14 PM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 1/16/2008 5:44:09 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/18/2008 7:04:05 PM | Attr = ]
View22 -> %AllUsersAppData%\View22 -> [Folder | Created Date = 1/4/2008 12:18:07 PM | Attr = ]
Howard Zinn.doc -> %UserDocuments%\Howard Zinn.doc -> [Ver = | Size = 22016 bytes | Created Date = 1/17/2008 11:05:55 AM | Attr = ]
MGA's personal report.xls -> %UserDocuments%\MGA's personal report.xls -> [Ver = | Size = 20480 bytes | Created Date = 1/2/2008 10:46:59 PM | Attr = ]
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 20907376 bytes | Created Date = 1/16/2008 5:40:20 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
For Indian newspaper.doc -> %UserDesktop%\For Indian newspaper.doc -> [Ver = | Size = 213504 bytes | Created Date = 1/20/2008 10:13:18 PM | Attr = ]
for urdu news.doc -> %UserDesktop%\for urdu news.doc -> [Ver = | Size = 213504 bytes | Created Date = 1/20/2008 10:13:11 PM | Attr = ]
Ghuraba.mp3 -> %UserDesktop%\Ghuraba.mp3 -> [Ver = | Size = 971580 bytes | Created Date = 1/18/2008 3:31:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Ghuraba.mp3:Zone.Identifier
new p.s..doc -> %UserDesktop%\new p.s..doc -> [Ver = | Size = 21504 bytes | Created Date = 1/16/2008 2:05:51 PM | Attr = ]
sanakhoodu.mp3 -> %UserDesktop%\sanakhoodu.mp3 -> [Ver = | Size = 1089225 bytes | Created Date = 1/18/2008 3:31:12 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sanakhoodu.mp3:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 1/18/2008 7:04:10 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 1/18/2008 5:43:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
UM planning 2008-09.doc -> %UserDesktop%\UM planning 2008-09.doc -> [Ver = | Size = 81920 bytes | Created Date = 1/18/2008 7:00:29 AM | Attr = ]
Virus Removal -> %UserDesktop%\Virus Removal -> [Folder | Created Date = 3/8/2008 1:31:43 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/21/2008 10:01:17 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477518 bytes | Created Date = 1/21/2008 10:01:04 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 3/8/2008 2:59:26 PM | Attr = ]
??sks -> %CommonProgramFiles%\Τаsks -> [Folder | Modified Date = 8/25/2007 5:20:15 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 1/20/2008 9:11:13 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/18/2008 7:04:05 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/19/2008 11:20:05 AM | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 1/14/2008 3:37:00 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/20/2008 6:54:56 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 222979 bytes | Modified Date = 1/20/2008 6:54:56 PM | Attr = R ]
hosts.20080120-185456.backup -> %System32%\drivers\etc\hosts.20080120-185456.backup -> [Ver = | Size = 734 bytes | Modified Date = 3/7/2008 8:47:50 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/16/2008 8:00:27 PM | Attr = ]
asioqcle.ini -> %System32%\asioqcle.ini -> [Ver = | Size = 1056916 bytes | Modified Date = 1/14/2008 10:07:46 AM | Attr = HS]
atnsbmoi.exe -> %System32%\atnsbmoi.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/20/2008 10:04:01 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/20/2008 9:12:40 PM | Attr = ]
Dell -> %System32%\Dell -> [Folder | Modified Date = 3/7/2008 8:54:40 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/2/2008 1:30:17 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/16/2008 8:01:45 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Modified Date = 1/20/2008 9:14:39 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Modified Date = 1/20/2008 9:14:41 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/20/2008 9:11:30 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 1/5/2008 9:36:58 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 1/18/2008 9:44:35 PM | Attr = ]
occhaurg.ini -> %System32%\occhaurg.ini -> [Ver = | Size = 1056976 bytes | Modified Date = 1/14/2008 10:10:40 AM | Attr = HS]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 51025 bytes | Modified Date = 1/21/2008 10:03:24 AM | Attr = HS]
oqtss.ini2 -> %System32%\oqtss.ini2 -> [Ver = | Size = 51025 bytes | Modified Date = 1/21/2008 10:02:45 AM | Attr = HS]
sstqo.dll -> %System32%\sstqo.dll -> [Ver = | Size = 341504 bytes | Modified Date = 1/19/2008 12:11:01 PM | Attr = ]
sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Modified Date = 1/21/2008 9:59:51 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3218 bytes | Modified Date = 3/7/2008 8:47:52 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/20/2008 9:12:33 PM | Attr = ]
?icrosoft.NET -> %System32%\Мicrosoft.NET -> [Folder | Modified Date = 8/25/2007 5:20:16 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/20/2008 9:11:14 PM | Attr = S]
BRMFBIDI.INI -> %SystemRoot%\BRMFBIDI.INI -> [Ver = | Size = 1796 bytes | Modified Date = 1/21/2008 9:41:38 AM | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 467 bytes | Modified Date = 1/20/2008 10:14:12 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/8/2008 9:08:24 PM | Attr = S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:33:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/20/2008 7:07:35 PM | Attr = HS]
marscam.ini -> %SystemRoot%\marscam.ini -> [Ver = | Size = 90 bytes | Modified Date = 1/3/2008 1:15:29 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4016 bytes | Modified Date = 1/4/2008 12:17:50 PM | Attr = ]
Power Video Converter.INI -> %SystemRoot%\Power Video Converter.INI -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 8:25:57 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/21/2008 10:02:12 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/18/2008 6:51:13 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/18/2008 7:40:53 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/20/2008 7:09:59 PM | Attr = ]
screengenie.xml -> %SystemRoot%\screengenie.xml -> [Ver = | Size = 286 bytes | Modified Date = 1/6/2008 4:48:13 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/21/2008 9:59:52 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/21/2008 10:02:01 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 1/14/2008 3:33:38 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 198 bytes | Modified Date = 1/19/2008 4:45:14 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/20/2008 9:11:29 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
addr_file.html -> %AllUsersAppData%\addr_file.html -> [Ver = | Size = 305 bytes | Modified Date = 1/14/2008 3:36:41 PM | Attr = ]
Avira -> %AllUsersAppData%\Avira -> [Folder | Modified Date = 3/8/2008 3:44:21 PM | Attr = ]
Google -> %AllUsersAppData%\Google -> [Folder | Modified Date = 1/14/2008 3:36:23 PM | Attr = ]
Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 1/16/2008 7:58:08 PM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/18/2008 10:47:10 PM | Attr = ]
View22 -> %AllUsersAppData%\View22 -> [Folder | Modified Date = 1/4/2008 12:18:07 PM | Attr = ]
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 3/8/2008 5:50:08 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/4/2008 5:16:09 PM | Attr = ]
Move Networks -> %UserAppData%\Move Networks -> [Folder | Modified Date = 1/19/2008 12:55:02 PM | Attr = ]
Paltalk -> %UserAppData%\Paltalk -> [Folder | Modified Date = 3/8/2008 5:08:28 PM | Attr = ]
U3 -> %UserAppData%\U3 -> [Folder | Modified Date = 1/20/2008 11:04:51 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 155648 bytes | Modified Date = 1/15/2008 8:26:31 PM | Attr = ]
Google -> %LocalAppData%\Google -> [Folder | Modified Date = 1/14/2008 2:14:34 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4847032 bytes | Modified Date = 1/19/2008 12:13:59 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/19/2008 6:14:19 PM | Attr = ]
Howard Zinn.doc -> %UserDocuments%\Howard Zinn.doc -> [Ver = | Size = 22016 bytes | Modified Date = 1/17/2008 11:05:55 AM | Attr = ]
iRiver U10 -> %UserDocuments%\iRiver U10 -> [Folder | Modified Date = 1/15/2008 8:40:15 PM | Attr = R ]
MGA's personal report.xls -> %UserDocuments%\MGA's personal report.xls -> [Ver = | Size = 20480 bytes | Modified Date = 1/2/2008 10:46:59 PM | Attr = ]
My PSP8 Files -> %UserDocuments%\My PSP8 Files -> [Folder | Modified Date = 1/20/2008 9:50:05 PM | Attr = ]
Samil's Parrots -> %UserDocuments%\Samil's Parrots -> [Folder | Modified Date = 1/13/2008 4:16:14 PM | Attr = ]
Sansa Media Converter -> %UserDocuments%\Sansa Media Converter -> [Folder | Modified Date = 1/15/2008 8:46:42 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 49152 bytes | Modified Date = 1/2/2008 1:35:07 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
aaw2007.exe -> %UserDesktop%\aaw2007.exe -> [Ver = | Size = 20907376 bytes | Modified Date = 1/16/2008 5:40:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
Ami Flyers -> %UserDesktop%\Ami Flyers -> [Folder | Modified Date = 1/18/2008 6:43:44 AM | Attr = ]
Asif's Folders -> %UserDesktop%\Asif's Folders -> [Folder | Modified Date = 1/4/2008 12:43:55 PM | Attr = ]
Azzaam -> %UserDesktop%\Azzaam -> [Folder | Modified Date = 1/3/2008 1:14:55 PM | Attr = R ]
Azzaam's homework -> %UserDesktop%\Azzaam's homework -> [Folder | Modified Date = 1/6/2008 6:40:58 PM | Attr = R ]
For Indian newspaper.doc -> %UserDesktop%\For Indian newspaper.doc -> [Ver = | Size = 213504 bytes | Modified Date = 1/20/2008 10:02:14 PM | Attr = ]
for urdu news.doc -> %UserDesktop%\for urdu news.doc -> [Ver = | Size = 213504 bytes | Modified Date = 1/20/2008 10:04:38 PM | Attr = ]
Ghuraba.mp3 -> %UserDesktop%\Ghuraba.mp3 -> [Ver = | Size = 971580 bytes | Modified Date = 1/19/2008 2:11:41 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Ghuraba.mp3:Zone.Identifier
Maheens Stuff -> %UserDesktop%\Maheens Stuff -> [Folder | Modified Date = 1/20/2008 1:19:29 PM | Attr = ]
new p.s..doc -> %UserDesktop%\new p.s..doc -> [Ver = | Size = 21504 bytes | Modified Date = 1/16/2008 2:05:52 PM | Attr = ]
sanakhoodu.mp3 -> %UserDesktop%\sanakhoodu.mp3 -> [Ver = | Size = 1089225 bytes | Modified Date = 1/18/2008 3:31:25 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sanakhoodu.mp3:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 1/18/2008 7:04:10 PM | Attr = ]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 1/18/2008 5:43:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
UM planning 2008-09.doc -> %UserDesktop%\UM planning 2008-09.doc -> [Ver = | Size = 81920 bytes | Modified Date = 1/18/2008 7:00:30 AM | Attr = ]
Virus Removal -> %UserDesktop%\Virus Removal -> [Folder | Modified Date = 3/8/2008 5:25:37 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/21/2008 10:01:17 AM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 477518 bytes | Modified Date = 1/21/2008 10:01:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 1/20/2008 9:14:55 PM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 3/8/2008 2:59:26 PM | Attr = ]
??sks -> %CommonProgramFiles%\Τаsks -> [Folder | Modified Date = 8/25/2007 5:20:15 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6390 bytes | Modified Date = 1/14/2008 2:14:03 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5124 bytes | Modified Date = 1/14/2008 2:14:03 PM | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 9/12/2006 7:09:54 PM | Attr = ]

< End of report >



#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 21 January 2008 - 02:47 PM

Hi hishaamsiddiqi. Your log was not as long as the one I had right before it. 10mb and 39,960 lines. Do you think they were infected lol?

Ok, I see lots of stuff in the log so let's get to work. Please follow the steps below in order.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

drivers to unload:
DomainService

Files to delete:
c:\windows\system32\atnsbmoi.exe
c:\windows\system32\sstqo.exe
c:\windows\system32\efcyxyv.dll
c:\windows\system32\esyttchl.dll
c:\windows\system32\asioqcle.ini
c:\windows\system32\atnsbmoi.exe
c:\windows\system32\occhaurg.ini
c:\windows\system32\oqtss.ini
c:\windows\system32\sstqo.dll
c:\windows\system32\tmp.reg
c:\windows\system32\mcrh.tmp
c:\windows\system32\oqtss.ini2
c:\windows\marscam.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh WinPFind35u log by using Add/Reply

5. Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> atnsbmoi.exe -> %System32%\atnsbmoi.exe
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\atnsbmoi.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AROReminder -> %ProgramFiles%\Advanced Registry Optimizer\ARO .exe
YY -> MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe
YY -> Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\sstqo.exe -> %System32%\sstqo.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\efcyxyv.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> efcyxyv -> efcyxyv.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {AD5EC7A3-7ECC-486A-A9F6-8B06A1853E43} [HKEY_LOCAL_MACHINE] -> %System32%\sstqo.dll [Reg Error: Value does not exist or could not be read.]
YY -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\efcyxyv.dll [Reg Error: Value does not exist or could not be read.]
YY -> {fd3d25ab-fa35-4225-916e-d7788f444253} [HKEY_LOCAL_MACHINE] -> %System32%\esyttchl.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YY -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\sstqo -> %System32%\sstqo.exe
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Conference\Conference.dll -> C:\Program Files\Conference\Conference.dll [C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Paltalk Messenger\paltalk.exe -> C:\Program Files\Paltalk Messenger\paltalk.exe [C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk Messenger 8.5]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe -> C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe [C:\Documents and Settings\Siddiqi Family\My Documents\Hishaam\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\atnsbmoi.exe -> C:\WINDOWS\system32\atn
[Files/Folders - Created Within 30 days]
NY -> asioqcle.ini -> %System32%\asioqcle.ini
NY -> atnsbmoi.exe -> %System32%\atnsbmoi.exe
NY -> occhaurg.ini -> %System32%\occhaurg.ini
NY -> oqtss.ini -> %System32%\oqtss.ini
NY -> oqtss.ini2 -> %System32%\oqtss.ini2
NY -> sstqo.dll -> %System32%\sstqo.dll
NY -> sstqo.exe -> %System32%\sstqo.exe
NY -> tmp.reg -> %System32%\tmp.reg
NY -> ?icrosoft.NET -> %System32%\Мicrosoft.NET
NY -> marscam.ini -> %SystemRoot%\marscam.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> ??sks -> %CommonProgramFiles%\Τаsks
[Files/Folders - Modified Within 30 days]
NY -> asioqcle.ini -> %System32%\asioqcle.ini
NY -> atnsbmoi.exe -> %System32%\atnsbmoi.exe
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> occhaurg.ini -> %System32%\occhaurg.ini
NY -> oqtss.ini -> %System32%\oqtss.ini
NY -> oqtss.ini2 -> %System32%\oqtss.ini2
NY -> sstqo.dll -> %System32%\sstqo.dll
NY -> sstqo.exe -> %System32%\sstqo.exe
NY -> tmp.reg -> %System32%\tmp.reg
NY -> ?icrosoft.NET -> %System32%\Мicrosoft.NET
NY -> marscam.ini -> %SystemRoot%\marscam.ini
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> ??sks -> %CommonProgramFiles%\Τаsks
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Extra Files]
purity
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. Your desktop and taskbar will disappear. That is Ok. When it is done they should reappear again. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

6. Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
7. Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 22 January 2008 - 10:19 PM

I'm sorry it took so long to respond, but the Avenger link seems to be broken. It says that it's getting file informtion, but it won't load at all. Maybe there's a mirror site that will let me download it? And since my last post, my computer's started this new habit where the taskbar (the one at the bottom with the Start, Quick Launch, etc) will disappear and refresh and then it will load back with all the 'links' to the open pages missing.

#6 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 22 January 2008 - 10:39 PM

Sorry, I got it to download.

Here is the avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ortlcsfv

*******************

Script file located at: \??\C:\Program Files\xuggkbbu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver DomainService unloaded successfully.
File c:\windows\system32\atnsbmoi.exe deleted successfully.
File c:\windows\system32\sstqo.exe deleted successfully.


File c:\windows\system32\efcyxyv.dll not found!
Deletion of file c:\windows\system32\efcyxyv.dll failed!

Could not process line:
c:\windows\system32\efcyxyv.dll
Status: 0xc0000034



File c:\windows\system32\esyttchl.dll not found!
Deletion of file c:\windows\system32\esyttchl.dll failed!

Could not process line:
c:\windows\system32\esyttchl.dll
Status: 0xc0000034

File c:\windows\system32\asioqcle.ini deleted successfully.


File c:\windows\system32\atnsbmoi.exe not found!
Deletion of file c:\windows\system32\atnsbmoi.exe failed!

Could not process line:
c:\windows\system32\atnsbmoi.exe
Status: 0xc0000034

File c:\windows\system32\occhaurg.ini deleted successfully.
File c:\windows\system32\oqtss.ini deleted successfully.
File c:\windows\system32\sstqo.dll deleted successfully.
File c:\windows\system32\tmp.reg deleted successfully.
File c:\windows\system32\mcrh.tmp deleted successfully.
File c:\windows\system32\oqtss.ini2 deleted successfully.
File c:\windows\marscam.ini deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



After I ran the Fix, there was no notepad with the actions taken during the fix.

Here is the new Winpfind35u scan:

WinPFind35 logfile created on: 1/22/2008 7:38:59 PM
WinPFind35U Version Beta28 Folder = C:\Documents and Settings\Siddiqi Family\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

509.98 Mb Total Physical Memory | 201.53 Mb Available Physical Memory | 39.52% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 56.17 Gb Free Space | 78.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SIDDIQI
Current User Name: Siddiqi Family
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 6/13/2004 11:00:00 PM | Attr = ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 1/14/2008 3:36:41 PM | Attr = ]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12/12/2001 11:01:00 PM | Attr = ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:22 PM | Attr = ]
brmfbags.exe -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 9/10/2004 2:32:48 PM | Attr = ]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.357 | Size = 31744 bytes | Modified Date = 4/8/2005 12:17:28 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1753088 bytes | Modified Date = 1/22/2008 6:03:47 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/22/2008 6:03:47 AM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/22/2008 6:03:48 AM | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 834560 bytes | Modified Date = 1/22/2008 6:03:48 AM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 526336 bytes | Modified Date = 1/22/2008 6:03:49 AM | Attr = ]
acrotray .exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray .exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 483328 bytes | Modified Date = 1/22/2008 7:27:16 PM | Attr = ]
smax4pnp .exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp .exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 1/22/2008 7:27:19 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 873984 bytes | Modified Date = 1/22/2008 6:03:45 AM | Attr = ]
realsched .exe -> %CommonProgramFiles%\Real\Update_OB\realsched .exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 1/22/2008 7:27:22 PM | Attr = ]
hotkeyb.exe -> %ProgramFiles%\Hot Keyboard\HotKeyb.exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/13/2008 4:55:35 PM | Attr = ]
dsagnt .exe -> %ProgramFiles%\DellSupport\DSAgnt .exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1/22/2008 7:27:25 PM | Attr = ]
hotkeyb .exe -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/22/2008 7:38:14 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 1/21/2008 6:17:08 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 8/28/2007 1:16:22 PM | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 1/14/2008 3:36:41 PM | Attr = ]
(brmfbags) Brother BidiAgent Service for Resource manager [Win32_Own | Auto | Running] -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 9/10/2004 2:32:48 PM | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 6/13/2004 11:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 11:59:48 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 834560 bytes | Modified Date = 1/22/2008 6:03:48 AM | Attr = ]
Active Web Reader -> %ProgramFiles%\Deskshare\Active Web Reader\Active Web Reader.exe -> File not found
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/22/2008 6:03:47 AM | Attr = ]
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> File not found
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/22/2008 6:03:48 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> File not found
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1753088 bytes | Modified Date = 1/22/2008 6:03:47 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 526336 bytes | Modified Date = 1/22/2008 6:03:49 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> -> File not found
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 873984 bytes | Modified Date = 1/22/2008 6:03:45 AM | Attr = ]
Hot Keyboard -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> TB Labs [Ver = 2, 7, 0, 568 | Size = 941056 bytes | Modified Date = 1/22/2008 7:38:14 PM | Attr = ]
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load ->
C:\WINDOWS\system32\sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Modified Date = 1/22/2008 7:38:14 PM | Attr = ]
*MultiFile Done* -> ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 4/14/2007 10:16:36 AM | Attr = R ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 9/18/2003 10:08:22 AM | Attr = ]
< Siddiqi Family Startup Folder > -> C:\Documents and Settings\Siddiqi Family\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4299 | Size = 131072 bytes | Modified Date = 4/5/2005 5:18:22 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (222979 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.dell.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en&client=dell ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/hws/sb/dell/en/side....amp;client=dell ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 9:12:08 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.2 | Size = 90112 bytes | Modified Date = 1/25/2006 5:36:16 PM | Attr = ]
{DE52F175-D984-4004-A28F-86B20F56F78B} [HKEY_LOCAL_MACHINE] -> %System32%\sstqo.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 341504 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 9/23/2005 9:41:42 PM | Attr = ]
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6F079AF0-6711-4DB3-978E-8C1CC54A81AA} -> (Intel® PRO/100 VE Network Connection) ->
{B18E51AD-BFB9-4E12-A6AB-5EC2DF843A9E} -> () ->
{FD96E707-EC7E-4519-956A-9884CA9F4DCC} -> (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{A7ECD556-D6F6-4F41-8C6B-14AB246801A0}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalcity.com/video/kdx.cab[Secure Delivery] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[Shockwave Flash Object] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 1/22/2008 7:27:29 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Created Date = 3/8/2008 12:45:11 PM | Attr = HS]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 3/8/2008 3:44:22 PM | Attr = ]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 3/8/2008 3:44:24 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 1/16/2008 8:01:45 PM | Attr = ]
Dell -> %System32%\Dell -> [Folder | Created Date = 3/7/2008 8:54:40 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Created Date = 1/12/2008 7:36:28 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Created Date = 1/12/2008 7:36:29 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 3/8/2008 3:00:00 PM | Attr = ]
mxrvcphg.exe -> %System32%\mxrvcphg.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 1/22/2008 6:08:46 PM | Attr = ]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 6514 bytes | Created Date = 1/22/2008 7:35:06 PM | Attr = HS]
oqtss.ini2 -> %System32%\oqtss.ini2 -> [Ver = | Size = 318 bytes | Created Date = 1/22/2008 7:35:11 PM | Attr = HS]
sstqo.dll -> %System32%\sstqo.dll -> [Ver = | Size = 341504 bytes | Created Date = 1/22/2008 7:27:11 PM | Attr = ]
sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Created Date = 1/22/2008 7:35:13 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/18/2008 6:51:13 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/18/2008 6:51:13 PM | Attr = H ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 198 bytes | Created Date = 1/19/2008 11:20:05 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 1/22/2008 7:27:29 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 1/22/2008 7:26:27 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/22/2008 7:26:15 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/22/2008 7:26:16 PM | Attr = ]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 1/14/2008 3:37:00 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/20/2008 6:54:56 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 222979 bytes | Modified Date = 1/20/2008 6:54:56 PM | Attr = R ]
hosts.20080120-185456.backup -> %System32%\drivers\etc\hosts.20080120-185456.backup -> [Ver = | Size = 734 bytes | Modified Date = 3/7/2008 8:47:50 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 1/16/2008 8:00:27 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/22/2008 7:26:47 PM | Attr = ]
Dell -> %System32%\Dell -> [Folder | Modified Date = 3/7/2008 8:54:40 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/2/2008 1:30:17 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/22/2008 7:27:37 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 77824 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 423936 bytes | Modified Date = 1/22/2008 6:03:47 AM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 114688 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4299 | Size = 460800 bytes | Modified Date = 1/22/2008 6:03:48 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 1/5/2008 9:36:58 PM | Attr = ]
mxrvcphg.exe -> %System32%\mxrvcphg.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 1/22/2008 6:08:47 PM | Attr = ]
oqtss.ini -> %System32%\oqtss.ini -> [Ver = | Size = 6514 bytes | Modified Date = 1/22/2008 7:38:28 PM | Attr = HS]
oqtss.ini2 -> %System32%\oqtss.ini2 -> [Ver = | Size = 318 bytes | Modified Date = 1/22/2008 7:38:14 PM | Attr = HS]
sstqo.dll -> %System32%\sstqo.dll -> [Ver = | Size = 341504 bytes | Modified Date = 1/22/2008 7:27:12 PM | Attr = ]
sstqo.exe -> %System32%\sstqo.exe -> [Ver = | Size = 345088 bytes | Modified Date = 1/22/2008 7:38:14 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/22/2008 7:27:01 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/22/2008 7:26:28 PM | Attr = S]
BRMFBIDI.INI -> %SystemRoot%\BRMFBIDI.INI -> [Ver = | Size = 1796 bytes | Modified Date = 1/22/2008 7:26:41 PM | Attr = ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 467 bytes | Modified Date = 1/22/2008 6:37:25 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/8/2008 9:08:24 PM | Attr = S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/14/2008 3:33:40 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/22/2008 2:33:11 PM | Attr = HS]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4016 bytes | Modified Date = 1/4/2008 12:17:50 PM | Attr = ]
Power Video Converter.INI -> %SystemRoot%\Power Video Converter.INI -> [Ver = | Size = 67 bytes | Modified Date = 1/15/2008 8:25:57 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/22/2008 7:28:00 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/18/2008 6:51:13 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/22/2008 5:52:19 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/21/2008 10:08:38 AM | Attr = ]
screengenie.xml -> %SystemRoot%\screengenie.xml -> [Ver = | Size = 286 bytes | Modified Date = 1/6/2008 4:48:13 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/22/2008 7:38:14 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/22/2008 7:38:10 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 1/14/2008 3:33:38 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 198 bytes | Modified Date = 1/19/2008 4:45:14 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/22/2008 7:26:31 PM | Attr = H ]

< End of report >



#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 22 January 2008 - 11:45 PM

Hi hishaamsiddiqi. You have a bad one on there. There is more hiding that we do not see yet. Let's try something else.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 23 January 2008 - 08:36 PM

I ran ComboFix several times, and each time it fails to write up a log. I know the Windows page is supposed to disappear for a while, but it was gone for 2 hours, and there were no applications running, so I restarted the computer each time. Should I just wait it out?

Here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqo.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files\Hot Keyboard\HotKeyb .exe -minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5709 bytes



#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 23 January 2008 - 10:20 PM

Hi hishaamsiddiqi. Try running it from Safe Mode. I can see from your last WPF35 log that this has already infected a number of your applications and more than likely a number of the system files too. ComboFix is really the only program that will deal with this particular infection. If we can't get that to run we are really out of options at this point.

Let me know what happens.

Cheers.

OT

Also, I do not need any HijackThis log. It doesn't show this infection anyway.

Edited by OldTimer, 23 January 2008 - 10:21 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 25 January 2008 - 07:13 PM

Sorry, Combofix still won't post a log. Windows just disappears forever.

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 25 January 2008 - 09:56 PM

Hi hishaamsiddiqi. Then we really don't have alot of options left. The machine is too heavily infected. Let me think about this. Do you have an original XP CD? We might be able to delete enough of the files from Recovery Console to get ComboFix to run.

Let me know

Cheres.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 26 January 2008 - 04:17 PM

I'm sorry, my computer didn't come with one or I can't find it. Do you think I should try doing all the previous steps again, or is it just not working because it really is that badly infected?


Edit: I just called Dell, I might be able to get the CD. I'll let you know.

Edit: I don't know if this will help, but the guy I called also said that if you go to the Dell.com website, you can download everything that was on the CD online. I have an Inspiron 1100. I found a lot on this page, maybe you will understand it better.

http://support.dell.com/support/downloads/...tid=&impid=

Thanks

Edited by hishaamsiddiqi, 26 January 2008 - 04:52 PM.


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 27 January 2008 - 11:07 AM

Hi hishaamsiddiqi. That would be for all of the drivers and such. They would not be able to put a download of XP on their site. Sometimes manufacturers include the original software disks and sometimes they include a "Recovery" disk and sometimes they includ neither and put all of the installation software that came with the computer on a special partition on the hard drive. With Recovery discs and software that is placed on a partition ont he hard drive the only thing it will do is completely wipe the computer and reinstall everything in the state it was whent he computer was purchased. We cannot use either of those types for what we need to do.

Let's try an online scanner and see what it can do. Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Also, delete your current copy of WinPFind35 and download the latest update and run a scan.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 hishaamsiddiqi

hishaamsiddiqi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 27 January 2008 - 08:27 PM

When I was running/downloading Winpfind35u, Avira Antivirus kept on saying it found the program as a trojan, so when I hit Access Deny, it wouldn't let me download it. So I hit Ignore, and it downloaded. Here is the Winpfind35u log:

WinPFind35 logfile created on: 2008-01-25 17:19:43
WinPFind35U Version Beta38	 Folder = C:\Documents and Settings\Siddiqi Family\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
509.98 Mb Total Physical Memory | 214.49 Mb Available Physical Memory | 42.06% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 56.05 Gb Free Space | 78.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SIDDIQI
Current User Name: Siddiqi Family
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 2004-06-13 23:00:00 | Attr =	]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2008-01-14 15:36:41 | Attr =	]
brss01a.exe -> %System32%\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 2001-12-12 23:01:00 | Attr =	]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007-08-28 13:16:22 | Attr =	]
brmfbags.exe -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 2004-09-10 14:32:48 | Attr =	]
ijrnfxoj.exe -> %System32%\ijrnfxoj.exe -> File not found
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> File not found
hotkeyb.exe -> %ProgramFiles%\Hot Keyboard\HotKeyb.exe -> File not found
hotkeyb .exe -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> File not found
acrotray .exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray .exe -> Adobe Systems Inc. [Ver = 7.0.1.2005092300 | Size = 483328 bytes | Modified Date = 2008-01-25 11:37:31 | Attr =	]
brmfrsmg.exe -> %System32%\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.357 | Size = 31744 bytes | Modified Date = 2005-04-08 12:17:28 | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 2008-01-26 13:34:08 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007-08-28 13:16:22 | Attr =	]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2008-01-14 15:36:41 | Attr =	]
(brmfbags) Brother BidiAgent Service for Resource manager [Win32_Own | Auto | Running] -> %System32%\BrmfBAgS.exe -> Brother Industries, Ltd. [Ver = 1.10.10.121 | Size = 53248 bytes | Modified Date = 2004-09-10 14:32:48 | Attr =	]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 2004-06-13 23:00:00 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(DomainService) DomainService [Win32_Own | Unknown | Running] ->  -> File not found
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 2007-03-07 14:47:46 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr =	]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 2003-12-17 11:59:48 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 11:51:56 | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 2004-08-03 21:07:44 | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 2001-08-17 11:52:00 | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 2001-08-17 11:51:58 | Attr =	]
(ASPI32) ASPI32 [Kernel | System | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 1999-09-10 12:06:00 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2007-02-27 15:25:10 | Attr =	]
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 2007-09-17 11:25:03 | Attr =	]
(avipbb) avipbb [Kernel | System | Running] -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2008-01-14 15:37:00 | Attr =	]
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %System32%\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2005-02-01 18:18:38 | Attr =	]
(brfilt) Brother MFC Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrFilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Modified Date = 2001-08-17 12:12:12 | Attr =	]
(brparimg) Brother Multi Function Parallel Image driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrParImg.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 3168 bytes | Modified Date = 2001-08-17 12:12:24 | Attr =	]
(BrParWdm) Brother WDM Parallel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrParwdm.sys -> Brother Industries Ltd. [Ver = 1.00 | Size = 39552 bytes | Modified Date = 2001-08-17 12:12:18 | Attr =	]
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 2004-10-15 11:50:20 | Attr =	]
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 2004-09-29 02:24:38 | Attr =	]
(BrSerWDM) Brother WDM Serial driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.23 built by: WinDDK | Size = 61440 bytes | Modified Date = 2004-11-23 16:39:36 | Attr =	]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Modified Date = 2001-08-17 12:12:20 | Attr =	]
(BrUsbScn) Brother MFC USB Scanner driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BrUsbScn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Modified Date = 2001-08-17 12:12:22 | Attr =	]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 2004-01-10 03:28:18 | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 2001-08-17 11:51:54 | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 2001-08-17 11:52:16 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 2006-10-05 15:07:28 | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2007-02-25 11:10:48 | Attr =   S]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2004-02-10 18:49:14 | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4299 | Size = 830684 bytes | Modified Date = 2005-04-05 17:46:28 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MR97310_USB_DUAL_CAMERA) MR97310 CIF Dual Mode Camera [Kernel | On_Demand | Stopped] -> system32\DRIVERS\mr97310c.sys -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 2001-08-17 11:52:12 | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 2004-08-03 20:29:56 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 11:52:20 | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 11:52:20 | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 11:52:18 | Attr =	]
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.01.0000 | Size = 245504 bytes | Modified Date = 2005-11-03 20:39:02 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 2004-08-04 03:00:00 | Attr =	]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %System32%\drivers\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 2004-09-17 12:02:54 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 2004-08-03 21:07:44 | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.7000 | Size = 260224 bytes | Modified Date = 2005-03-22 15:08:40 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 12:07:44 | Attr =	]
(ssmdrv) ssmdrv [Kernel | System | Running] -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 2007-03-01 10:34:36 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 12:07:34 | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 12:07:36 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 12:07:40 | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 12:07:42 | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-16 20:00:27 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 11:52:22 | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  -> File not found
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> File not found
Active Web Reader -> %ProgramFiles%\Deskshare\Active Web Reader\Active Web Reader.exe -> File not found
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found
HotKeysCmds -> %System32%\hkcmd.exe -> File not found
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> File not found
Persistence -> %System32%\igfxpers.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask   .exe -> File not found
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 ->  -> File not found
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> File not found
Hot Keyboard -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe -> File not found
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\WINDOWS\system32\sstqo.exe -> %System32%\sstqo.exe -> File not found
*MultiFile Done* -> -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ->  [Ver =  | Size = 25214 bytes | Modified Date = 2008-01-24 15:56:01 | Attr = R  ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 2003-09-18 10:08:22 | Attr =	]
< Siddiqi Family Startup Folder > -> C:\Documents and Settings\Siddiqi Family\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4299 | Size = 131072 bytes | Modified Date = 2005-04-05 17:18:22 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (222979 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.dell.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4160 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 2005-09-23 21:12:08 | Attr =	]
{455B9C7D-2F31-430F-9BCA-F8EF0C28DF5C} [HKEY_LOCAL_MACHINE] -> %System32%\sstqo.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 341504 bytes | Modified Date = 2008-01-23 17:30:19 | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
{b7691489-a026-43f6-814b-e0c4ae7a1afa} [HKEY_LOCAL_MACHINE] -> %System32%\bihpgctn.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.2 | Size = 90112 bytes | Modified Date = 2006-01-25 17:36:16 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 231160 bytes | Modified Date = 2005-09-23 21:41:42 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6F079AF0-6711-4DB3-978E-8C1CC54A81AA} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{B18E51AD-BFB9-4E12-A6AB-5EC2DF843A9E} ->	() -> 
{FD96E707-EC7E-4519-956A-9884CA9F4DCC} ->	(Westell WireSpeed Dual Connect Modem) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{A7ECD556-D6F6-4F41-8C6B-14AB246801A0}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalcity.com/video/kdx.cab[Secure Delivery] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2008-01-22 19:27:29 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-22 20:58:46 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 534827008 bytes | Created Date = 2008-01-23 16:13:25 | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-01-22 20:59:07 | Attr =	]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.02 | Size = 40768 bytes | Created Date = 2008-03-08 15:44:24 | Attr =	]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.01 | Size = 21312 bytes | Created Date = 2008-03-08 15:44:24 | Attr =	]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Created Date = 2008-03-08 15:44:22 | Attr =	]
ssmdrv.sys -> %System32%\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 2008-03-08 15:44:24 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 2008-01-16 20:01:45 | Attr =	]
Dell -> %System32%\Dell ->  [Folder | Created Date = 2008-03-07 20:54:40 | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ijrnfxoj.exe.bak -> %System32%\ijrnfxoj.exe.bak ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 2008-01-23 05:33:40 | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2008-03-08 15:00:00 | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 2008-03-08 15:00:00 | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 2008-03-08 15:00:00 | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 2008-03-08 15:00:00 | Attr =	]
NYKJJEJV.0XE -> %System32%\NYKJJEJV.0XE ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 2008-01-25 00:25:42 | Attr =	]
oqtss.ini -> %System32%\oqtss.ini ->  [Ver =  | Size = 391125 bytes | Created Date = 2008-01-23 17:30:42 | Attr =  HS]
oqtss.ini2 -> %System32%\oqtss.ini2 ->  [Ver =  | Size = 391125 bytes | Created Date = 2008-01-23 17:30:43 | Attr =  HS]
SSTQO.0XE -> %System32%\SSTQO.0XE ->  [Ver =  | Size = 345088 bytes | Created Date = 2008-01-23 08:41:35 | Attr =	]
sstqo.dll -> %System32%\sstqo.dll ->  [Ver =  | Size = 341504 bytes | Created Date = 2008-01-23 17:30:18 | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2008-01-22 20:58:59 | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-01-22 20:58:59 | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-01-22 20:58:59 | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-01-22 20:58:59 | Attr =	]
ybtuvfqr.dll -> %System32%\ybtuvfqr.dll ->  [Ver =  | Size = 89152 bytes | Created Date = 2008-01-25 11:37:56 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-01-22 20:59:33 | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 2008-01-25 11:57:07 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-01-22 20:58:59 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2008-01-23 15:17:49 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2008-01-23 15:17:49 | Attr =  H ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 198 bytes | Created Date = 2008-01-19 11:20:05 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
addr_file.html -> %AllUsersAppData%\addr_file.html ->  [Ver =  | Size = 305 bytes | Created Date = 2008-01-14 15:36:41 | Attr =	]
Avira -> %AllUsersAppData%\Avira ->  [Folder | Created Date = 2008-03-08 15:44:21 | Attr =	]
Google -> %AllUsersAppData%\Google ->  [Folder | Created Date = 2008-01-14 14:14:14 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2008-01-16 17:44:09 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-01-18 19:04:05 | Attr =	]
View22 -> %AllUsersAppData%\View22 ->  [Folder | Created Date = 2008-01-04 12:18:07 | Attr =	]
Howard Zinn.doc -> %UserDocuments%\Howard Zinn.doc ->  [Ver =  | Size = 22016 bytes | Created Date = 2008-01-17 11:05:55 | Attr =	]
MGA's personal report.xls -> %UserDocuments%\MGA's personal report.xls ->  [Ver =  | Size = 20480 bytes | Created Date = 2008-01-02 22:46:59 | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 20907376 bytes | Created Date = 2008-01-16 17:40:20 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
avenger -> %UserDesktop%\avenger ->  [Folder | Created Date = 2008-01-22 19:19:53 | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Created Date = 2008-01-22 19:19:43 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1567228 bytes | Created Date = 2008-01-23 16:37:24 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
F-Secure Online Scanner 3_1_5 - Scanning Report - Friday, January 25, 2008 171029.htm -> %UserDesktop%\F-Secure Online Scanner 3_1_5 - Scanning Report - Friday, January 25, 2008 171029.htm ->  [Ver =  | Size = 5854 bytes | Created Date = 2008-01-25 17:12:28 | Attr =	]
For Indian newspaper.doc -> %UserDesktop%\For Indian newspaper.doc ->  [Ver =  | Size = 213504 bytes | Created Date = 2008-01-20 22:13:18 | Attr =	]
for urdu news.doc -> %UserDesktop%\for urdu news.doc ->  [Ver =  | Size = 213504 bytes | Created Date = 2008-01-20 22:13:11 | Attr =	]
Ghuraba.mp3 -> %UserDesktop%\Ghuraba.mp3 ->  [Ver =  | Size = 971580 bytes | Created Date = 2008-01-18 15:31:48 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Ghuraba.mp3:Zone.Identifier
Maheen Siddiqi Letter.doc -> %UserDesktop%\Maheen Siddiqi Letter.doc ->  [Ver =  | Size = 22528 bytes | Created Date = 2008-01-23 09:50:24 | Attr =	]
new p.s..doc -> %UserDesktop%\new p.s..doc ->  [Ver =  | Size = 21504 bytes | Created Date = 2008-01-16 14:05:51 | Attr =	]
sanakhoodu.mp3 -> %UserDesktop%\sanakhoodu.mp3 ->  [Ver =  | Size = 1089225 bytes | Created Date = 2008-01-18 15:31:12 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sanakhoodu.mp3:Zone.Identifier
service rates.doc -> %UserDesktop%\service rates.doc ->  [Ver =  | Size = 19456 bytes | Created Date = 2008-01-23 08:42:47 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 2008-01-18 19:04:10 | Attr =	]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd.										[Ver = 1.5.1.15			 | Size = 7467056 bytes | Created Date = 2008-01-18 17:43:56 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
UM planning 2008-09.doc -> %UserDesktop%\UM planning 2008-09.doc ->  [Ver =  | Size = 81920 bytes | Created Date = 2008-01-18 07:00:29 | Attr =	]
Virus Removal -> %UserDesktop%\Virus Removal ->  [Folder | Created Date = 2008-03-08 13:31:43 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-01-25 17:18:43 | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 2008-03-08 14:59:26 | Attr =	]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2008-01-22 19:27:29 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-23 17:30:03 | Attr =	]
dell -> %SystemDrive%\dell ->  [Folder | Modified Date = 2008-01-24 17:54:43 | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-01-23 15:33:09 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 534827008 bytes | Modified Date = 2008-01-25 11:36:53 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-22 21:03:26 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-23 16:39:11 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-25 11:57:07 | Attr =	]
avipbb.sys -> %System32%\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2008-01-14 15:37:00 | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2008-01-20 18:54:56 | Attr =	]
hosts -> %System32%\drivers\etc\hosts ->  [Ver =  | Size = 222979 bytes | Modified Date = 2008-01-20 18:54:56 | Attr = R  ]
hosts.20080120-185456.backup -> %System32%\drivers\etc\hosts.20080120-185456.backup ->  [Ver =  | Size = 734 bytes | Modified Date = 2008-03-07 20:47:50 | Attr =	]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008-01-16 20:00:27 | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-25 11:37:47 | Attr =	]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Dell -> %System32%\Dell ->  [Folder | Modified Date = 2008-03-07 20:54:40 | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2008-01-02 13:30:17 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2008-01-23 16:39:30 | Attr =	]
ijrnfxoj.exe.bak -> %System32%\ijrnfxoj.exe.bak ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2008-01-23 05:33:42 | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 2008-01-05 21:36:58 | Attr =	]
NYKJJEJV.0XE -> %System32%\NYKJJEJV.0XE ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2008-01-25 00:25:44 | Attr =	]
oqtss.ini -> %System32%\oqtss.ini ->  [Ver =  | Size = 391125 bytes | Modified Date = 2008-01-25 17:20:09 | Attr =  HS]
oqtss.ini2 -> %System32%\oqtss.ini2 ->  [Ver =  | Size = 391125 bytes | Modified Date = 2008-01-25 17:17:45 | Attr =  HS]
SSTQO.0XE -> %System32%\SSTQO.0XE ->  [Ver =  | Size = 345088 bytes | Modified Date = 2008-01-25 16:32:26 | Attr =	]
sstqo.dll -> %System32%\sstqo.dll ->  [Ver =  | Size = 341504 bytes | Modified Date = 2008-01-23 17:30:19 | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2008-01-25 11:38:19 | Attr =	]
ybtuvfqr.dll -> %System32%\ybtuvfqr.dll ->  [Ver =  | Size = 89152 bytes | Modified Date = 2008-01-25 11:37:56 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-01-25 11:36:54 | Attr =   S]
BRMFBIDI.INI -> %SystemRoot%\BRMFBIDI.INI ->  [Ver =  | Size = 1796 bytes | Modified Date = 2008-01-25 11:37:41 | Attr =	]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI ->  [Ver =  | Size = 467 bytes | Modified Date = 2008-01-24 18:04:27 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-01-25 17:12:56 | Attr =   S]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-22 21:03:34 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-01-14 15:33:40 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-25 17:18:56 | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 2008-01-25 11:57:07 | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 4016 bytes | Modified Date = 2008-01-04 12:17:50 | Attr =	]
Power Video Converter.INI -> %SystemRoot%\Power Video Converter.INI ->  [Ver =  | Size = 67 bytes | Modified Date = 2008-01-15 20:25:57 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-01-25 17:18:48 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-01-23 15:17:49 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-01-23 15:17:49 | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2008-01-21 10:08:38 | Attr =	]
screengenie.xml -> %SystemRoot%\screengenie.xml ->  [Ver =  | Size = 286 bytes | Modified Date = 2008-01-06 16:48:13 | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 2008-01-25 17:07:45 | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-01-25 17:20:12 | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 2008-01-14 15:33:38 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 198 bytes | Modified Date = 2008-01-19 16:45:14 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-25 11:37:13 | Attr =  H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
addr_file.html -> %AllUsersAppData%\addr_file.html ->  [Ver =  | Size = 305 bytes | Modified Date = 2008-01-14 15:36:41 | Attr =	]
Avira -> %AllUsersAppData%\Avira ->  [Folder | Modified Date = 2008-03-08 15:44:21 | Attr =	]
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 2008-01-14 15:36:23 | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2008-01-16 19:58:08 | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-01-18 22:47:10 | Attr =	]
View22 -> %AllUsersAppData%\View22 ->  [Folder | Modified Date = 2008-01-04 12:18:07 | Attr =	]
Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 2008-03-08 17:50:08 | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-04 17:16:09 | Attr =	]
Move Networks -> %UserAppData%\Move Networks ->  [Folder | Modified Date = 2008-01-19 12:55:02 | Attr =	]
Paltalk -> %UserAppData%\Paltalk ->  [Folder | Modified Date = 2008-03-08 17:08:28 | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 2008-01-20 23:04:51 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 155648 bytes | Modified Date = 2008-01-21 11:05:56 | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 2008-01-14 14:14:34 | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 4847032 bytes | Modified Date = 2008-01-19 12:13:59 | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-19 18:14:19 | Attr =	]
Howard Zinn.doc -> %UserDocuments%\Howard Zinn.doc ->  [Ver =  | Size = 22016 bytes | Modified Date = 2008-01-17 11:05:55 | Attr =	]
iRiver U10 -> %UserDocuments%\iRiver U10 ->  [Folder | Modified Date = 2008-01-24 13:08:03 | Attr = R  ]
MGA's personal report.xls -> %UserDocuments%\MGA's personal report.xls ->  [Ver =  | Size = 20480 bytes | Modified Date = 2008-01-02 22:46:59 | Attr =	]
My PSP8 Files -> %UserDocuments%\My PSP8 Files ->  [Folder | Modified Date = 2008-01-24 18:04:26 | Attr =	]
Samil's Parrots -> %UserDocuments%\Samil's Parrots ->  [Folder | Modified Date = 2008-01-13 16:16:14 | Attr =	]
Sansa Media Converter -> %UserDocuments%\Sansa Media Converter ->  [Folder | Modified Date = 2008-01-22 20:52:52 | Attr =	]
Thumbs.db -> %UserDocuments%\Thumbs.db ->  [Ver =  | Size = 49152 bytes | Modified Date = 2008-01-02 13:35:07 | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 20907376 bytes | Modified Date = 2008-01-16 17:40:38 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aaw2007.exe:Zone.Identifier
Ami Flyers -> %UserDesktop%\Ami Flyers ->  [Folder | Modified Date = 2008-01-24 09:42:41 | Attr =	]
Asif's Folders -> %UserDesktop%\Asif's Folders ->  [Folder | Modified Date = 2008-01-24 18:17:34 | Attr =	]
avenger -> %UserDesktop%\avenger ->  [Folder | Modified Date = 2008-01-22 19:19:53 | Attr =	]
avenger.zip -> %UserDesktop%\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2008-01-22 19:19:44 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avenger.zip:Zone.Identifier
Azzaam -> %UserDesktop%\Azzaam ->  [Folder | Modified Date = 2008-01-03 13:14:55 | Attr = R  ]
Azzaam's homework -> %UserDesktop%\Azzaam's homework ->  [Folder | Modified Date = 2008-01-06 18:40:58 | Attr = R  ]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1567228 bytes | Modified Date = 2008-01-23 16:37:24 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier
F-Secure Online Scanner 3_1_5 - Scanning Report - Friday, January 25, 2008 171029.htm -> %UserDesktop%\F-Secure Online Scanner 3_1_5 - Scanning Report - Friday, January 25, 2008 171029.htm ->  [Ver =  | Size = 5854 bytes | Modified Date = 2008-01-25 17:12:28 | Attr =	]
For Indian newspaper.doc -> %UserDesktop%\For Indian newspaper.doc ->  [Ver =  | Size = 213504 bytes | Modified Date = 2008-01-20 22:02:14 | Attr =	]
for urdu news.doc -> %UserDesktop%\for urdu news.doc ->  [Ver =  | Size = 213504 bytes | Modified Date = 2008-01-20 22:04:38 | Attr =	]
Ghuraba.mp3 -> %UserDesktop%\Ghuraba.mp3 ->  [Ver =  | Size = 971580 bytes | Modified Date = 2008-01-19 14:11:41 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Ghuraba.mp3:Zone.Identifier
Maheen Siddiqi Letter.doc -> %UserDesktop%\Maheen Siddiqi Letter.doc ->  [Ver =  | Size = 22528 bytes | Modified Date = 2008-01-23 09:50:24 | Attr =	]
Maheens Stuff -> %UserDesktop%\Maheens Stuff ->  [Folder | Modified Date = 2008-01-23 10:24:34 | Attr =	]
new p.s..doc -> %UserDesktop%\new p.s..doc ->  [Ver =  | Size = 21504 bytes | Modified Date = 2008-01-16 14:05:52 | Attr =	]
sanakhoodu.mp3 -> %UserDesktop%\sanakhoodu.mp3 ->  [Ver =  | Size = 1089225 bytes | Modified Date = 2008-01-18 15:31:25 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\sanakhoodu.mp3:Zone.Identifier
service rates.doc -> %UserDesktop%\service rates.doc ->  [Ver =  | Size = 19456 bytes | Modified Date = 2008-01-23 08:42:47 | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 2008-01-18 19:04:10 | Attr =	]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd.										[Ver = 1.5.1.15			 | Size = 7467056 bytes | Modified Date = 2008-01-18 17:43:58 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd15.exe:Zone.Identifier
UM planning 2008-09.doc -> %UserDesktop%\UM planning 2008-09.doc ->  [Ver =  | Size = 81920 bytes | Modified Date = 2008-01-18 07:00:30 | Attr =	]
Virus Removal -> %UserDesktop%\Virus Removal ->  [Folder | Modified Date = 2008-01-21 10:04:09 | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-01-25 17:18:43 | Attr =	]
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk ->  [Ver =  | Size = 2335 bytes | Modified Date = 2008-01-25 11:37:32 | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 2008-03-08 14:59:26 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-01-22 21:09:40 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4096 bytes | Modified Date = 2008-01-22 21:09:40 | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2006-09-12 19:09:54 | Attr =	]

< End of report >


And as for the online scan, it's in HTML format so I attatched it and pasted here:

Scanning Report
Friday, January 25, 2008 12:01:41 - 17:10:27
Computer name: SIDDIQI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 68 malware found
Backdoor.Win32.Agent.dbm (virus)
C:\DOCUMENTS AND SETTINGS\SIDDIQI FAMILY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\R7K37W6V\GAMADRIL20071203[1] (Renamed & Submitted)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Agent.gwe (virus)
C:\WINDOWS\SYSTEM32\IJRNFXOJ.EXE
C:\WINDOWS\SYSTEM32\NYKJJEJV.EXE (Renamed & Submitted)
Trojan-Dropper.Win32.Agent.dgo (virus)
C:\WINDOWS\SYSTEM32\SSTQO.EXE (Renamed & Submitted)
C:\PROGRAM FILES\HOT KEYBOARD\HOTKEYB.EXE (Renamed & Submitted)
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\DISTILLR\ACROTRAY.EXE (Renamed & Submitted)
Win32.Trojan.Agent (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 37609
System: 4128
Not scanned: 4
Actions:
Disinfected: 3
Renamed: 5
Deleted: 0
None: 60
Submitted: 5
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\YBTUVFQR.DLL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2008-01-27
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2008-01-14
F-Secure Libra: 2.4.2, 2008-01-27
F-Secure Orion: 1.2.37, 2008-01-27
F-Secure Pegasus: 1.19.0, 2008-00-21
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:24 AM

Posted 27 January 2008 - 10:44 PM

Hi hishaamsiddiqi. Without being able to run ComboFix about all we can try is running Avenger again. We will need to remove all of the applications that run when the machine starts up because that is where the infection is coming from. They have all been compromozed. Redownload fresh copies of each of these programs and then follow the steps below in order.

Step #1

Download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Step #2

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\ijrnfxoj.exe
c:\windows\system32\sstqo.exe
c:\windows\system32\ijrnfxoj.exe.bak
c:\windows\system32\NYKJJEJV.0XE
c:\windows\system32\oqtss.ini
c:\windows\system32\oqtss.ini2
c:\windows\system32\sstqo.dll
c:\windows\system32\ybtuvfqr.dll
c:\windows\system32\SSTQO.0XE
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step #3

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #4
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step #5

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> ijrnfxoj.exe -> %System32%\ijrnfxoj.exe
YY -> acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
YY -> hotkeyb.exe -> %ProgramFiles%\Hot Keyboard\HotKeyb.exe
YY -> hotkeyb .exe -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Unknown | Running] -> 
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
YY -> Active Web Reader -> %ProgramFiles%\Deskshare\Active Web Reader\Active Web Reader.exe
YY -> avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe
YY -> HotKeysCmds -> %System32%\hkcmd.exe
YY -> MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe
YY -> Persistence -> %System32%\igfxpers.exe
YY -> QuickTime Task -> %ProgramFiles%\QuickTime\qttask   .exe
YY -> SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe
YY -> TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Aim6 -> 
YY -> DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe
YY -> Hot Keyboard -> %ProgramFiles%\Hot Keyboard\HotKeyb .exe
< Windows NT\\Load [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\sstqo.exe -> %System32%\sstqo.exe
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {455B9C7D-2F31-430F-9BCA-F8EF0C28DF5C} [HKEY_LOCAL_MACHINE] -> %System32%\sstqo.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {b7691489-a026-43f6-814b-e0c4ae7a1afa} [HKEY_LOCAL_MACHINE] -> %System32%\bihpgctn.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar]
[Files/Folders - Created Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> ijrnfxoj.exe.bak -> %System32%\ijrnfxoj.exe.bak
NY -> NYKJJEJV.0XE -> %System32%\NYKJJEJV.0XE
NY -> oqtss.ini -> %System32%\oqtss.ini
NY -> oqtss.ini2 -> %System32%\oqtss.ini2
NY -> SSTQO.0XE -> %System32%\SSTQO.0XE
NY -> sstqo.dll -> %System32%\sstqo.dll
NY -> ybtuvfqr.dll -> %System32%\ybtuvfqr.dll
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> NYKJJEJV.0XE -> %System32%\NYKJJEJV.0XE
NY -> oqtss.ini -> %System32%\oqtss.ini
NY -> oqtss.ini2 -> %System32%\oqtss.ini2
NY -> SSTQO.0XE -> %System32%\SSTQO.0XE
NY -> sstqo.dll -> %System32%\sstqo.dll
NY -> ybtuvfqr.dll -> %System32%\ybtuvfqr.dll
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #6

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #7

Post the following back here:The Avenger report (c:\Avenger.txt)
The VundoFix log
The latest WinPFind35u fix log (in the WinPFind35u folder)
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users