Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Here Is Log


  • Please log in to reply
22 replies to this topic

#1 mike4

mike4

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 11 February 2008 - 09:10 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:47 PM, on 2/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\program files\steam\steam.exe
C:\WINDOWS\??sks\?ti2evxx.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\User\APPLIC~1\WNSXS~1\csrss.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spgv] C:\WINDOWS\??sks\?ti2evxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Abus] "C:\DOCUME~1\User\APPLIC~1\WNSXS~1\csrss.exe" -vt ndrv
O4 - S-1-5-18 Startup: PowerReg SchedulerV2.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197678258968
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5171 bytes

There is log please help btw cant play games/computer glitches

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 11 February 2008 - 10:44 PM

Hi and welcome,

Is this your log as well?:

http://www.bleepingcomputer.com/forums/t/130537/log-hijack/

let me know please if it is the same computer so I can close that thread and we work on this one.

---------------------

Open Hijackthis
Click "config"
Click "misc tools"
Click "open uninstall manager"
click "save list..."
Save the list and post it here.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 12 February 2008 - 11:32 PM

uh ok.

#4 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 12 February 2008 - 11:37 PM

Here is that List. replay ASAP thanks.

Adobe Flash Player ActiveX
AirPlus G
ANIO Service
ANIWZCS2 Service
AppCore
AV
ccCommon
EPSON Printer Software
GearDrvs
Geek Squad 24 Hour Computer Support
HijackThis 2.0.2
Intel Application Accelerator
Intel® Extreme Graphics Driver Software
Intel® PRO Network Adapters and Drivers
Internet Speed Monitor
LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Panda ActiveScan
Realtek AC'97 Audio
RF Online Episode 2
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
Source SDK Base 2007
SPBBC 32bit
Steam
SuppSoft
Symantec Technical Support Controls
SymNet
System Requirements Lab
Team Fortress 2
Team Fortress 2 Dedicated Server
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB890859

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 13 February 2008 - 03:10 AM

Hi,

Create WinPFind35u Log -

Before running the scan let's clean out the temporoary folders.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      file - Purity Scan
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#6 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 13 February 2008 - 05:43 PM

Here thanks...

WinPFind35 logfile created on: 2/13/2008 2:40:13 PM
WinPFind35U Version Beta51	 Folder = C:\Documents and Settings\User\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
509.80 Mb Total Physical Memory | 251.53 Mb Available Physical Memory | 49.34% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 54.21 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-EFOFZO44RA
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.00 | Size = 54784 bytes | Modified Date = 4/24/2003 4:53:54 PM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 9:59:52 PM | Attr =	]
airgcfg.exe -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 2, 1, 40628 | Size = 1249280 bytes | Modified Date = 7/9/2004 3:07:20 PM | Attr =	]
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 4, 40414 | Size = 45056 bytes | Modified Date = 4/14/2004 11:54:38 AM | Attr =	]
аti2evxx.exe -> %SystemRoot%\Τаsks\аti2evxx.exe ->  [Ver =  | Size = 230400 bytes | Modified Date = 1/28/2008 8:29:44 AM | Attr = RHS]
comhost.exe -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 7:40:58 PM | Attr =	]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr =	]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 12/14/2007 4:49:17 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr =	]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 9:59:32 PM | Attr =	]
(comHost) COM Host [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 7:40:58 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr =	]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1088 | Size = 1174664 bytes | Modified Date = 12/14/2007 4:49:17 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5190 | Size = 730092 bytes | Modified Date = 4/24/2003 11:48:02 PM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> Alpha Networks Inc. [Ver = 2.0.0.30505 | Size = 28205 bytes | Modified Date = 5/5/2003 6:25:48 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dc0B5B) dc0B5B [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\dc0B5B.sys ->  [Ver =  | Size = 54624 bytes | Modified Date = 2/11/2008 5:53:46 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 12:56:26 PM | Attr = R  ]
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/22/2008 4:46:48 PM | Attr =	]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 1/22/2008 4:46:48 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 12:44:04 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.01.3317 | Size = 80283 bytes | Modified Date = 10/25/2002 9:02:20 AM | Attr =	]
(IdeBusDr) IdeBusDr [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\IdeBusDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 13891 bytes | Modified Date = 10/15/2002 | Attr =	]
(IdeChnDr) Intel(R) Ultra ATA Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\IdeChnDr.sys -> Intel Corporation [Ver = 2.3.0.2160, 10/01/2002 | Size = 101431 bytes | Modified Date = 10/15/2002 | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080129.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 1/21/2008 1:00:00 AM | Attr =	]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080129.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 1/21/2008 1:00:00 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(rt2500usb) DWL-G122(rev.B) USB Wireless LAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt2500usb.sys -> Ralink Technology Inc. [Ver = 1.00.00.0000 | Size = 79616 bytes | Modified Date = 5/7/2004 1:47:10 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SMBios) Intel (R) System Management BIOS Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SMBios.sys -> Intel Corporation [Ver = 1.0.0.14 | Size = 36484 bytes | Modified Date = 10/14/2003 12:10:00 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.3.1.3 | Size = 418104 bytes | Modified Date = 4/14/2007 2:49:32 AM | Attr =	]
(SRTSP) SRTSP [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr =	]
(SRTSPL) SRTSPL [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr =	]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 12984 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/14/2007 9:00:29 PM | Attr =	]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 145976 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 40120 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080212.002\symidsco.sys -> Symantec Corporation [Ver = 8.1.1.2 | Size = 158064 bytes | Modified Date = 12/4/2007 6:05:48 PM | Attr =	]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 35256 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 27576 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 191544 bytes | Modified Date = 1/9/2007 2:32:13 PM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(XDva068) XDva068 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\XDva068.sys -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3317 | Size = 91774 bytes | Modified Date = 10/25/2002 9:03:22 AM | Attr =	]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3317 | Size = 71514 bytes | Modified Date = 10/25/2002 9:03:30 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> Alpha Networks Inc. [Ver = 1, 0, 4, 40414 | Size = 45056 bytes | Modified Date = 4/14/2004 11:54:38 AM | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 9:59:52 PM | Attr =	]
D-Link AirPlus G -> %ProgramFiles%\D-Link\AirPlus G\AirGCFG.exe -> D-Link [Ver = 3, 2, 1, 40628 | Size = 1249280 bytes | Modified Date = 7/9/2004 3:07:20 PM | Attr =	]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,1918 | Size = 114688 bytes | Modified Date = 10/15/2002 11:05:58 PM | Attr =	]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,1918 | Size = 155648 bytes | Modified Date = 10/15/2002 11:18:02 PM | Attr =	]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.00 | Size = 54784 bytes | Modified Date = 4/24/2003 4:53:54 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Spgv -> %SystemRoot%\Τаsks\аti2evxx.exe ->  [Ver =  | Size = 230400 bytes | Modified Date = 1/28/2008 8:29:44 AM | Attr = RHS]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 1/25/2008 3:09:44 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_SRCV03.EXE -> SEIKO EPSON CORPORATION [Ver = 2.04 | Size = 121856 bytes | Modified Date = 9/17/2000 6:04:00 PM | Attr =	]
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> 
 -> %UserProfile%\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ->  [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 1/14/2008 7:27:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent ->  -> File not found
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,1918 | Size = 315392 bytes | Modified Date = 10/15/2002 11:05:10 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LegalNoticeText ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LegalNoticeCaption ->  -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value  does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 97960 bytes | Modified Date = 2/18/2007 7:22:56 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] ->  [Ver =  | Size = 842268 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.7.4 | Size = 609424 bytes | Modified Date = 2/18/2007 7:23:06 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{c95fe080-8f5d-11d2-a20b-00aa003c157a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@shdoclc.dll,-866] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] ->  [@shdoclc.dll,-866] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0C621BC7-DBFC-456C-B454-663524AFAF6B} ->	(D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.B)) -> 
{1974FB6B-B0D8-44B9-9CD8-33BC29D08FCE} ->	(D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.B)) -> 
{559B3770-64A0-4D55-8219-AB97760FF5C7} ->	(D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.B)) -> 
{969CBA87-9FF5-4A30-9B97-410BC050317B} ->	(D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.B)) -> 
{DCC022C3-E86A-4BA2-A6DE-011C56EFA9BA} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 842268 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197678258968[WUWebControl Class] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] -> 
{88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> file://C:\TempEI4\EI40_\msxml4.cab[XML DOM Document 4.0] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 272896 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 136704 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46592 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 880 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 174592 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 112128 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;NLA;RasMan;ALG; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 435200 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 11/1/2002 4:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
AD-ware.exe -> %SystemDrive%\AD-ware.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/9/2008 12:05:26 PM | Attr =	]
EPSONREG -> %SystemDrive%\EPSONREG ->  [Folder | Created Date = 1/14/2008 7:27:31 PM | Attr =	]
Geek Squad 24 Hour Computer Support.msi -> %SystemDrive%\Geek Squad 24 Hour Computer Support.msi ->  [Ver =  | Size = 1359360 bytes | Modified Date = 2/8/2008 6:56:39 PM | Attr =	]
HJTInstall.exe -> %SystemDrive%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/10/2008 6:20:32 PM | Attr =	]
McafeeRootkitDetective.zip -> %SystemDrive%\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1721043 bytes | Modified Date = 2/11/2008 5:41:15 PM | Attr =	]
N360_BACKUP -> %SystemDrive%\N360_BACKUP ->  [Folder | Created Date = 2/5/2008 6:22:59 PM | Attr =	]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/11/2008 5:40:24 PM | Attr =	]
WinPFind35u.exe -> %SystemDrive%\WinPFind35u.exe ->  [Ver =  | Size = 480325 bytes | Modified Date = 2/13/2008 2:37:42 PM | Attr =	]
zaSetup_en.exe -> %SystemDrive%\zaSetup_en.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Modified Date = 2/11/2008 5:46:38 PM | Attr =	]
RkPavProc.sys -> %SystemRoot%\System32\drivers\RkPavProc.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr =	]
185B52.mht -> %SystemRoot%\System32\185B52.mht ->  [Ver =  | Size = 2335270 bytes | Modified Date = 2/11/2008 5:53:42 PM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 2/11/2008 4:20:03 PM | Attr =	]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 2/5/2008 4:36:38 PM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 2/9/2008 10:02:18 AM | Attr =	]
dc0B5B.sys -> %SystemRoot%\System32\dc0B5B.sys ->  [Ver =  | Size = 54624 bytes | Modified Date = 2/11/2008 5:53:46 PM | Attr =	]
EBAPI.dll -> %SystemRoot%\System32\EBAPI.dll -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 203776 bytes | Modified Date = 7/19/1999 10:27:42 AM | Attr =	]
EBPMON2.DLL -> %SystemRoot%\System32\EBPMON2.DLL -> SEIKO EPSON CORPORATION [Ver = 2, 12, 0, 0 | Size = 60532 bytes | Modified Date = 8/31/2000 2:12:00 AM | Attr =	]
ebpthp.dll -> %SystemRoot%\System32\ebpthp.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 100864 bytes | Modified Date = 7/16/1999 1:01:00 AM | Attr =	]
EBUtil.dll -> %SystemRoot%\System32\EBUtil.dll -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 108032 bytes | Modified Date = 4/3/1998 5:15:44 PM | Attr =	]
EPIIFE5B.EIF -> %SystemRoot%\System32\EPIIFE5B.EIF ->  [Ver =  | Size = 3785 bytes | Modified Date = 10/26/2000 10:02:00 PM | Attr = R  ]
E_SCHK03.EXE -> %SystemRoot%\System32\E_SCHK03.EXE -> SEIKO EPSON CORPORATION [Ver = 1.00 | Size = 131072 bytes | Modified Date = 4/12/1999 5:00:00 PM | Attr = R  ]
E_SPSU01.EXE -> %SystemRoot%\System32\E_SPSU01.EXE -> SEIKO EPSON Corporation [Ver = 2.01.00 | Size = 45056 bytes | Modified Date = 5/22/2000 6:01:00 PM | Attr = R  ]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/11/2008 4:20:12 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/11/2008 4:20:11 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/11/2008 4:20:12 PM | Attr =	]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 2/8/2008 5:51:19 PM | Attr =  HS]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Epson880.ini -> %SystemRoot%\Epson880.ini ->  [Ver =  | Size = 18 bytes | Modified Date = 1/14/2008 7:20:53 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/11/2008 5:54:23 PM | Attr =	]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 192 bytes | Modified Date = 1/14/2008 7:27:48 PM | Attr =	]
runepson.exe -> %SystemRoot%\runepson.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/14/2008 7:20:53 PM | Attr =	]
War3Unin.dat -> %SystemRoot%\War3Unin.dat ->  [Ver =  | Size = 17917 bytes | Modified Date = 2/5/2008 4:48:03 PM | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 10 bytes | Modified Date = 1/28/2008 6:29:27 PM | Attr =	]
??sks -> %SystemRoot%\Τаsks ->  [Folder | Modified Date = 2/10/2008 9:15:31 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Earthsim -> %AllUsersProfile%\Application Data\Earthsim ->  [Folder | Created Date = 1/28/2008 6:40:48 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/9/2008 12:37:46 PM | Attr =	]
Earthsim -> %AppData%\Earthsim ->  [Folder | Created Date = 1/28/2008 6:44:01 PM | Attr =	]
Geek Squad 24 Hour Computer Support -> %AppData%\Geek Squad 24 Hour Computer Support ->  [Folder | Created Date = 2/8/2008 6:58:20 PM | Attr = RH ]
W?nSxS -> %AppData%\WіnSxS ->  [Folder | Modified Date = 2/12/2008 5:46:29 PM | Attr =	]
Steam -> %UserProfile%\Local Settings\Application Data\Steam ->  [Folder | Created Date = 1/25/2008 3:10:31 PM | Attr =	]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Created Date = 2/5/2008 5:54:20 PM | Attr = R  ]
Symantec -> %AllUsersProfile%\Documents\Symantec ->  [Folder | Created Date = 2/5/2008 5:54:19 PM | Attr =	]
healty.doc -> %UserProfile%\My Documents\healty.doc ->  [Ver =  | Size = 50176 bytes | Modified Date = 2/10/2008 5:11:19 PM | Attr =	]
hi.jpg -> %UserProfile%\My Documents\hi.jpg ->  [Ver =  | Size = 2842 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
images.jpg -> %UserProfile%\My Documents\images.jpg ->  [Ver =  | Size = 2842 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
picture.jpg -> %UserProfile%\My Documents\picture.jpg ->  [Ver =  | Size = 1099 bytes | Modified Date = 1/25/2008 3:28:38 PM | Attr =	]
Save list -> %UserProfile%\My Documents\Save list ->  [Ver =  | Size = 1154 bytes | Modified Date = 2/12/2008 8:36:07 PM | Attr =	]
soldier.jpg -> %UserProfile%\My Documents\soldier.jpg ->  [Ver =  | Size = 2043 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
Unhealthy.doc -> %UserProfile%\My Documents\Unhealthy.doc ->  [Ver =  | Size = 48640 bytes | Modified Date = 2/10/2008 3:46:59 PM | Attr =	]
Values.doc -> %UserProfile%\My Documents\Values.doc ->  [Ver =  | Size = 20992 bytes | Modified Date = 1/14/2008 8:15:27 PM | Attr =	]
Geek Squad 24hr Support.lnk -> %AllUsersProfile%\Desktop\Geek Squad 24hr Support.lnk ->  [Ver =  | Size = 1831 bytes | Modified Date = 2/8/2008 6:57:12 PM | Attr =	]
Steam.lnk -> %AllUsersProfile%\Desktop\Steam.lnk ->  [Ver =  | Size = 2193 bytes | Modified Date = 2/11/2008 7:45:44 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/10/2008 6:20:43 PM | Attr =	]
Source SDK Base 2007.lnk -> %UserProfile%\Desktop\Source SDK Base 2007.lnk ->  [Ver =  | Size = 668 bytes | Modified Date = 1/25/2008 10:36:13 PM | Attr =	]
Team Fortress 2 Dedicated Server.lnk -> %UserProfile%\Desktop\Team Fortress 2 Dedicated Server.lnk ->  [Ver =  | Size = 668 bytes | Modified Date = 1/25/2008 9:24:49 PM | Attr =	]
Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk ->  [Ver =  | Size = 1566 bytes | Modified Date = 1/25/2008 10:36:13 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/13/2008 2:37:55 PM | Attr =	]
EPSON Status Monitor 3 Environment Check.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk ->  [Ver =  | Size = 893 bytes | Modified Date = 1/14/2008 7:27:02 PM | Attr =	]
PowerReg SchedulerV2.exe -> %UserProfile%\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ->  [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 1/14/2008 7:27:48 PM | Attr =	]
EPSON -> %CommonProgramFiles%\EPSON ->  [Folder | Created Date = 1/14/2008 7:21:49 PM | Attr =	]
PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Created Date = 2/6/2008 9:35:45 AM | Attr =	]
Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe ->  [Ver =  | Size = 41724 bytes | Modified Date = 2/10/2008 9:14:21 PM | Attr =  HS]

[Files/Folders - Modified Within 30 days]
AD-ware.exe -> %SystemDrive%\AD-ware.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/9/2008 12:05:26 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/11/2008 7:52:58 PM | Attr =	]
EPSONREG -> %SystemDrive%\EPSONREG ->  [Folder | Modified Date = 1/14/2008 7:27:32 PM | Attr =	]
Geek Squad 24 Hour Computer Support.msi -> %SystemDrive%\Geek Squad 24 Hour Computer Support.msi ->  [Ver =  | Size = 1359360 bytes | Modified Date = 2/8/2008 6:56:39 PM | Attr =	]
HJTInstall.exe -> %SystemDrive%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/10/2008 6:20:32 PM | Attr =	]
McafeeRootkitDetective.zip -> %SystemDrive%\McafeeRootkitDetective.zip ->  [Ver =  | Size = 1721043 bytes | Modified Date = 2/11/2008 5:41:15 PM | Attr =	]
N360_BACKUP -> %SystemDrive%\N360_BACKUP ->  [Folder | Modified Date = 2/5/2008 6:23:27 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/11/2008 5:49:40 PM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/11/2008 8:21:28 PM | Attr =  HS]
stinger.exe -> %SystemDrive%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/11/2008 5:40:24 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/11/2008 9:02:06 PM | Attr =	]
WinPFind35u.exe -> %SystemDrive%\WinPFind35u.exe ->  [Ver =  | Size = 480325 bytes | Modified Date = 2/13/2008 2:37:42 PM | Attr =	]
zaSetup_en.exe -> %SystemDrive%\zaSetup_en.exe -> Check Point Software Technologies LTD [Ver = 7.1.100.000 | Size = 210416 bytes | Modified Date = 2/11/2008 5:46:38 PM | Attr =	]
COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat ->  [Ver =  | Size = 10537 bytes | Modified Date = 1/15/2008 9:54:42 AM | Attr =	]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf ->  [Ver =  | Size = 706 bytes | Modified Date = 1/15/2008 5:28:00 AM | Attr =	]
185B52.mht -> %SystemRoot%\System32\185B52.mht ->  [Ver =  | Size = 2335270 bytes | Modified Date = 2/11/2008 5:53:42 PM | Attr =	]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 2/11/2008 5:35:13 PM | Attr =	]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/8/2008 6:41:31 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/13/2008 1:25:45 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/8/2008 6:40:13 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 2/5/2008 4:36:38 PM | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 2/9/2008 10:02:18 AM | Attr =	]
dc0B5B.sys -> %SystemRoot%\System32\dc0B5B.sys ->  [Ver =  | Size = 54624 bytes | Modified Date = 2/11/2008 5:53:46 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/11/2008 5:54:15 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/11/2008 5:50:45 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 189000 bytes | Modified Date = 2/11/2008 5:54:20 PM | Attr =	]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/11/2008 4:20:12 PM | Attr =	]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/11/2008 4:20:11 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59964 bytes | Modified Date = 2/8/2008 6:50:56 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 396168 bytes | Modified Date = 2/8/2008 6:50:56 PM | Attr =	]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/11/2008 4:20:12 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/8/2008 6:40:00 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 2/11/2008 7:20:27 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/12/2008 6:13:11 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/11/2008 7:52:07 PM | Attr =  HS]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/12/2008 6:13:17 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/11/2008 7:55:47 PM | Attr =   S]
Epson880.ini -> %SystemRoot%\Epson880.ini ->  [Ver =  | Size = 18 bytes | Modified Date = 1/14/2008 7:20:53 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/11/2008 5:51:21 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/11/2008 7:55:46 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/11/2008 3:02:15 PM | Attr =  HS]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/11/2008 5:54:23 PM | Attr =	]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 192 bytes | Modified Date = 1/14/2008 7:27:48 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/13/2008 2:37:57 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/8/2008 6:40:00 PM | Attr =	]
runepson.exe -> %SystemRoot%\runepson.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/14/2008 7:20:53 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/11/2008 5:54:15 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/13/2008 2:35:37 PM | Attr =	]
War3Unin.dat -> %SystemRoot%\War3Unin.dat ->  [Ver =  | Size = 17917 bytes | Modified Date = 2/5/2008 4:48:03 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 627 bytes | Modified Date = 2/11/2008 4:34:18 PM | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 10 bytes | Modified Date = 1/28/2008 6:29:27 PM | Attr =	]
??sks -> %SystemRoot%\Τаsks ->  [Folder | Modified Date = 2/10/2008 9:15:31 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/12/2008 6:13:16 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5552 bytes | Modified Date = 2/12/2008 9:20:49 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6810 bytes | Modified Date = 2/12/2008 9:20:49 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 12/16/2007 7:54:19 PM | Attr =	]
Rootkit_Detective.exe -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Directory 1 for McafeeRootkitDetective.zip\Rootkit_Detective.exe -> McAfee, Inc. [Ver = 1, 1, 0, 1 | Size = 1774432 bytes | Modified Date = 10/19/2007 12:36:44 PM | Attr = R  ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Earthsim -> %AllUsersProfile%\Application Data\Earthsim ->  [Folder | Modified Date = 1/28/2008 6:44:05 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/11/2008 3:02:09 PM | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2/13/2008 2:34:46 PM | Attr =	]
Earthsim -> %AppData%\Earthsim ->  [Folder | Modified Date = 1/28/2008 6:44:01 PM | Attr =	]
Geek Squad 24 Hour Computer Support -> %AppData%\Geek Squad 24 Hour Computer Support ->  [Folder | Modified Date = 2/8/2008 6:58:20 PM | Attr = RH ]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/11/2008 6:46:17 PM | Attr =   S]
W?nSxS -> %AppData%\WіnSxS ->  [Folder | Modified Date = 2/12/2008 5:46:29 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 42632 bytes | Modified Date = 2/10/2008 5:51:11 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3194816 bytes | Modified Date = 2/12/2008 6:12:12 PM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2/11/2008 7:19:57 PM | Attr =	]
Steam -> %UserProfile%\Local Settings\Application Data\Steam ->  [Folder | Modified Date = 1/25/2008 3:10:31 PM | Attr =	]
My Videos -> %AllUsersProfile%\Documents\My Videos ->  [Folder | Modified Date = 2/5/2008 5:54:20 PM | Attr = R  ]
Symantec -> %AllUsersProfile%\Documents\Symantec ->  [Folder | Modified Date = 2/5/2008 5:54:19 PM | Attr =	]
DWLG122_driver_200.zip -> %UserProfile%\My Documents\DWLG122_driver_200.zip ->  [Ver =  | Size = 8777226 bytes | Modified Date = 1/25/2008 3:32:07 PM | Attr =	]
healty.doc -> %UserProfile%\My Documents\healty.doc ->  [Ver =  | Size = 50176 bytes | Modified Date = 2/10/2008 5:11:19 PM | Attr =	]
hi.jpg -> %UserProfile%\My Documents\hi.jpg ->  [Ver =  | Size = 2842 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
images.jpg -> %UserProfile%\My Documents\images.jpg ->  [Ver =  | Size = 2842 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/13/2008 2:37:33 PM | Attr = R  ]
picture.jpg -> %UserProfile%\My Documents\picture.jpg ->  [Ver =  | Size = 1099 bytes | Modified Date = 1/25/2008 3:28:38 PM | Attr =	]
Save list -> %UserProfile%\My Documents\Save list ->  [Ver =  | Size = 1154 bytes | Modified Date = 2/12/2008 8:36:07 PM | Attr =	]
soldier.jpg -> %UserProfile%\My Documents\soldier.jpg ->  [Ver =  | Size = 2043 bytes | Modified Date = 1/25/2008 3:28:37 PM | Attr =	]
spider.sav -> %UserProfile%\My Documents\spider.sav ->  [Ver =  | Size = 412 bytes | Modified Date = 2/11/2008 9:41:04 PM | Attr =	]
Unhealthy.doc -> %UserProfile%\My Documents\Unhealthy.doc ->  [Ver =  | Size = 48640 bytes | Modified Date = 2/10/2008 3:46:59 PM | Attr =	]
Values.doc -> %UserProfile%\My Documents\Values.doc ->  [Ver =  | Size = 20992 bytes | Modified Date = 1/14/2008 8:15:27 PM | Attr =	]
Geek Squad 24hr Support.lnk -> %AllUsersProfile%\Desktop\Geek Squad 24hr Support.lnk ->  [Ver =  | Size = 1831 bytes | Modified Date = 2/8/2008 6:57:12 PM | Attr =	]
Steam.lnk -> %AllUsersProfile%\Desktop\Steam.lnk ->  [Ver =  | Size = 2193 bytes | Modified Date = 2/11/2008 7:45:44 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2/10/2008 6:20:43 PM | Attr =	]
Source SDK Base 2007.lnk -> %UserProfile%\Desktop\Source SDK Base 2007.lnk ->  [Ver =  | Size = 668 bytes | Modified Date = 1/25/2008 10:36:13 PM | Attr =	]
Team Fortress 2 Dedicated Server.lnk -> %UserProfile%\Desktop\Team Fortress 2 Dedicated Server.lnk ->  [Ver =  | Size = 668 bytes | Modified Date = 1/25/2008 9:24:49 PM | Attr =	]
Team Fortress 2.lnk -> %UserProfile%\Desktop\Team Fortress 2.lnk ->  [Ver =  | Size = 1566 bytes | Modified Date = 1/25/2008 10:36:13 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/13/2008 2:37:55 PM | Attr =	]
EPSON Status Monitor 3 Environment Check.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk ->  [Ver =  | Size = 893 bytes | Modified Date = 1/14/2008 7:27:02 PM | Attr =	]
PowerReg SchedulerV2.exe -> %UserProfile%\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ->  [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 1/14/2008 7:27:48 PM | Attr =	]
EPSON -> %CommonProgramFiles%\EPSON ->  [Folder | Modified Date = 1/14/2008 7:21:49 PM | Attr =	]
PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Modified Date = 2/8/2008 6:37:57 PM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2/13/2008 1:19:50 PM | Attr =	]
Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe ->  [Ver =  | Size = 41724 bytes | Modified Date = 2/10/2008 9:14:21 PM | Attr =  HS]

[File Purity- Additional Folder Scans - Non-Microsoft Only]
C:\WINDOWS\??sks\ -> C:\WINDOWS\Τаsks ->  [Folder | Modified Date = 2/10/2008 9:15:31 PM | Attr =	]
C:\Documents and Settings\User\Application Data\W?nSxS\ -> C:\Documents and Settings\User\Application Data\WіnSxS ->  [Folder | Modified Date = 2/12/2008 5:46:29 PM | Attr =	]
W?nSxS -> C:\Documents and Settings\User\Application Data\WіnSxS\WіnSxS ->  [Folder | Modified Date = 2/10/2008 9:15:32 PM | Attr =	]

< End of report >


#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 14 February 2008 - 08:05 AM

Hi,

Thanks for the log.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Spgv -> %SystemRoot%\Τаsks\аti2evxx.exe
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup
YN ->  -> %UserProfile%\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Files/Folders - Created Within 30 days]
YN -> ??sks -> %SystemRoot%\Τаsks
[Files Created - Additional Folder Scans - Non-Microsoft Only]
YN -> Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe
[Files/Folders - Modified Within 30 days]
YN -> ??sks -> %SystemRoot%\Τаsks
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
YN -> W?nSxS -> %AppData%\WіnSxS
YN -> PowerReg SchedulerV2.exe -> %UserProfile%\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
YN -> Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe
[File Purity- Additional Folder Scans - Non-Microsoft Only]
NY -> C:\WINDOWS\??sks\ -> C:\WINDOWS\Τаsks
NY -> C:\Documents and Settings\User\Application Data\W?nSxS\ -> C:\Documents and Settings\User\Application Data\WіnSxS
NY -> W?nSxS -> C:\Documents and Settings\User\Application Data\WіnSxS\WіnSxS
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#8 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 15 February 2008 - 07:17 PM

Ok, thanks you are very helpfull i will do as you say on monday the 18th. thankyou again.

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 16 February 2008 - 12:29 PM

Ok. I should be here. :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 18 February 2008 - 02:27 PM

"I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks "

ok hey yea all it does is show the little timer thing on the mouse whenever i put my mouse over the app and its not loading.

#11 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 18 February 2008 - 06:15 PM

So, do you know what i should do since that not working?

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 19 February 2008 - 08:51 AM

Hi,

Revised fix.
Please ignore the above and continue with below:

Download new version of WinPFind35u.exe to your desktop and let it overwrite the old:

http://download.bleepingcomputer.com/oldti...WinPFind35u.exe

Double click it> click "extract" OK the overwrite prompts.

I have attached to my post a file called wpf35fix.txt
Please save this file to your desktop.

Then boot to SAFE mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Once in Safe mode:

Open wpf35fix.txt

Open WinPFind35u.exe
Copy/Paste the information in the wpf35fix.txt into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 19 February 2008 - 08:25 PM

ok thanks will do

#14 mike4

mike4
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 19 February 2008 - 08:45 PM

Here and thanks for all your help so far... im glad you are helping. =D here it is-

[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spgv not found.
C:\Documents and Settings\User\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe moved successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe not found!
[Extra Files]
< Purity >
C:\WINDOWS\Τаsks folder moved successfully.
C:\Documents and Settings\User\Application Data\WіnSxS\WіnSxS folder moved successfully.
C:\Documents and Settings\User\Application Data\WіnSxS folder moved successfully.
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta52 fix logfile created on 02192008_174030

#15 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:04:30 PM

Posted 20 February 2008 - 02:19 AM

Hi and thanks for the log.
How is it running now?

Can you post a new log from WinPFind35u using instructions from this post please:

http://www.bleepingcomputer.com/forums/ind...st&p=739822

Start at the * Close All Other Programs.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users