Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop running Windows2000 is infected with spywares and malware


  • Please log in to reply
15 replies to this topic

#1 YARO

YARO

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 19 February 2008 - 08:38 PM

//Mod edit: See this thread for additional information. http://www.bleepingcomputer.com/forums/t/131417/rhond-a-adware-ipwins-infection/

Dear Folks,

My system ( Destkop running Windows2000 ) is infected with spywares and malwares. It displays annoying popups and RED X mark on systray.

I had earlier posted this in the incorrect forum and as per the expert advice, I have followed all the instructions and have created this new thread.

Please find the attached HJT log.

Sincerely appreciate your response in cleaning up my pc.

Thanks

_______________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:31 PM, on 2/19/2008
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Offline Course Player\OlpSynch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "file:///D:/vaidhehi/HomePage/Home.htm"); (C:\Documents and Settings\BALAJIRAGHAVAN\Application Data\Mozilla\Profiles\default\7v0irtmu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BALAJIRAGHAVAN\Application Data\Mozilla\Profiles\default\7v0irtmu.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [OLPSYNCH] "C:\Program Files\Offline Course Player\OlpSynch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSDisp32] "rundll32.exe" C:\WINNT\system32\drvmut.dll,startup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02b.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://66.184.29.86/plugin/h263ctrl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: sysfldr - C:\WINNT\
O20 - Winlogon Notify: winjif32 - C:\WINNT\SYSTEM32\winjif32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7662 bytes

Edited by KoanYorel, 20 February 2008 - 09:04 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 25 February 2008 - 03:26 PM

Hello YARO and welcome to the BC HijackThis forum. Let's see what else we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 26 February 2008 - 11:56 AM

Thanks for the reply OldTimer. As I am on a travelling job, I will be back home on thursday and perform the steps as mentioned by you and provide the log on friday.

Sincere thanks again.

#4 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 29 February 2008 - 09:32 AM

Hi OldTimer,

As per your instructions, I have performed all the steps and pasted the logfile here. Please review and provide your help.

Just in case if the pasted log is not readable, I have also uploaded the file in text format.

Thanks


WinPFind35 logfile created on: 2/29/2008 9:32:15 AM
WinPFind35U Version 1.0.2.2	 Folder = C:\Documents and Settings\BalajiRaghavan\Desktop\WinPFind35u
Windows 2000 Professional Edition Service Pack 2 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
383.30 Mb Total Physical Memory | 205.88 Mb Available Physical Memory | 53.71% Memory free
921.29 Mb Paging File | 737.80 Mb Available in Paging File | 80.08% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 10.71 Gb Free Space | 57.45% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 117.91 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 249.72 Mb Total Space | 4.08 Mb Free Space | 1.63% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIG-HITECH
Current User Name: BalajiRaghavan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ireike.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 299058 bytes | Modified Date = 8/20/2003 2:52:44 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ipsecmon.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 28726 bytes | Modified Date = 8/20/2003 2:52:46 PM | Attr =	]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr =	]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 15 | Size = 38912 bytes | Modified Date = 6/5/2000 9:32:46 AM | Attr =	]
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 4:54:04 PM | Attr =	]
olpsynch.exe -> %ProgramFiles%\Offline Course Player\OlpSynch.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 5/19/2005 1:04:02 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/15/2006 6:58:38 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 2:07:30 PM | Attr =	]
atiptaxx.exe -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 4.11.2446 | Size = 151552 bytes | Modified Date = 12/2/1999 4:52:38 PM | Attr =	]
createcd50.exe -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe -> Roxio [Ver = 5.1 (50) | Size = 110592 bytes | Modified Date = 9/4/2001 5:52:38 PM | Attr =	]
directcd.exe -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.10 (105) | Size = 655360 bytes | Modified Date = 9/4/2001 3:31:50 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/23/2007 9:57:36 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
safecfg.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 57396 bytes | Modified Date = 8/20/2003 2:52:50 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(IPSECMON) SafeNet Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 28726 bytes | Modified Date = 8/20/2003 2:52:46 PM | Attr =	]
(IreIKE) SafeNet IKE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 299058 bytes | Modified Date = 8/20/2003 2:52:44 PM | Attr =	]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic116x) aic116x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ami0nt) ami0nt [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mpaa) ati2mpaa [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mpaa.sys -> ATI Technologies Inc. [Ver = 5.0.86 | Size = 304784 bytes | Modified Date = 12/22/1999 | Attr =	]
(BusLogic) BusLogic [Kernel | Disabled | Stopped] ->  -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_2K.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2432 bytes | Modified Date = 10/4/2006 9:42:42 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2560 bytes | Modified Date = 10/4/2006 9:42:42 PM | Attr =	]
(cdudf) cdudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\Cdudf.sys -> Roxio [Ver = 5.10 (105) | Size = 238176 bytes | Modified Date = 9/4/2001 3:38:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(cpqarry2) cpqarry2 [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfcalm) cpqfcalm [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfws2e) cpqfws2e [Kernel | Disabled | Stopped] ->  -> File not found
(Crypto) Crypto [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Crypto.sig ->  [Ver =  | Size = 136 bytes | Modified Date = 7/17/2003 7:18:36 AM | Attr =	]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(deckzpsx) deckzpsx [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 369104 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 137936 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 7312 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.20.3.220 | Size = 138916 bytes | Modified Date = 9/13/2002 10:32:22 AM | Attr =	]
(DniVap) SafeNet WAN Miniport (VA) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vapnt.sys -> Deterministic Networks Inc. [Ver = 4.12 | Size = 36188 bytes | Modified Date = 12/14/2001 3:26:06 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Dvd_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 17990 bytes | Modified Date = 9/4/2001 3:39:50 PM | Attr =	]
(EL90BC) 3Com EtherLink XL B/C Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\el90xbc5.sys -> 3Com Corporation [Ver = 1.56.50.0013 | Size = 61712 bytes | Modified Date = 10/23/1999 7:22:20 AM | Attr =	]
(Fd16_700) Fd16_700 [Kernel | Disabled | Stopped] ->  -> File not found
(fireport) fireport [Kernel | Disabled | Stopped] ->  -> File not found
(flashpnt) flashpnt [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IPSECDRV) SafeNet IPSec Plugin [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\IpSecDrv.sys -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 118840 bytes | Modified Date = 8/20/2003 2:39:32 PM | Attr =	]
(ipsraidn) ipsraidn [Kernel | Disabled | Stopped] ->  -> File not found
(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 12/31/2007 10:15:20 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lp6nds35) lp6nds35 [Kernel | Disabled | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Mmc_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 19702 bytes | Modified Date = 9/4/2001 3:39:40 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Ncrc710) Ncrc710 [Kernel | Disabled | Stopped] ->  -> File not found
(NetDetect) NetDetect [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netdtect.sys -> File not found
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 1, 0, 0, 0 | Size = 10368 bytes | Modified Date = 5/14/2001 6:15:40 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PD1030VID) Creative WebCam Pro [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\p1030vid.sys -> Creative Technology Ltd. [Ver = 2.00.00.2603 | Size = 167661 bytes | Modified Date = 4/29/2002 1:00:00 PM | Attr = R  ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 | Size = 17680 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(pwd_2K) pwd_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pwd_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 78454 bytes | Modified Date = 9/4/2001 2:39:28 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql2100) ql2100 [Kernel | Disabled | Stopped] ->  -> File not found
(sglfb) sglfb [Kernel | System | Stopped] ->  -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SSFS0BB8) Spy Sweeper File System Filer Driver: 0BB8 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SSFS0BB8.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 20280 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 21816 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 163128 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 23864 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(tga) tga [Kernel | System | Stopped] ->  -> File not found
(UdfReadr) UdfReadr [File_System | System | Running] -> %SystemRoot%\system32\drivers\UdfReadr.sys -> Roxio [Ver = 5.10 (105) | Size = 214240 bytes | Modified Date = 9/4/2001 4:44:50 PM | Attr =	]
(ultra66) ultra66 [Kernel | Disabled | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AdaptecDirectCD -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.10 (105) | Size = 655360 bytes | Modified Date = 9/4/2001 3:31:50 PM | Attr =	]
AtiPTA -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 4.11.2446 | Size = 151552 bytes | Modified Date = 12/2/1999 4:52:38 PM | Attr =	]
CreateCD50 -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe -> Roxio [Ver = 5.1 (50) | Size = 110592 bytes | Modified Date = 9/4/2001 5:52:38 PM | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr =	]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 4:54:04 PM | Attr =	]
MSDisp32 -> %SystemRoot%\system32\drvmut.dll ->  [Ver =  | Size = 15872 bytes | Modified Date = 2/15/2008 12:44:35 PM | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr =	]
OLPSYNCH -> %ProgramFiles%\Offline Course Player\OlpSynch.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 5/19/2005 1:04:02 AM | Attr =	]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 5361464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 2:07:30 PM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/15/2006 6:58:38 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/23/2007 9:57:36 AM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 57396 bytes | Modified Date = 8/20/2003 2:52:50 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
ckpNotify ->  -> File not found
klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr =	]
sysfldr ->  -> File not found
winjif32 -> %SystemRoot%\system32\winjif32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 2/8/2008 11:11:44 AM | Attr =	]
WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 219448 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< HOSTS File > (66 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> 
192.168.18.52	erp -> -> 
192.168.18.62	nerp -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5361 domain(s) found. -> 
1204 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 2:21:52 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/3/2007 8:14:32 AM | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 10:01:28 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
{3E230861-5C87-11D3-A1C6-00105A1B41B8}:BandCLSID -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{BA75519E-2643-4D50-A0FF-4087FAD4339C} ->	() -> 
{CE4ADC2E-C6CA-4B25-9C40-2612546A8E71} ->	(3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) -> 
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
saphtmlp:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 6405.5.18.11 | Size = 42496 bytes | Modified Date = 3/7/2006 8:16:06 AM | Attr =	]
sapr3:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 6405.5.18.11 | Size = 42496 bytes | Modified Date = 3/7/2006 8:16:06 AM | Attr =	]
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 10:01:28 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE}[HKEY_LOCAL_MACHINE] -> http://www.kumudam.com/wfplayer/tdserver.cab[TDServer Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{8FEFF364-6A5F-4966-A917-A3AC28411659}[HKEY_LOCAL_MACHINE] -> http://download.sopcast.com/download/SOPCORE.CAB[SopCore Control] -> 
{A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C}[HKEY_LOCAL_MACHINE] -> http://66.184.29.86/plugin/h263ctrl.cab[VaPgCtrl Class] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab[GpcContainer Class] -> 
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}[HKEY_LOCAL_MACHINE] -> https://secure.logmein.com/activex/RACtrl.cab[Performance Viewer Activex Control] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.00.2195.6680 | Size = 117520 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 212752 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.00.2195.6680 | Size = 117520 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
schannel -> %SystemRoot%\system32\SCHANNEL.DLL -> Microsoft Corporation [Ver = 5.00.2195.6705 | Size = 147728 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 248 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.00.2195.6704 | Size = 114448 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINNT\system32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 102672 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINNT\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 5.00.0984 | Size = 10000 bytes | Modified Date = 5/8/2001 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINNT\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 5/8/2001 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINNT\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.00.2195.6708 | Size = 441616 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Allows remote registry manipulation. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINNT\system32\regsvc.exe [%SystemRoot%\system32\regsvc.exe] -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.00.2195.6702 | Size = 239376 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
TcpIp ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Allows a remote user to log on to the system and run console programs using the command line. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINNT\system32\tlntsvr.exe [%SystemRoot%\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.00.99206.1 | Size = 186128 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
HJT -> %SystemDrive%\HJT ->  [Folder | Created Date = 2/17/2008 3:28:06 PM | Attr =	]
SSFS0BB8.sys -> %SystemRoot%\System32\drivers\SSFS0BB8.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 20280 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 21816 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 163128 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
byxvutt.dll -> %SystemRoot%\System32\byxvutt.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 12:44:33 PM | Attr =	]
CloseAll.exe -> %SystemRoot%\System32\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Modified Date = 1/25/2008 6:58:28 PM | Attr =	]
drvmut.dll -> %SystemRoot%\System32\drvmut.dll ->  [Ver =  | Size = 15872 bytes | Modified Date = 2/15/2008 12:44:35 PM | Attr =	]
ProxySettings.ini -> %SystemRoot%\System32\ProxySettings.ini ->  [Ver =  | Size = 104 bytes | Modified Date = 2/6/2005 9:02:46 AM | Attr =	]
SDEarlyDelete.exe -> %SystemRoot%\System32\SDEarlyDelete.exe ->  [Ver =  | Size = 6144 bytes | Modified Date = 1/30/2008 11:03:28 AM | Attr =	]
ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 16184 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2698 bytes | Modified Date = 2/15/2008 1:18:09 PM | Attr =	]
winilq32.dll -> %SystemRoot%\System32\winilq32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 2/8/2008 11:11:41 AM | Attr =	]
winjif32.dll -> %SystemRoot%\System32\winjif32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 2/8/2008 11:11:44 AM | Attr =	]
WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 219448 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll ->  [Ver =  | Size = 26424 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
ShellIconCache -> %SystemRoot%\ShellIconCache ->  [Ver =  | Size = 746662 bytes | Modified Date = 2/19/2008 8:46:05 PM | Attr =  H ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 1521464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/17/2008 1:42:18 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/17/2008 3:58:47 PM | Attr =	]
Webroot -> %AllUsersProfile%\Application Data\Webroot ->  [Folder | Created Date = 2/17/2008 6:28:26 PM | Attr =	]
Webroot -> %AppData%\Webroot ->  [Folder | Created Date = 2/17/2008 6:28:26 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1632 bytes | Modified Date = 2/17/2008 1:42:33 PM | Attr =	]
Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk ->  [Ver =  | Size = 1492 bytes | Modified Date = 2/17/2008 6:28:41 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/29/2008 6:15:56 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1590 bytes | Modified Date = 2/19/2008 8:40:22 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/19/2008 8:40:13 PM | Attr =	]
sap_workflow.pdf -> %UserProfile%\Desktop\sap_workflow.pdf ->  [Ver =  | Size = 4171635 bytes | Modified Date = 2/8/2008 9:25:47 AM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Created Date = 2/15/2008 12:57:27 PM | Attr =	]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe ->  [Ver =  | Size = 1218728 bytes | Modified Date = 2/15/2008 12:57:10 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/17/2008 3:59:24 PM | Attr =	]
spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/17/2008 3:56:16 PM | Attr =	]
spywaredetectorb.exe -> %UserProfile%\Desktop\spywaredetectorb.exe -> Max Secure Software										  [Ver = 19.0.0.056		   | Size = 9643128 bytes | Modified Date = 2/17/2008 3:12:03 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/18/2008 5:55:20 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 2/18/2008 8:13:27 PM | Attr =	]
structural_authorizations_step_by_step.doc -> %UserProfile%\Desktop\structural_authorizations_step_by_step.doc ->  [Ver =  | Size = 1191936 bytes | Modified Date = 2/9/2008 11:46:11 PM | Attr =	]
wininet.zip -> %UserProfile%\Desktop\wininet.zip ->  [Ver =  | Size = 321707 bytes | Modified Date = 2/15/2008 1:01:39 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/29/2008 9:31:18 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481772 bytes | Modified Date = 2/29/2008 6:16:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/17/2008 1:41:44 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
HJT -> %SystemDrive%\HJT ->  [Folder | Modified Date = 2/17/2008 3:32:02 PM | Attr =	]
My Music -> %SystemDrive%\My Music ->  [Folder | Modified Date = 2/8/2008 3:30:41 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/19/2008 8:40:22 PM | Attr =	]
WINNT -> %SystemRoot% ->  [Folder | Modified Date = 2/17/2008 6:28:27 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/18/2008 1:34:41 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 66 bytes | Modified Date = 2/19/2008 8:34:43 PM | Attr =	]
hosts.backup -> %SystemRoot%\System32\drivers\etc\hosts.backup ->  [Ver =  | Size = 66 bytes | Modified Date = 2/15/2008 1:18:03 PM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 7843616 bytes | Modified Date = 2/21/2008 3:26:01 AM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 107852 bytes | Modified Date = 2/17/2008 6:29:22 PM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 131104 bytes | Modified Date = 2/20/2008 6:36:19 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 14360 bytes | Modified Date = 2/17/2008 6:29:23 PM | Attr =  HS]
byxvutt.dll -> %SystemRoot%\System32\byxvutt.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 12:44:33 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/5/2008 7:30:45 PM | Attr = RHS]
2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 6:28:41 PM | Attr =	]
drvmut.dll -> %SystemRoot%\System32\drvmut.dll ->  [Ver =  | Size = 15872 bytes | Modified Date = 2/15/2008 12:44:35 PM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 2/29/2008 9:28:53 AM | Attr =	]
SDEarlyDelete.exe -> %SystemRoot%\System32\SDEarlyDelete.exe ->  [Ver =  | Size = 6144 bytes | Modified Date = 1/30/2008 11:03:28 AM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2698 bytes | Modified Date = 2/15/2008 1:18:09 PM | Attr =	]
winilq32.dll -> %SystemRoot%\System32\winilq32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 2/8/2008 11:11:41 AM | Attr =	]
winjif32.dll -> %SystemRoot%\System32\winjif32.dll ->  [Ver =  | Size = 23552 bytes | Modified Date = 2/8/2008 11:11:44 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/21/2008 5:54:20 PM | Attr =  HS]
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/17/2008 1:28:58 PM | Attr =   S]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/20/2008 6:35:07 PM | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/8/2008 2:17:45 PM | Attr =	]
saplogon.ini -> %SystemRoot%\saplogon.ini ->  [Ver =  | Size = 1432 bytes | Modified Date = 2/8/2008 10:21:24 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/29/2008 9:24:48 AM | Attr =	]
ShellIconCache -> %SystemRoot%\ShellIconCache ->  [Ver =  | Size = 746662 bytes | Modified Date = 2/19/2008 8:46:05 PM | Attr =  H ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/17/2008 3:13:45 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/29/2008 9:29:58 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/29/2008 9:30:29 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2/17/2008 4:39:54 PM | Attr =   S]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 3306 bytes | Modified Date = 2/17/2008 4:39:50 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/19/2008 8:15:53 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/29/2008 9:24:46 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 11670 bytes | Modified Date = 3/15/2006 9:13:14 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 4/26/2007 3:25:39 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5368 bytes | Modified Date = 1/26/2007 3:25:39 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 9/5/2004 10:05:44 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2/17/2008 1:29:01 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/17/2008 1:43:21 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/17/2008 4:00:17 PM | Attr =	]
Webroot -> %AllUsersProfile%\Application Data\Webroot ->  [Folder | Modified Date = 2/17/2008 6:28:26 PM | Attr =	]
Lavasoft -> %AppData%\Lavasoft ->  [Folder | Modified Date = 2/17/2008 1:32:05 PM | Attr =	]
Webroot -> %AppData%\Webroot ->  [Folder | Modified Date = 2/17/2008 6:28:26 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1632 bytes | Modified Date = 2/17/2008 1:42:33 PM | Attr =	]
Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk ->  [Ver =  | Size = 1492 bytes | Modified Date = 2/17/2008 6:28:41 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/29/2008 6:15:56 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1590 bytes | Modified Date = 2/19/2008 8:40:22 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/19/2008 8:40:13 PM | Attr =	]
sap_workflow.pdf -> %UserProfile%\Desktop\sap_workflow.pdf ->  [Ver =  | Size = 4171635 bytes | Modified Date = 2/8/2008 9:25:47 AM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Modified Date = 2/15/2008 1:32:50 PM | Attr =	]
SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe ->  [Ver =  | Size = 1218728 bytes | Modified Date = 2/15/2008 12:57:10 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/17/2008 3:59:24 PM | Attr =	]
spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/17/2008 3:56:16 PM | Attr =	]
spywaredetectorb.exe -> %UserProfile%\Desktop\spywaredetectorb.exe -> Max Secure Software										  [Ver = 19.0.0.056		   | Size = 9643128 bytes | Modified Date = 2/17/2008 3:12:03 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/18/2008 5:55:20 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 2/18/2008 8:13:27 PM | Attr =	]
structural_authorizations_step_by_step.doc -> %UserProfile%\Desktop\structural_authorizations_step_by_step.doc ->  [Ver =  | Size = 1191936 bytes | Modified Date = 2/9/2008 11:46:11 PM | Attr =	]
wininet.zip -> %UserProfile%\Desktop\wininet.zip ->  [Ver =  | Size = 321707 bytes | Modified Date = 2/15/2008 1:01:39 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/29/2008 9:31:18 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481772 bytes | Modified Date = 2/29/2008 6:16:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/17/2008 1:41:44 PM | Attr =	]

< End of report >

Attached Files



#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 29 February 2008 - 11:43 AM

Hi YARO. Let's see what we can do with this. Please follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to unload:
NetDetect
Files to delete:
%SystemRoot%\System32\byxvutt.dll
%SystemRoot%\system32\drivers\netdtect.sys
%SystemRoot%\system32\drvmut.dll
%SystemRoot%\System32\tmp.reg
%SystemRoot%\System32\winilq32.dll
%SystemRoot%\system32\winjif32.dll
%SystemRoot%\wininit.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (NetDetect) NetDetect [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netdtect.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> MSDisp32 -> %SystemRoot%\system32\drvmut.dll
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ckpNotify -> 
YN -> sysfldr -> 
YY -> winjif32 -> %SystemRoot%\system32\winjif32.dll
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {83B28A74-640D-48F4-9F51-E80EED7CC7E0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {3E230861-5C87-11D3-A1C6-00105A1B41B8}:BandCLSID -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Downloaded Program Files\SbCIe02b.dll [SideStep]
[Files/Folders - Created Within 30 days]
NY -> byxvutt.dll -> %SystemRoot%\System32\byxvutt.dll
NY -> drvmut.dll -> %SystemRoot%\System32\drvmut.dll
NY -> tmp.reg -> %SystemRoot%\System32\tmp.reg
NY -> winilq32.dll -> %SystemRoot%\System32\winilq32.dll
NY -> winjif32.dll -> %SystemRoot%\System32\winjif32.dll
[Files/Folders - Modified Within 30 days]
NY -> byxvutt.dll -> %SystemRoot%\System32\byxvutt.dll
NY -> drvmut.dll -> %SystemRoot%\System32\drvmut.dll
NY -> tmp.reg -> %SystemRoot%\System32\tmp.reg
NY -> winilq32.dll -> %SystemRoot%\System32\winilq32.dll
NY -> winjif32.dll -> %SystemRoot%\System32\winjif32.dll
NY -> wininit.ini -> %SystemRoot%\wininit.ini
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 01 March 2008 - 02:11 PM

Hi OldTimer,

I followed all the steps and there were no issues except for Step#1 ( Avenger ). I tried to run Step#1 and the system rebooted but was hanging for the first time. I had to switch it off and restart the machine again. Ran Step#1 again and after reboot it hanged again. Had to switch if off and restarted to run step #2.

After Step#4 is complete, I ran Step#1 and this time it went through fine.

I have attached the following logs as you requested.

Avenger Report
--------------------


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows 2000

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\NetDetect" not found!
Deletion of driver "NetDetect" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\System32\byxvutt.dll" not found!
Deletion of file "C:\WINNT\System32\byxvutt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\system32\drivers\netdtect.sys" not found!
Deletion of file "C:\WINNT\system32\drivers\netdtect.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\system32\drvmut.dll" not found!
Deletion of file "C:\WINNT\system32\drvmut.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\System32\tmp.reg" not found!
Deletion of file "C:\WINNT\System32\tmp.reg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\System32\winilq32.dll" not found!
Deletion of file "C:\WINNT\System32\winilq32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\system32\winjif32.dll" not found!
Deletion of file "C:\WINNT\system32\winjif32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINNT\wininit.ini" not found!
Deletion of file "C:\WINNT\wininit.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
__________________________________________________________________________________________________

The latest WinPFind35u fix log :

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Unable to stop service NetDetect .
Unable to delete service NetDetect .
File C:\WINNT\system32\drivers\netdtect.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDisp32 deleted successfully.
File C:\WINNT\system32\drvmut.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjif32\ deleted successfully.
File C:\WINNT\system32\winjif32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINNT\System32\byxvutt.dll not found!
File C:\WINNT\System32\drvmut.dll not found!
File C:\WINNT\System32\tmp.reg not found!
File C:\WINNT\System32\winilq32.dll not found!
File C:\WINNT\System32\winjif32.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINNT\System32\byxvutt.dll not found!
File C:\WINNT\System32\drvmut.dll not found!
File C:\WINNT\System32\tmp.reg not found!
File C:\WINNT\System32\winilq32.dll not found!
File C:\WINNT\System32\winjif32.dll not found!
File C:\WINNT\wininit.ini not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.2.2 fix logfile created on 03012008_104610

__________________________________________________________________________________________________

The new WinPFind35u scan log

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Unable to stop service NetDetect .
Unable to delete service NetDetect .
File C:\WINNT\system32\drivers\netdtect.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDisp32 not found.
File C:\WINNT\system32\drvmut.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjif32\ not found.
File C:\WINNT\system32\winjif32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3E230861-5C87-11D3-A1C6-00105A1B41B8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
[Files/Folders - Created Within 30 days]
File C:\WINNT\System32\byxvutt.dll not found!
File C:\WINNT\System32\drvmut.dll not found!
File C:\WINNT\System32\tmp.reg not found!
File C:\WINNT\System32\winilq32.dll not found!
File C:\WINNT\System32\winjif32.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINNT\System32\byxvutt.dll not found!
File C:\WINNT\System32\drvmut.dll not found!
File C:\WINNT\System32\tmp.reg not found!
File C:\WINNT\System32\winilq32.dll not found!
File C:\WINNT\System32\winjif32.dll not found!
File C:\WINNT\wininit.ini not found!
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.2.2 fix logfile created on 03012008_140800


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 01 March 2008 - 02:34 PM

Hi YARO. The WPF35 scan log is the log from the fix. I need a new log from a scan.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 02 March 2008 - 10:34 AM

Hi OldTimer,

I have attached the WPF35 scan log.

WinPFind35 logfile created on: 3/2/2008 10:37:33 AM
WinPFind35U Version 1.0.2.2	 Folder = C:\Documents and Settings\BalajiRaghavan\Desktop\WinPFind35u
Windows 2000 Professional Edition Service Pack 2 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
383.30 Mb Total Physical Memory | 170.55 Mb Available Physical Memory | 44.49% Memory free
921.29 Mb Paging File | 727.93 Mb Available in Paging File | 79.01% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 10.68 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 117.91 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 249.72 Mb Total Space | 3.00 Mb Free Space | 1.20% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIG-HITECH
Current User Name: BalajiRaghavan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ireike.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 299058 bytes | Modified Date = 8/20/2003 2:52:44 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
ipsecmon.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 28726 bytes | Modified Date = 8/20/2003 2:52:46 PM | Attr =	]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr =	]
devldr32.exe -> %SystemRoot%\system32\devldr32.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 15 | Size = 38912 bytes | Modified Date = 6/5/2000 9:32:46 AM | Attr =	]
lvcoms.exe -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 4:54:04 PM | Attr =	]
olpsynch.exe -> %ProgramFiles%\Offline Course Player\OlpSynch.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 5/19/2005 1:04:02 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/15/2006 6:58:38 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 2:07:30 PM | Attr =	]
atiptaxx.exe -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 4.11.2446 | Size = 151552 bytes | Modified Date = 12/2/1999 4:52:38 PM | Attr =	]
createcd50.exe -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe -> Roxio [Ver = 5.1 (50) | Size = 110592 bytes | Modified Date = 9/4/2001 5:52:38 PM | Attr =	]
directcd.exe -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.10 (105) | Size = 655360 bytes | Modified Date = 9/4/2001 3:31:50 PM | Attr =	]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 5361464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/23/2007 9:57:36 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
safecfg.exe -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 57396 bytes | Modified Date = 8/20/2003 2:52:50 PM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(IPSECMON) SafeNet Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 28726 bytes | Modified Date = 8/20/2003 2:52:46 PM | Attr =	]
(IreIKE) SafeNet IKE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 299058 bytes | Modified Date = 8/20/2003 2:52:44 PM | Attr =	]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic116x) aic116x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ami0nt) ami0nt [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mpaa) ati2mpaa [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mpaa.sys -> ATI Technologies Inc. [Ver = 5.0.86 | Size = 304784 bytes | Modified Date = 12/22/1999 | Attr =	]
(BusLogic) BusLogic [Kernel | Disabled | Stopped] ->  -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_2K.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2432 bytes | Modified Date = 10/4/2006 9:42:42 PM | Attr =	]
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212  | Size = 2560 bytes | Modified Date = 10/4/2006 9:42:42 PM | Attr =	]
(cdudf) cdudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\Cdudf.sys -> Roxio [Ver = 5.10 (105) | Size = 238176 bytes | Modified Date = 9/4/2001 3:38:00 PM | Attr =	]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(cpqarry2) cpqarry2 [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfcalm) cpqfcalm [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfws2e) cpqfws2e [Kernel | Disabled | Stopped] ->  -> File not found
(Crypto) Crypto [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Crypto.sig ->  [Ver =  | Size = 136 bytes | Modified Date = 7/17/2003 7:18:36 AM | Attr =	]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(deckzpsx) deckzpsx [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 369104 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 137936 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> VERITAS Software Corp. [Ver = 2195.6655.297.3 | Size = 7312 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.20.3.220 | Size = 138916 bytes | Modified Date = 9/13/2002 10:32:22 AM | Attr =	]
(DniVap) SafeNet WAN Miniport (VA) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vapnt.sys -> Deterministic Networks Inc. [Ver = 4.12 | Size = 36188 bytes | Modified Date = 12/14/2001 3:26:06 PM | Attr =	]
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Dvd_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 17990 bytes | Modified Date = 9/4/2001 3:39:50 PM | Attr =	]
(EL90BC) 3Com EtherLink XL B/C Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\el90xbc5.sys -> 3Com Corporation [Ver = 1.56.50.0013 | Size = 61712 bytes | Modified Date = 10/23/1999 7:22:20 AM | Attr =	]
(Fd16_700) Fd16_700 [Kernel | Disabled | Stopped] ->  -> File not found
(fireport) fireport [Kernel | Disabled | Stopped] ->  -> File not found
(flashpnt) flashpnt [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IPSECDRV) SafeNet IPSec Plugin [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\IpSecDrv.sys -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 118840 bytes | Modified Date = 8/20/2003 2:39:32 PM | Attr =	]
(ipsraidn) ipsraidn [Kernel | Disabled | Stopped] ->  -> File not found
(KLIF) KLIF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.319 | Size = 194320 bytes | Modified Date = 12/31/2007 10:15:20 AM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lp6nds35) lp6nds35 [Kernel | Disabled | Stopped] ->  -> File not found
(mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Mmc_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 19702 bytes | Modified Date = 9/4/2001 3:39:40 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Ncrc710) Ncrc710 [Kernel | Disabled | Stopped] ->  -> File not found
(OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 1, 0, 0, 0 | Size = 10368 bytes | Modified Date = 5/14/2001 6:15:40 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PD1030VID) Creative WebCam Pro [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\p1030vid.sys -> Creative Technology Ltd. [Ver = 2.00.00.2603 | Size = 167661 bytes | Modified Date = 4/29/2002 1:00:00 PM | Attr = R  ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 | Size = 17680 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
(pwd_2K) pwd_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pwd_2k.sys -> Roxio [Ver = 5.10 (105) | Size = 78454 bytes | Modified Date = 9/4/2001 2:39:28 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 6:51:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql2100) ql2100 [Kernel | Disabled | Stopped] ->  -> File not found
(sglfb) sglfb [Kernel | System | Stopped] ->  -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(SSFS0BB8) Spy Sweeper File System Filer Driver: 0BB8 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SSFS0BB8.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 20280 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 21816 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 163128 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 23864 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(tga) tga [Kernel | System | Stopped] ->  -> File not found
(UdfReadr) UdfReadr [File_System | System | Running] -> %SystemRoot%\system32\drivers\UdfReadr.sys -> Roxio [Ver = 5.10 (105) | Size = 214240 bytes | Modified Date = 9/4/2001 4:44:50 PM | Attr =	]
(ultra66) ultra66 [Kernel | Disabled | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AdaptecDirectCD -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.10 (105) | Size = 655360 bytes | Modified Date = 9/4/2001 3:31:50 PM | Attr =	]
AtiPTA -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 4.11.2446 | Size = 151552 bytes | Modified Date = 12/2/1999 4:52:38 PM | Attr =	]
CreateCD50 -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe -> Roxio [Ver = 5.1 (50) | Size = 110592 bytes | Modified Date = 9/4/2001 5:52:38 PM | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr =	]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 12/10/2002 4:54:04 PM | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr =	]
OLPSYNCH -> %ProgramFiles%\Offline Course Player\OlpSynch.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 5/19/2005 1:04:02 AM | Attr =	]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 5361464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 2:07:30 PM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/15/2006 6:58:38 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/23/2007 9:57:36 AM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 2:22:56 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk -> %ProgramFiles%\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe -> SafeNet [Ver = 10.1.1 (Build 10) | Size = 57396 bytes | Modified Date = 8/20/2003 2:52:50 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 206088 bytes | Modified Date = 6/28/2007 12:51:48 PM | Attr =	]
WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 219448 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< HOSTS File > (66 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> 
192.168.18.52	erp -> -> 
192.168.18.62	nerp -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4189 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5361 domain(s) found. -> 
1204 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 2:21:52 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/3/2007 8:14:32 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 10:01:28 AM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 4:48:58 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 222472 bytes | Modified Date = 6/28/2007 12:51:52 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{BA75519E-2643-4D50-A0FF-4087FAD4339C} ->	() -> 
{CE4ADC2E-C6CA-4B25-9C40-2612546A8E71} ->	(3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) -> 
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
saphtmlp:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 6405.5.18.11 | Size = 42496 bytes | Modified Date = 3/7/2006 8:16:06 AM | Attr =	]
sapr3:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 6405.5.18.11 | Size = 42496 bytes | Modified Date = 3/7/2006 8:16:06 AM | Attr =	]
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 844048 bytes | Modified Date = 9/17/2003 10:01:28 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE}[HKEY_LOCAL_MACHINE] -> http://www.kumudam.com/wfplayer/tdserver.cab[TDServer Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{8FEFF364-6A5F-4966-A917-A3AC28411659}[HKEY_LOCAL_MACHINE] -> http://download.sopcast.com/download/SOPCORE.CAB[SopCore Control] -> 
{A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C}[HKEY_LOCAL_MACHINE] -> http://66.184.29.86/plugin/h263ctrl.cab[VaPgCtrl Class] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab[GpcContainer Class] -> 
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}[HKEY_LOCAL_MACHINE] -> https://secure.logmein.com/activex/RACtrl.cab[Performance Viewer Activex Control] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.00.2195.6680 | Size = 117520 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 212752 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.00.2195.6680 | Size = 117520 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
schannel -> %SystemRoot%\system32\SCHANNEL.DLL -> Microsoft Corporation [Ver = 5.00.2195.6705 | Size = 147728 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 248 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.00.2195.6704 | Size = 114448 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINNT\system32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 102672 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINNT\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 5.00.0984 | Size = 10000 bytes | Modified Date = 5/8/2001 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINNT\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 5/8/2001 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINNT\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.00.2195.6708 | Size = 441616 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Allows remote registry manipulation. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINNT\system32\regsvc.exe [%SystemRoot%\system32\regsvc.exe] -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.00.2195.6702 | Size = 239376 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
TcpIp ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Allows a remote user to log on to the system and run console programs using the command line. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINNT\system32\tlntsvr.exe [%SystemRoot%\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.00.99206.1 | Size = 186128 bytes | Modified Date = 6/19/2003 11:05:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/1/2008 10:10:24 AM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/1/2008 10:47:46 AM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Created Date = 2/17/2008 3:28:06 PM | Attr =	]
SSFS0BB8.sys -> %SystemRoot%\System32\drivers\SSFS0BB8.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 20280 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 21816 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 163128 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
CloseAll.exe -> %SystemRoot%\System32\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Modified Date = 1/25/2008 6:58:28 PM | Attr =	]
ProxySettings.ini -> %SystemRoot%\System32\ProxySettings.ini ->  [Ver =  | Size = 104 bytes | Modified Date = 2/6/2005 9:02:46 AM | Attr =	]
SDEarlyDelete.exe -> %SystemRoot%\System32\SDEarlyDelete.exe ->  [Ver =  | Size = 6144 bytes | Modified Date = 1/30/2008 11:03:28 AM | Attr =	]
ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.56 | Size = 16184 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 219448 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll ->  [Ver =  | Size = 26424 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr =	]
ShellIconCache -> %SystemRoot%\ShellIconCache ->  [Ver =  | Size = 746994 bytes | Modified Date = 3/1/2008 2:18:53 PM | Attr =  H ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 1521464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/17/2008 1:42:18 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/17/2008 3:58:47 PM | Attr =	]
Webroot -> %AllUsersProfile%\Application Data\Webroot ->  [Folder | Created Date = 2/17/2008 6:28:26 PM | Attr =	]
Webroot -> %AppData%\Webroot ->  [Folder | Created Date = 2/17/2008 6:28:26 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1632 bytes | Modified Date = 2/17/2008 1:42:33 PM | Attr =	]
Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk ->  [Ver =  | Size = 1492 bytes | Modified Date = 2/17/2008 6:28:41 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/29/2008 6:15:56 AM | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 1802378 bytes | Modified Date = 2/24/2008 4:10:10 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 1008038 bytes | Modified Date = 2/29/2008 2:23:06 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1590 bytes | Modified Date = 2/19/2008 8:40:22 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/19/2008 8:40:13 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Created Date = 3/1/2008 1:27:15 PM | Attr =	]
sap_workflow.pdf -> %UserProfile%\Desktop\sap_workflow.pdf ->  [Ver =  | Size = 4171635 bytes | Modified Date = 2/8/2008 9:25:47 AM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Created Date = 2/15/2008 12:57:27 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/17/2008 3:59:24 PM | Attr =	]
spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/17/2008 3:56:16 PM | Attr =	]
spywaredetectorb.exe -> %UserProfile%\Desktop\spywaredetectorb.exe -> Max Secure Software										  [Ver = 19.0.0.056		   | Size = 9643128 bytes | Modified Date = 2/17/2008 3:12:03 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/18/2008 5:55:20 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 2/18/2008 8:13:27 PM | Attr =	]
structural_authorizations_step_by_step.doc -> %UserProfile%\Desktop\structural_authorizations_step_by_step.doc ->  [Ver =  | Size = 1191936 bytes | Modified Date = 2/9/2008 11:46:11 PM | Attr =	]
wininet.zip -> %UserProfile%\Desktop\wininet.zip ->  [Ver =  | Size = 321707 bytes | Modified Date = 2/15/2008 1:01:39 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/29/2008 9:31:18 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481772 bytes | Modified Date = 2/29/2008 6:16:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/17/2008 1:41:44 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/1/2008 1:49:58 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/1/2008 10:47:46 AM | Attr =	]
HJT -> %SystemDrive%\HJT ->  [Folder | Modified Date = 2/17/2008 3:32:02 PM | Attr =	]
My Music -> %SystemDrive%\My Music ->  [Folder | Modified Date = 2/8/2008 3:30:41 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/1/2008 1:46:22 PM | Attr =	]
WINNT -> %SystemRoot% ->  [Folder | Modified Date = 3/1/2008 10:34:22 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/18/2008 1:34:41 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 66 bytes | Modified Date = 2/19/2008 8:34:43 PM | Attr =	]
hosts.backup -> %SystemRoot%\System32\drivers\etc\hosts.backup ->  [Ver =  | Size = 66 bytes | Modified Date = 2/15/2008 1:18:03 PM | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 8028192 bytes | Modified Date = 3/1/2008 2:19:34 PM | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 110684 bytes | Modified Date = 3/1/2008 2:19:34 PM | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 133920 bytes | Modified Date = 3/1/2008 2:19:34 PM | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 14672 bytes | Modified Date = 3/1/2008 2:19:34 PM | Attr =  HS]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/5/2008 7:30:45 PM | Attr = RHS]
2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/1/2008 1:46:22 PM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 3/2/2008 10:34:29 AM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2/21/2008 5:54:20 PM | Attr =  HS]
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/1/2008 1:27:33 PM | Attr =   S]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/20/2008 6:35:07 PM | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 2/8/2008 2:17:45 PM | Attr =	]
saplogon.ini -> %SystemRoot%\saplogon.ini ->  [Ver =  | Size = 1432 bytes | Modified Date = 2/8/2008 10:21:24 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 3/2/2008 10:33:32 AM | Attr =	]
ShellIconCache -> %SystemRoot%\ShellIconCache ->  [Ver =  | Size = 746994 bytes | Modified Date = 3/1/2008 2:18:53 PM | Attr =  H ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/17/2008 3:13:45 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/2/2008 10:36:07 AM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/2/2008 10:37:28 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2/17/2008 4:39:54 PM | Attr =   S]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2/19/2008 8:15:53 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/2/2008 10:33:21 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 11670 bytes | Modified Date = 3/15/2006 9:13:14 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 4/26/2007 3:25:39 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5368 bytes | Modified Date = 1/26/2007 3:25:39 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 9/5/2004 10:05:44 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2/17/2008 1:29:01 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/17/2008 1:43:21 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/17/2008 4:00:17 PM | Attr =	]
Webroot -> %AllUsersProfile%\Application Data\Webroot ->  [Folder | Modified Date = 2/17/2008 6:28:26 PM | Attr =	]
Lavasoft -> %AppData%\Lavasoft ->  [Folder | Modified Date = 2/17/2008 1:32:05 PM | Attr =	]
Webroot -> %AppData%\Webroot ->  [Folder | Modified Date = 2/17/2008 6:28:26 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1632 bytes | Modified Date = 2/17/2008 1:42:33 PM | Attr =	]
Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk ->  [Ver =  | Size = 1492 bytes | Modified Date = 2/17/2008 6:28:41 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/29/2008 6:15:56 AM | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 1802378 bytes | Modified Date = 2/24/2008 4:10:10 AM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 1008038 bytes | Modified Date = 2/29/2008 2:23:06 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1590 bytes | Modified Date = 2/19/2008 8:40:22 PM | Attr =	]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/19/2008 8:40:13 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 3/1/2008 1:27:19 PM | Attr =	]
sap_workflow.pdf -> %UserProfile%\Desktop\sap_workflow.pdf ->  [Ver =  | Size = 4171635 bytes | Modified Date = 2/8/2008 9:25:47 AM | Attr =	]
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix ->  [Folder | Modified Date = 3/1/2008 1:25:53 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 799 bytes | Modified Date = 2/17/2008 3:59:24 PM | Attr =	]
spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/17/2008 3:56:16 PM | Attr =	]
spywaredetectorb.exe -> %UserProfile%\Desktop\spywaredetectorb.exe -> Max Secure Software										  [Ver = 19.0.0.056		   | Size = 9643128 bytes | Modified Date = 2/17/2008 3:12:03 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/18/2008 5:55:20 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 2/18/2008 8:13:27 PM | Attr =	]
structural_authorizations_step_by_step.doc -> %UserProfile%\Desktop\structural_authorizations_step_by_step.doc ->  [Ver =  | Size = 1191936 bytes | Modified Date = 2/9/2008 11:46:11 PM | Attr =	]
wininet.zip -> %UserProfile%\Desktop\wininet.zip ->  [Ver =  | Size = 321707 bytes | Modified Date = 2/15/2008 1:01:39 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/1/2008 10:46:10 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481772 bytes | Modified Date = 2/29/2008 6:16:34 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/17/2008 1:41:44 PM | Attr =	]

< End of report >


Thanks

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 02 March 2008 - 03:11 PM

Hi YARO. I see no signs of viruses or malware in that log either. What is the exact text of the popups?

Let's also try an online scan and see if it shows anything.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 04 March 2008 - 07:15 PM

Hi OldTimer,

I will run the F-Secure Online Scanner and provide your the results this friday as I am on travelling job.

Thanks

#11 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 09 March 2008 - 03:45 PM

Hi OldTimer,

I will run the F-Secure Online Scanner and provide your the results this friday as I am on travelling job.

Thanks


Hi OldTimer,

I tried running F-Secure Online and every time I run it, the following error is displayed. I have attached both the scanner log and error image.

Thanks

Scanning Report
Friday, March 07, 2008 18:58:39 - 19:38:21
Computer name: GIG-HITECH
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
FraudTool.Win32.SpywareDetector (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 12893
System: 3658
Not scanned: 1
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.20.0
F-Secure Hydra: 2.6.7470, 2008-03-07
F-Secure AVP: 7.0.171, 2008-03-07
F-Secure Pegasus: 1.20.0, 2008-02-03
F-Secure Blacklight: 1.0.64
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Attached Files



#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 09 March 2008 - 06:07 PM

Hi YARO. That's Ok. Everything already came up clean in the logs. How are things running? Any more issues?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 14 March 2008 - 01:30 PM

Hi OldTimer,

I am not facing the error that I faced earlier ( Red X mark on the systray ). Thank you so much for your help.

Thanks
Yaro

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:52 PM

Posted 14 March 2008 - 03:38 PM

That's good news YARO. Then let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • OTScanIt will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • OTScanIt will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 YARO

YARO
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 15 March 2008 - 10:29 AM

Hi OldTimer,

As I am using a Win2000 OS desktop PC, I am not sure whether the System Restore options are available.

I went ahead and ran step 2 : "To remove all of the tools" and I get the following in log file.

< End of fix log >
WinPFind35U Version 1.0.2.2 fix logfile created on 03152008_113128

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users