Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Can't Get Rid Of Ssqpm


  • Please log in to reply
61 replies to this topic

#1 sonofthor

sonofthor

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 24 February 2008 - 07:53 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:12 AM, on 2008-02-24
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent .exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [38835fa6] rundll32.exe "C:\WINDOWS\system32\qdnmgwqt.dll",b
O4 - HKLM\..\Run: [BM3bb06c3a] Rundll32.exe "C:\WINDOWS\system32\bddcyyyg.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA2635] command /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9709] cmd /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9832] command /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7614] cmd /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5302] command /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1809] cmd /c del "C:\WINDOWS\SYSTEM32\ssqpm.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ouqw] C:\PROGRA~1\COMMON~1\ouqw\ouqwm .exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202619153125
O23 - Service: McAfee Application Installer Cleanup (0058921203814018) (0058921203814018mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\005892~1.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9165 bytes

BC AdBot (Login to Remove)

 


#2 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 26 February 2008 - 01:36 PM

Hello, I think I have Virtumonde- I get popups, and web sites launch on their own... some thing is lowering IE security settings to allow all, I reset and it goes back and changes them. I clean the system and it comes back.
I have tried Vundofix, combofix, VirtumundoBegone...ect. and it comes back. I have put the three or four main web sites in not trusted sites and IE still loades them ?
any help would be great !

Thank you
Paul

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 03 March 2008 - 12:12 AM

Hi and welcome,

sorry for delay.

Indeed you have virtumonde amongst some other nasties.

If you still need help please post fresh hijackthis log here and let me know how the system is running.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#4 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 March 2008 - 02:12 PM

Thank you ! I will post a log tonight when I get home !

#5 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 March 2008 - 08:02 PM

Here is a fresh log...
P.S. some one else replied to my plea for hep and they moved and closed mypost ? so I hope you can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:33 PM, on 2008-03-03
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent .exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ouqw] C:\PROGRA~1\COMMON~1\ouqw\ouqwm .exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202619153125
O23 - Service: McAfee Application Installer Cleanup (0048871204174947) (0048871204174947mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\004887~1.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8159 bytes

#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 04 March 2008 - 02:35 AM

Hi,

Thanks for the log.
Keep with this thread please. :blink:

Since you have tried running combofix -- we'll carry on with that.

Make sure you have the latest Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Let it overwrite the current one.

Disable McAfee antivirus, antispyware including its wormguards and so on.
Disconnect from internet.

Start Hijackthis, run system scan and check this entry:

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat

Say OK, exit Hijackthis then reboot to SAFE mode.

Run Combofix and let it run to completion while staying disconnected from internet

Once Combofix completes and makes a log you can re-enable McAfee and reconnect to internet to post the ComboFix log.

Log is located here:

C:\Combofix.txt.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 04 March 2008 - 08:13 AM

I hope I did this right ?

ComboFix 08-03-04.2 - Paul Thorson 2008-03-04 7:28:05.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Tyler Thorson\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BM3bb06c3a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abtfyktc.dll
C:\WINDOWS\system32\aifnpovm.dll
C:\WINDOWS\SYSTEM32\auvvlexl.ini
C:\WINDOWS\system32\bmmomubt.dll
C:\WINDOWS\SYSTEM32\bukgsjox.ini
C:\WINDOWS\SYSTEM32\cpokfdae.ini
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\SYSTEM32\dbycwstg.ini
C:\WINDOWS\system32\duwoacle.dll
C:\WINDOWS\SYSTEM32\ehyxgppv.ini
C:\WINDOWS\system32\fnvwxfnl.dll
C:\WINDOWS\SYSTEM32\fxinapxj.ini
C:\WINDOWS\system32\fxqhtudw.dll
C:\WINDOWS\SYSTEM32\hdfiniwi.ini
C:\WINDOWS\system32\hmqhftjo.dll
C:\WINDOWS\system32\iboojdwm.dll
C:\WINDOWS\system32\intttbjy.dll
C:\WINDOWS\system32\ipipxctx.dll
C:\WINDOWS\system32\iwinifdh.dll
C:\WINDOWS\system32\jrqmydjt.dll
C:\WINDOWS\system32\jsmvijbo.dll
C:\WINDOWS\SYSTEM32\lhijxuko.ini
C:\WINDOWS\SYSTEM32\lnfxwvnf.ini
C:\WINDOWS\system32\lxelvvua.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mpqss.ini
C:\WINDOWS\SYSTEM32\mpqss.ini2
C:\WINDOWS\system32\mqrwcxep.dll
C:\WINDOWS\system32\mvcoejew.dll
C:\WINDOWS\SYSTEM32\mvopnfia.ini
C:\WINDOWS\system32\nclaymjr.dll
C:\WINDOWS\system32\ngmfxbgh.dll
C:\WINDOWS\SYSTEM32\nitkcxkx.ini
C:\WINDOWS\system32\nkpmbexg.dll
C:\WINDOWS\system32\okuxjihl.dll
C:\WINDOWS\system32\pwcclrks.dll
C:\WINDOWS\system32\qbrmgnor.dll
C:\WINDOWS\system32\qfphuude.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpm.exe
C:\WINDOWS\SYSTEM32\tqwgmndq.ini
C:\WINDOWS\SYSTEM32\uikrqhqa.ini
C:\WINDOWS\system32\velibblx.dll
C:\WINDOWS\system32\vppgxyhe.dll
C:\WINDOWS\SYSTEM32\wneghwyw.ini
C:\WINDOWS\system32\wtlajvvc.dll
C:\WINDOWS\SYSTEM32\xlbbilev.ini
C:\WINDOWS\SYSTEM32\yjbtttni.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-02 18:29 . 2008-03-02 21:25 714 ---hs---- C:\WINDOWS\SYSTEM32\qygkkmgx.ini
2008-03-01 18:29 . 2008-03-02 13:02 594 ---hs---- C:\WINDOWS\SYSTEM32\mwfytveu.ini
2008-03-01 17:26 . 2008-03-01 17:27 474 ---hs---- C:\WINDOWS\SYSTEM32\cxytyrkm.ini
2008-02-29 17:23 . 2008-02-29 19:00 414 ---hs---- C:\WINDOWS\SYSTEM32\dwkfewur.ini
2008-02-28 17:20 . 2008-02-29 17:20 354 ---hs---- C:\WINDOWS\SYSTEM32\bmadyxoa.ini
2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 08:57 . 2008-02-15 20:43 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-20 08:49 . 2008-02-20 08:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 17:15 . 2008-02-18 17:13 2,145,582 --ahs---- C:\WINDOWS\SYSTEM32\qqosvlow.ini
2008-02-16 10:56 . 2008-02-21 07:10 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 10:56 . 2008-02-21 07:16 5,550 --a------ C:\WINDOWS\unins000.dat
2008-02-16 08:08 . 2008-02-27 20:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 08:08 . 2008-02-16 08:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 20:53 . 2008-02-15 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-15 20:53 . 2008-02-15 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 20:43 . 2008-02-20 08:58 <DIR> d-------- C:\Documents and Settings\Tyler Thorson\.housecall6.6
2008-02-13 20:55 . 2008-02-20 19:55 <DIR> d-------- C:\VundoFix Backups
2008-02-13 18:53 . 2008-02-13 18:54 2,212,261 --ahs---- C:\WINDOWS\SYSTEM32\akogjqdj.ini
2008-02-11 17:16 . 2008-02-13 18:45 2,242,746 --ahs---- C:\WINDOWS\SYSTEM32\rqhepqfd.ini
2008-02-10 01:15 . 2008-02-10 01:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-02-10 01:14 . 2007-12-01 00:26 15,360 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-02-10 00:55 . 2007-11-30 17:25 10,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-02-10 00:55 . 2007-11-30 17:24 9,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dumpdrv.sys
2008-02-10 00:46 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003063_.tmp
2008-02-09 23:37 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-02-09 23:37 . 2007-12-01 00:25 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-02-09 23:33 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-02-09 20:41 . 2003-01-13 13:50 151,552 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-02-09 20:26 . 2003-07-16 15:23 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-09 20:25 . 2007-12-01 00:22 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-09 20:24 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-02-09 20:24 . 2001-08-17 22:36 312,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqueue.dll
2008-02-09 20:24 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-02-09 20:24 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2008-02-09 20:24 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll
2008-02-09 20:24 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-02-09 20:06 . 2007-12-01 00:25 2,060,800 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2008-02-09 20:04 . 2007-11-30 17:30 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-02-09 20:04 . 2007-11-30 17:30 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-02-09 20:03 . 2007-11-30 17:24 57,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-02-09 20:03 . 2007-11-30 17:31 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-02-09 20:03 . 2007-11-30 17:28 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-02-09 20:00 . 2007-12-01 00:27 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-02-09 19:57 . 2007-12-01 00:27 146,432 --a------ C:\WINDOWS\SYSTEM\winspool.drv
2008-02-09 19:57 . 2007-12-01 00:26 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-02-09 19:57 . 2007-11-30 17:46 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-02-09 19:56 . 2003-07-16 15:39 1,086,182 -ra------ C:\WINDOWS\SET11E.tmp
2008-02-09 19:56 . 2003-07-16 15:39 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2008-02-09 19:56 . 2003-07-16 15:32 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2008-02-09 19:56 . 2003-07-16 15:37 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2008-02-09 19:56 . 2003-07-16 15:30 13,608 -ra------ C:\WINDOWS\SET12A.tmp
2008-02-09 19:56 . 2003-07-16 15:29 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2008-02-09 19:56 . 2003-07-16 15:29 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 -ra------ C:\WINDOWS\SET13C.tmp
2008-02-09 19:53 . 2008-02-09 23:39 1,321,300 --a------ C:\WINDOWS\setupapi.log.2.old
2008-02-05 20:40 . 2008-02-05 20:40 90,688 --a------ C:\WINDOWS\SYSTEM32\nowugdcu.dll
2008-02-05 20:13 . 2008-02-16 10:36 <DIR> d-------- C:\Program Files\Unlocker
2008-02-04 20:05 . 2008-02-21 09:32 <DIR> d-------- C:\Program Files\Norton Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 12:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-04 12:36 --------- d-----w C:\Program Files\iTunes
2008-02-28 05:02 --------- d-----w C:\Program Files\McAfee
2008-02-27 02:43 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\Corel
2008-02-23 15:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 23:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\SiteAdvisor
2008-02-20 12:40 --------- d-----w C:\Program Files\AIM6
2008-02-20 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-11 02:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\AdobeUM
2008-02-10 23:39 --------- d-----w C:\Program Files\QuickTime
2008-02-10 21:17 --------- d-----w C:\Program Files\iPod
2008-02-10 21:02 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Apple Computer
2008-02-10 01:42 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\SiteAdvisor
2008-02-09 20:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 03:24 --------- d-----w C:\Program Files\Google
2008-02-03 23:59 --------- d-----w C:\Program Files\Java
2008-02-03 23:56 --------- d-----w C:\Program Files\Common Files\Java
2008-01-31 01:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 05:24 --------- d-----w C:\Program Files\Dot1XCfg
2008-01-30 02:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\RCP 4
2008-01-24 11:51 --------- d-----w C:\Documents and Settings\Brooke\Application Data\RCP 4
2008-01-22 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-22 01:42 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\McAfee
2008-01-22 01:15 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-21 18:09 --------- d-----w C:\Documents and Settings\Brooke\Application Data\SiteAdvisor
2008-01-20 06:04 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-20 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-20 03:13 --------- d-----w C:\Program Files\DellSupport
2008-01-20 02:02 --------- d-----w C:\Program Files\SymNetDrv
2008-01-20 02:02 --------- d-----w C:\Program Files\Symantec
2008-01-19 12:13 --------- d-----w C:\Program Files\Common Files\ouqw
2008-01-19 05:45 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-19 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-19 04:20 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-01-19 04:18 --------- d-----w C:\Program Files\AIM
2008-01-15 07:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 02:00 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Aim
2008-01-15 00:19 --------- d-----w C:\Documents and Settings\Kelly Thorson\Application Data\HP
2008-01-14 00:43 --------- d-----w C:\Documents and Settings\Brooke\Application Data\HP
2003-05-08 14:20 207,758 -c--a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w			35,840 2008-01-19 01:38:08  C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq .exe
----a-w		 1,871,872 2008-01-19 18:15:46  C:\Program Files\Ahead\Nero BackItUp\NBJ	  .exe
----a-w		 1,871,872 2008-01-19 07:59:43  C:\Program Files\Ahead\Nero BackItUp\NBJ	 .exe
----a-w		 1,871,872 2008-01-19 07:59:50  C:\Program Files\Ahead\Nero BackItUp\NBJ	.exe
----a-w		 1,871,872 2008-01-19 07:59:56  C:\Program Files\Ahead\Nero BackItUp\NBJ   .exe
----a-w		 1,871,872 2008-01-19 08:00:01  C:\Program Files\Ahead\Nero BackItUp\NBJ  .exe
----a-w		 1,871,872 2008-01-19 08:00:05  C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
----a-w			50,528 2008-02-20 02:54:57  C:\Program Files\AIM6\aim6 .exe
----a-w		   159,832 2008-01-30 23:20:16  C:\Program Files\Common Files\aol\1137291409\ee\AOLHostManager .exe
----a-w		   185,896 2008-01-19 12:48:09  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			59,040 2008-01-19 04:49:31  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			32,768 2008-01-19 12:47:59  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w		   460,784 2008-01-19 04:58:36  C:\Program Files\DellSupport\DSAgnt .exe
----a-w		   258,120 2008-01-19 12:48:03  C:\Program Files\EPSON\Ink Monitor\InkMonitor .exe
----a-w			68,856 2008-01-19 04:58:43  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			80,896 2008-01-19 12:48:14  C:\Program Files\HP\Digital Imaging\bin\hpqSRMon .exe
----a-w			49,152 2008-01-19 12:48:10  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   267,048 2008-02-28 01:23:15  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		 1,160,480 2008-02-09 13:08:06  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w		   582,992 2008-02-28 01:20:57  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w		 1,694,208 2008-01-19 12:48:55  C:\Program Files\Messenger\msmsgs .exe
----a-w			53,248 2008-01-19 12:47:55  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w		   286,720 2008-01-19 04:29:53  C:\Program Files\QuickTime\QTTask	   .exe
----a-w		   286,720 2008-01-19 08:34:16  C:\Program Files\QuickTime\QTTask	  .exe
----a-w		   286,720 2008-01-19 08:34:17  C:\Program Files\QuickTime\QTTask	 .exe
----a-w		   286,720 2008-01-19 08:34:20  C:\Program Files\QuickTime\QTTask	.exe
----a-w		   286,720 2008-01-19 17:35:28  C:\Program Files\QuickTime\QTTask  .exe
----a-w		   286,720 2008-01-19 08:34:23  C:\Program Files\QuickTime\QTTask .exe
----a-w			36,640 2008-01-19 12:48:22  C:\Program Files\SiteAdvisor\6172\SiteAdv .exe
----a-w		 5,146,448 2008-02-28 01:23:30  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
----a-w		 2,097,488 2008-02-28 01:23:34  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		   158,208 2008-01-19 09:15:01  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w			15,360 2008-02-17 19:40:30  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2008-01-19 12:47:55  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2008-01-19 04:57:56  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   155,648 2008-01-19 12:47:58  C:\WINDOWS\SYSTEM32\NeroCheck .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"Aim6"="" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"ouqw"="C:\PROGRA~1\COMMON~1\ouqw\ouqwm .exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"BCMSMMSG"="BCMSMMSG.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM6\\aim6 .exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 0048871204174947mcinstcleanup;McAfee Application Installer Cleanup (0048871204174947);C:\WINDOWS\TEMP\004887~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\CBG54.sys [2005-11-01 03:13]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 15:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 06:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-09 13:13:19 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 07:51:45
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-04 7:57:56 - machine was rebooted [Tyler Thorson]
ComboFix-quarantined-files.txt 2008-03-04 12:57:51
.
2008-02-13 08:02:36 --- E O F ---

#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 05 March 2008 - 05:57 AM

Hi,

Sorry for taking longer than expected -- ISP acting like a nut again.

Yep. did it right :blink:

Quite the messy log. Might take a couple more rounds to complete all the repairs.
Next reboot will likely take a while since alot of your program files were infected -- and need replacing.
Most are not working at the moment because comboFix removed the infected files -- Now its just to repair working ones and clean up rest of the leftover slush.
I'm not repairing spybot files at this time because I cannot be sure the backed up ones are legit.

I'll get you to uninstall spybot first before doing below.
Reboot

then ......

Open notepad and copy/paste the text in the code box below into it:

file::
C:\WINDOWS\SYSTEM32\qygkkmgx.ini
C:\WINDOWS\SYSTEM32\mwfytveu.ini
C:\WINDOWS\SYSTEM32\cxytyrkm.ini
C:\WINDOWS\SYSTEM32\dwkfewur.ini
C:\WINDOWS\SYSTEM32\bmadyxoa.ini
C:\WINDOWS\SYSTEM32\qqosvlow.ini
C:\WINDOWS\SYSTEM32\akogjqdj.ini
C:\WINDOWS\SYSTEM32\rqhepqfd.ini
C:\WINDOWS\SYSTEM32\nowugdcu.dll
C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ	  .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ	 .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ	.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ   .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ  .exe
C:\Program Files\QuickTime\QTTask	   .exe
C:\Program Files\QuickTime\QTTask	  .exe
C:\Program Files\QuickTime\QTTask	 .exe
C:\Program Files\QuickTime\QTTask	.exe
C:\Program Files\QuickTime\QTTask  .exe
folder::
C:\Program Files\Dot1XCfg
C:\Program Files\Router
C:\PROGRA~1\COMMON~1\ouqw
renv::
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Common Files\aol\1137291409\ee\AOLHostManager .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\McAfee\MHN\McENUI .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\SiteAdvisor\6172\SiteAdv .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\NeroCheck .exe
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dot1XCfg"=-
"Router"=-
"ouqw"=-

Save this as CFScript.txt to your desktop.

Boot to SAFE mode.

Drag CFScript.txt on top of ComboFix.exe

like this:

Posted Image

Post the new ComboFix.txt please.

Let me know how system is running.

Hold off on installing Spybot again please -- especially the teatimer option till we are done please.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 05 March 2008 - 09:16 AM

:thumbsup: This is what happens when you try to multitask... Combofix froze this last time before it generated a log file... so I loged off (to see if it would re-start itself) and it came back up in safe mode and did it's thing but it wanted to submit a zip file to bleepingcomputer.com... I copied and past just like it wanted, but... I was in safe mode ! no internet ! so it was not able to send it. I restarted and found this log... sorry :blink:
P.S. It seems to be running better, but I have not really used the computer till you give it a clean bill of health !
P.S.S. When it rebooted this last time it wanted to run --- c:\Documents and settings\Paul Thorson\Local Settings\Temp\rbSolnUpdateENU.2.6.0.exe
Win32 Cabinet Self-Extractor....McAfee asked and I blocked it (not sure what it was)

Thank You for your help so far !

ComboFix 08-03-04.5 - Paul Thorson 2008-03-05 7:47:03.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.596 [GMT -5:00]
Running from: C:\Documents and Settings\Paul Thorson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Thorson\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\WINDOWS\SYSTEM32\akogjqdj.ini
C:\WINDOWS\SYSTEM32\bmadyxoa.ini
C:\WINDOWS\SYSTEM32\cxytyrkm.ini
C:\WINDOWS\SYSTEM32\dwkfewur.ini
C:\WINDOWS\SYSTEM32\mwfytveu.ini
C:\WINDOWS\SYSTEM32\nowugdcu.dll
C:\WINDOWS\SYSTEM32\qqosvlow.ini
C:\WINDOWS\SYSTEM32\qygkkmgx.ini
C:\WINDOWS\SYSTEM32\rqhepqfd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq .exe
C:\PROGRA~1\COMMON~1\ouqw
C:\PROGRA~1\COMMON~1\ouqw\ouqwa.lck
C:\PROGRA~1\COMMON~1\ouqw\ouqwd\class-barrel
C:\PROGRA~1\COMMON~1\ouqw\ouqwd\vocabulary
C:\PROGRA~1\COMMON~1\ouqw\ouqwh
C:\PROGRA~1\COMMON~1\ouqw\ouqwl.lck
C:\PROGRA~1\COMMON~1\ouqw\ouqwm.lck
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Dot1XCfg
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\WINDOWS\SYSTEM32\akogjqdj.ini
C:\WINDOWS\SYSTEM32\bmadyxoa.ini
C:\WINDOWS\SYSTEM32\cxytyrkm.ini
C:\WINDOWS\SYSTEM32\dwkfewur.ini
C:\WINDOWS\SYSTEM32\mwfytveu.ini
C:\WINDOWS\SYSTEM32\nowugdcu.dll
C:\WINDOWS\SYSTEM32\qqosvlow.ini
C:\WINDOWS\SYSTEM32\qygkkmgx.ini
C:\WINDOWS\SYSTEM32\rqhepqfd.ini

.
--------------- FMove ---------------

.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 08:57 . 2008-02-15 20:43 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-20 08:49 . 2008-02-20 08:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 08:08 . 2008-02-27 20:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 08:08 . 2008-02-16 08:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 20:53 . 2008-02-15 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-15 20:53 . 2008-02-15 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 20:43 . 2008-02-20 08:58 <DIR> d-------- C:\Documents and Settings\Tyler Thorson\.housecall6.6
2008-02-13 20:55 . 2008-02-20 19:55 <DIR> d-------- C:\VundoFix Backups
2008-02-10 01:15 . 2008-02-10 01:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-02-10 01:14 . 2007-12-01 00:26 15,360 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-02-10 00:55 . 2007-11-30 17:25 10,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-02-10 00:55 . 2007-11-30 17:24 9,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dumpdrv.sys
2008-02-10 00:46 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003063_.tmp
2008-02-09 23:37 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-02-09 23:37 . 2007-12-01 00:25 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-02-09 23:33 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-02-09 20:41 . 2003-01-13 13:50 151,552 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-02-09 20:26 . 2003-07-16 15:23 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-09 20:25 . 2007-12-01 00:22 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-09 20:24 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-02-09 20:24 . 2001-08-17 22:36 312,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqueue.dll
2008-02-09 20:24 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-02-09 20:24 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2008-02-09 20:24 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll
2008-02-09 20:24 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-02-09 20:06 . 2007-12-01 00:25 2,060,800 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2008-02-09 20:04 . 2007-11-30 17:30 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-02-09 20:04 . 2007-11-30 17:30 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-02-09 20:03 . 2007-11-30 17:24 57,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-02-09 20:03 . 2007-11-30 17:31 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-02-09 20:03 . 2007-11-30 17:28 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-02-09 20:00 . 2007-12-01 00:27 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-02-09 19:57 . 2007-12-01 00:27 146,432 --a------ C:\WINDOWS\SYSTEM\winspool.drv
2008-02-09 19:57 . 2007-12-01 00:26 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-02-09 19:57 . 2007-11-30 17:46 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-02-09 19:56 . 2003-07-16 15:39 1,086,182 -ra------ C:\WINDOWS\SET11E.tmp
2008-02-09 19:56 . 2003-07-16 15:39 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2008-02-09 19:56 . 2003-07-16 15:32 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2008-02-09 19:56 . 2003-07-16 15:37 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2008-02-09 19:56 . 2003-07-16 15:30 13,608 -ra------ C:\WINDOWS\SET12A.tmp
2008-02-09 19:56 . 2003-07-16 15:29 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2008-02-09 19:56 . 2003-07-16 15:29 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 -ra------ C:\WINDOWS\SET13C.tmp
2008-02-09 19:53 . 2008-02-09 23:39 1,321,300 --a------ C:\WINDOWS\setupapi.log.2.old
2008-02-05 20:13 . 2008-02-16 10:36 <DIR> d-------- C:\Program Files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 12:47 --------- d-----w C:\Program Files\QuickTime
2008-03-05 12:46 --------- d-----w C:\Program Files\iTunes
2008-03-05 12:46 --------- d-----w C:\Program Files\DellSupport
2008-03-05 12:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 12:46 --------- d-----w C:\Program Files\AIM6
2008-03-05 12:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 12:35 --------- d-----w C:\Program Files\McAfee
2008-03-05 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 02:43 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\Corel
2008-02-21 23:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\SiteAdvisor
2008-02-21 14:32 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-20 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-17 19:40 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-02-11 02:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\AdobeUM
2008-02-10 21:17 --------- d-----w C:\Program Files\iPod
2008-02-10 21:02 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Apple Computer
2008-02-10 01:42 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\SiteAdvisor
2008-02-09 20:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 03:24 --------- d-----w C:\Program Files\Google
2008-02-03 23:59 --------- d-----w C:\Program Files\Java
2008-02-03 23:56 --------- d-----w C:\Program Files\Common Files\Java
2008-01-31 01:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 02:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\RCP 4
2008-01-24 11:51 --------- d-----w C:\Documents and Settings\Brooke\Application Data\RCP 4
2008-01-22 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-22 01:42 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\McAfee
2008-01-22 01:15 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-21 18:09 --------- d-----w C:\Documents and Settings\Brooke\Application Data\SiteAdvisor
2008-01-20 06:04 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-20 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-20 02:02 --------- d-----w C:\Program Files\SymNetDrv
2008-01-20 02:02 --------- d-----w C:\Program Files\Symantec
2008-01-19 12:47 155,648 ----a-w C:\WINDOWS\SYSTEM32\NeroCheck.exe
2008-01-19 12:47 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-19 09:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-19 05:45 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-19 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-19 04:57 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-19 04:20 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-01-19 04:18 --------- d-----w C:\Program Files\AIM
2008-01-15 07:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 02:00 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Aim
2008-01-15 00:19 --------- d-----w C:\Documents and Settings\Kelly Thorson\Application Data\HP
2008-01-14 00:43 --------- d-----w C:\Documents and Settings\Brooke\Application Data\HP
2003-05-08 14:20 207,758 -c--a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w		   582,992 2008-02-28 01:20:57  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w		 5,146,448 2008-02-28 01:23:30  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
----a-w		 2,097,488 2008-02-28 01:23:34  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [ ]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-18 23:57 155648]
"BCMSMMSG"="BCMSMMSG.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2008-01-19 07:47 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-19 07:47 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-19 07:47 32768]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2008-01-19 07:48 258120]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-19 07:48 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-01-19 07:48 80896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2008-01-19 07:48 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-02-09 08:08 1160480]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-19 03:34 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-27 20:23 267048]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-19 07:47 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 07:48 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\CBG54.sys [2005-11-01 03:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 15:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 06:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-09 13:13:19 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 08:06:59
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2008-03-05 8:08:48 - machine was rebooted [Paul Thorson]
ComboFix-quarantined-files.txt 2008-03-05 13:07:56
ComboFix2.txt 2008-03-04 12:57:57
.
2008-02-13 08:02:36 --- E O F ---

Edited by SNOWHITE, 05 March 2008 - 12:53 PM.


#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 05 March 2008 - 01:54 PM

Hi,

Yeah -- no internet in safe mode. :wacko:

I got the file. Thanks.

If you get that submit thing again -- please don't attach to forum because anyone can download -- and those submits from combofix usually contain malicious files.

You can upload submits here:

http://www.bleepingcomputer.com/submit-mal....php?channel=20

Only authorized people have access to those. :thumbsup:

Looks like we are nearly there.

Prolly good to have blocked "rbSolnUpdateENU.2.6.0.exe". I have no clue what that is. lol
Were you installing something from CD drive perhaps? (is this drive D:\ ? )

I ask because of this:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

Basically looks as though you had a CD that when inserted ran a setup program.

I'll take it out (because it is very common to other infections) -- no harm if I do -- more harm if it is/was malware.
If it was a legit entry -- next time you insert that CD you can run the installer from it.

-----------------------------------------

OK --- enough babbling -- onto more fixing.
Lot smaller one this time. Mostly things I missed first time around. :blink:

1.) Download this file to your desktop and run it:

http://downloads.subratam.org/ResetTeaTimer.bat

Let it do its thing.
This will reset TeaTimer.
I need to do this because next step will replace TeaTimer files so it can run again. (the backed up ones I see now are OK)
And I don't wanna chance it putting bad registry entries back we fought to remove.

2.) Copy the following text to a new notepad file.

file::
C:\Program Files\McAfee.com\Agent\mcagent .exe
renv::
C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=-
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"=-
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"SunJavaUpdateSched"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

Save as file name CFScript.txt to your desktop.

Shut down Mcafee & disconnect from internet.

Drag CFScript on top of combofix and let it run.
It shouldn't need to reboot you this time.
Reboot anyways please.

Post C:\combofix.txt and a new hijackthis log please.

Let me know how system is running. Floppy drive still acting squirrly?
Do you still have a Broadcom modem and does it work properly?

Thanks :)
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#11 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 05 March 2008 - 10:22 PM

Combofix wanted to go to the internet even though I had it off, and Mcafee blocked it even though I had it off ?...
anyway, her is the logs....


ComboFix 08-03-04.5 - Paul Thorson 2008-03-05 21:51:50.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.387 [GMT -5:00]
Running from: C:\Documents and Settings\Paul Thorson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Thorson\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\McAfee.com\Agent\mcagent .exe
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-22 19:41 . 2008-02-22 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 08:57 . 2008-02-15 20:43 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-02-20 08:49 . 2008-02-20 08:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 08:08 . 2008-03-05 08:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-16 08:08 . 2008-02-16 08:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 20:53 . 2008-02-15 20:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-15 20:53 . 2008-02-15 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-15 20:43 . 2008-02-20 08:58 <DIR> d-------- C:\Documents and Settings\Tyler Thorson\.housecall6.6
2008-02-13 20:55 . 2008-02-20 19:55 <DIR> d-------- C:\VundoFix Backups
2008-02-10 01:15 . 2008-02-10 01:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-02-10 01:14 . 2007-12-01 00:26 15,360 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-02-10 00:55 . 2007-11-30 17:25 10,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-02-10 00:55 . 2007-11-30 17:24 9,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dumpdrv.sys
2008-02-10 00:46 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003063_.tmp
2008-02-09 23:37 . 2007-12-01 00:26 354,304 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-02-09 23:37 . 2007-12-01 00:25 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-02-09 23:33 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-02-09 20:41 . 2003-01-13 13:50 151,552 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-02-09 20:26 . 2003-07-16 15:23 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-09 20:25 . 2007-12-01 00:22 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-09 20:24 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-02-09 20:24 . 2001-08-17 22:36 312,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqueue.dll
2008-02-09 20:24 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-02-09 20:24 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2008-02-09 20:24 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll
2008-02-09 20:24 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-02-09 20:09 . 2008-02-09 20:09 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-02-09 20:06 . 2007-12-01 00:25 2,060,800 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2008-02-09 20:04 . 2007-11-30 17:30 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-02-09 20:04 . 2007-11-30 17:30 6,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-02-09 20:03 . 2007-11-30 17:24 57,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-02-09 20:03 . 2007-11-30 17:31 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-02-09 20:03 . 2007-11-30 17:28 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-02-09 20:00 . 2007-12-01 00:27 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-02-09 19:57 . 2007-12-01 00:27 146,432 --a------ C:\WINDOWS\SYSTEM\winspool.drv
2008-02-09 19:57 . 2007-12-01 00:26 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:46 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-02-09 19:57 . 2003-07-16 15:30 13,312 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\irclass.dll
2008-02-09 19:57 . 2007-11-30 17:46 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-02-09 19:56 . 2003-07-16 15:39 1,086,182 -ra------ C:\WINDOWS\SET11E.tmp
2008-02-09 19:56 . 2003-07-16 15:39 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2008-02-09 19:56 . 2003-07-16 15:32 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2008-02-09 19:56 . 2003-07-16 15:37 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2008-02-09 19:56 . 2003-07-16 15:30 13,608 -ra------ C:\WINDOWS\SET12A.tmp
2008-02-09 19:56 . 2003-07-16 15:29 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2008-02-09 19:56 . 2003-07-16 15:29 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2008-02-09 19:56 . 2003-07-16 15:54 7,046 -ra------ C:\WINDOWS\SET13C.tmp
2008-02-09 19:53 . 2008-02-09 23:39 1,321,300 --a------ C:\WINDOWS\setupapi.log.2.old

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 02:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 12:47 --------- d-----w C:\Program Files\QuickTime
2008-03-05 12:46 --------- d-----w C:\Program Files\iTunes
2008-03-05 12:46 --------- d-----w C:\Program Files\DellSupport
2008-03-05 12:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-05 12:46 --------- d-----w C:\Program Files\AIM6
2008-03-05 12:35 --------- d-----w C:\Program Files\McAfee
2008-03-05 12:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 02:43 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\Corel
2008-02-21 23:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\SiteAdvisor
2008-02-21 14:32 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-20 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-17 19:40 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-02-16 15:36 --------- d-----w C:\Program Files\Unlocker
2008-02-11 02:19 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\AdobeUM
2008-02-10 21:17 --------- d-----w C:\Program Files\iPod
2008-02-10 21:02 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Apple Computer
2008-02-10 01:42 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\SiteAdvisor
2008-02-09 20:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-09 19:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 03:24 --------- d-----w C:\Program Files\Google
2008-02-03 23:59 --------- d-----w C:\Program Files\Java
2008-02-03 23:56 --------- d-----w C:\Program Files\Common Files\Java
2008-01-31 01:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 02:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\RCP 4
2008-01-24 11:51 --------- d-----w C:\Documents and Settings\Brooke\Application Data\RCP 4
2008-01-22 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-22 01:42 --------- d-----w C:\Documents and Settings\Tyler Thorson\Application Data\McAfee
2008-01-22 01:15 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-21 18:09 --------- d-----w C:\Documents and Settings\Brooke\Application Data\SiteAdvisor
2008-01-20 06:04 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-20 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-20 02:02 --------- d-----w C:\Program Files\SymNetDrv
2008-01-20 02:02 --------- d-----w C:\Program Files\Symantec
2008-01-19 12:47 155,648 ----a-w C:\WINDOWS\SYSTEM32\NeroCheck.exe
2008-01-19 12:47 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-19 09:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-19 05:45 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-19 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-19 04:57 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-19 04:20 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-01-19 04:18 --------- d-----w C:\Program Files\AIM
2008-01-15 07:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 02:00 --------- d-----w C:\Documents and Settings\Paul Thorson\Application Data\Aim
2008-01-15 00:19 --------- d-----w C:\Documents and Settings\Kelly Thorson\Application Data\HP
2008-01-14 00:43 --------- d-----w C:\Documents and Settings\Brooke\Application Data\HP
2003-05-08 14:20 207,758 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_ 8.07.34.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-05 10:29:41 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-03-06 00:16:36 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-03-05 10:29:41 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-03-06 00:16:36 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-03-05 10:29:41 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-06 00:16:36 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-18 23:57 155648]
"BCMSMMSG"="BCMSMMSG.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2008-01-19 07:47 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-19 07:47 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-19 07:47 32768]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2008-01-19 07:48 258120]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-19 07:48 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-01-19 07:48 80896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-02-27 20:20 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2008-01-19 07:48 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-02-09 08:08 1160480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-19 03:34 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-27 20:23 267048]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-02-27 20:23 5146448]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-19 07:47 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 07:48 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\CBG54.sys [2005-11-01 03:13]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 15:14:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 06:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-09 13:13:19 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 21:57:59
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-05 21:59:40
ComboFix-quarantined-files.txt 2008-03-06 02:58:57
ComboFix2.txt 2008-03-05 13:08:48
ComboFix3.txt 2008-03-04 12:57:57
.
2008-02-13 08:02:36 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 3/5/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\imapi.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202619153125
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8314 bytes


p.S. Idid have the windows cd in the drive, so it may have been trying to read that last time. ?

not sure about your ? about flopy drive ?

:thumbsup: I can't thank you enough for helping me get rid of this junk... I see I had more than what I thought (ssqpm)

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 06 March 2008 - 04:09 AM

Hi,

Log looks good.
Most likely combofix was trying to upload a sample --
Is there a -submit_somedate time.zip file on desktop? And a submit somethingorother.html on desktop?
Those are from combofix --

I'd like to do an online scan to make sure we got all these critters jailed. :thumbsup:

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
    http://i266.photobucket.com/albums/ii277/s...Kas-Savetxt.gif
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

Thanks :blink:

No immediate worries about critters in \system volume information (system restore) -- these we'll get later.
Also no worries about critters in \qoobox. Will get those later.

p.S. Idid have the windows cd in the drive, so it may have been trying to read that last time. ?

Yes -- most likely. It does have an autorun -- it is part of what you see when you first insert CD -- where it gives choice to install, upgrade, etc.

not sure about your ? about flopy drive ?


Me either. Looks like I meant to ask someone else who was having floppy issues.
That is what I get for trying to multi-task :wacko:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 06 March 2008 - 09:50 AM

Wow, 2hrs and 21 mins. latter... I think most of these are quarentined files that need to go bye bye ?
This cleans up all user accounts right ? ( This is my sons computer, and I wanted to make sure we have looked under all users)
and was this mainly malware or was it more, like any info keystrokes ect. harvested from this computer while infected ?
:thumbsup:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-03-06 09:36
Operating System: Microsoft Windows XP Home Edition, Service Pack 3, v.3264 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/03/2008
Kaspersky Anti-Virus database records: 602670
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 190153
Number of viruses found: 6
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 02:21:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR158.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94038519868a097f422bc7323d4f10a6_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e2a9eb10519e94a3d4ec9932e66468_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Brooke\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brooke\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Joshua Thorson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joshua Thorson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kelly Thorson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kelly Thorson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\Documents and Settings\Paul Thorson\Desktop\[4]-Submit_2008-03-05@7.46.zip/ssqpm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\Paul Thorson\Desktop\[4]-Submit_2008-03-05@7.46.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Paul Thorson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul Thorson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TEMP\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TEMP\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\TEMP\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped
C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TEMP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\TEMP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Application Data\Microsoft\Windows\fhdrj.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\Documents and Settings\Tyler Thorson\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\temp\sqlite_wQ9TNkxjiJezj8v Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\temp\~DF2735.tmp Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\temp\~DF2B81.tmp Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tyler Thorson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tyler Thorson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tyler Thorson\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq .exe.vir Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\SpybotSD.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\abtfyktc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aifnpovm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bmmomubt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\duwoacle.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fnvwxfnl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fxqhtudw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hmqhftjo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iboojdwm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\intttbjy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ipipxctx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iwinifdh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jrqmydjt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jsmvijbo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lxelvvua.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mqrwcxep.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mvcoejew.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nclaymjr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ngmfxbgh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nkpmbexg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nowugdcu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\okuxjihl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pwcclrks.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qbrmgnor.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qfphuude.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\velibblx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vppgxyhe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wtlajvvc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0009298.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0009437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0009499.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0009658.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0009680.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0009684.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0009685.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0009690.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0009764.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0009768.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP29\A0009769.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0009847.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0009900.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP30\A0009901.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010005.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010047.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010050.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010051.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP31\A0010080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0010187.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0010190.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0010191.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0011005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0011006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0011011.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0011037.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP32\A0011043.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP33\A0011072.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP33\A0011075.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP33\A0011076.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP36\A0011160.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP36\A0011166.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP36\A0011167.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011253.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011257.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011259.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011263.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011264.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011266.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011271.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011272.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011281.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011282.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011283.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011285.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011286.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011288.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011289.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011290.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011291.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011292.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011295.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011296.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011297.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011298.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011299.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011300.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011301.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011302.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011303.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011304.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011305.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011306.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP37\A0011323.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP38\A0011546.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP38\A0011562.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP40\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DA643613-FA0B-4600-995A-0C7CB9E9F844}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_bvbAfXt2gjjlb0B Object is locked skipped
C:\WINDOWS\Temp\mcmsc_jCVfaf8tPiXGyil Object is locked skipped
C:\WINDOWS\Temp\sqlite_G9VaWu3ne2ciBe9 Object is locked skipped
C:\WINDOWS\Temp\sqlite_YfujADONplHM1tl Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP40\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP40\change.log Object is locked skipped

Scan process completed.

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:20 PM

Posted 07 March 2008 - 03:39 AM

Hi,

Thanks for the log. :blink:
2+ hours isn't all that bad for an online scan -- I've seen it take much longer.
This scan cleans nothing -- all it does is report.
I don't often use online cleaners because I have no control over what is being deleted and once in a while there are false positives. Online scanners have no quarentine -- therefore no backups.

and was this mainly malware or was it more, like any info keystrokes ect. harvested from this computer while infected ?


Looks to have been mostly adware and downloaders. However I don't know what your security programs removed before you got here so it sure wouldn't hurt to take extra precautions and change passwords to sensitive sites you use.
Such as banking or other financial sites, email, IM, etc.
Have other users do the same.

Not quite clean yet. There are a few files left to remove.

I see now that there are several user accounts. I will want to use another app to check what is being started on the other accounts.
The bad files should be gone though.

The files we need to remove are hidden.
How to view Hidden files/folders.
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
don't forget to hide files/folders when we are finished cleaning.

Locate and delete if found the following:

C:\Documents and Settings\Paul Thorson\Application Data\Microsoft\Windows\oebwq.exe
C:\Documents and Settings\Tyler Thorson\Application Data\Microsoft\Windows\fhdrj.exe

then empty recycle bin.

As for the stuff in quarentine -- yes. we'll remove that in a bit when we uninstall combofix and other tools we used.
Those files can't do anything right now because they have been renamed to prevent accidential execution.
Same goes for the junk you see in system restore -- will clean that up last as I would rather have an infected restore point than have none if something goes wrong while we work.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
  • At the top checkmark "Scan All User Accounts"
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 sonofthor

sonofthor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 07 March 2008 - 07:32 AM

:thumbsup: The only reason I ask about what type of junk was on my computer, is because at times when I typed like into google, it would be slow... then catch up ect.

WinPFind35 logfile created on: 3-7-2008 07:01:53
WinPFind35U Version 1.0.3.1	 Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
766.48 Mb Total Physical Memory | 264.66 Mb Available Physical Memory | 34.53% Memory free
1.83 Gb Paging File | 1.49 Gb Available in Paging File | 81.44% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 4.51 Gb Free Space | 16.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 115.89 Gb Total Space | 44.06 Gb Free Space | 38.02% Space Free | Partition Type: NTFS
Drive G: | 116.99 Gb Total Space | 56.61 Gb Free Space | 48.39% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL1
Current User Name: Paul Thorson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9-6-2007 13:28:18 | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11-28-2005 12:11:36 | Attr =	]
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10-25-2001 01:02:00 | Attr =	]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8-4-2007 03:08:06 | Attr =	]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7-22-2007 20:15:18 | Attr =	]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8-15-2007 12:36:04 | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7-24-2007 12:02:14 | Attr =	]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7-18-2007 15:54:42 | Attr =	]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 8-24-2007 04:00:40 | Attr =	]
hpzipm12.exe -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8-9-2007 02:27:52 | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1-4-2007 16:38:08 | Attr =	]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11-10-2004 23:15:31 | Attr =	]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2-27-2008 20:20:57 | Attr =	]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 1-19-2008 07:47:55 | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 1-19-2008 07:47:59 | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 1-19-2008 07:48:10 | Attr =	]
hpqsrmon.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSRMon.exe -> Hewlett-Packard [Ver = 10.0.0.202 | Size = 80896 bytes | Modified Date = 1-19-2008 07:48:14 | Attr =	]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 1-19-2008 07:48:22 | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2-27-2008 20:23:15 | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2-4-2008 14:18:32 | Attr =	]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7-25-2007 01:41:52 | Attr =	]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 361800 bytes | Modified Date = 7-25-2007 02:15:50 | Attr =	]
mcvsmap.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsmap.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 259400 bytes | Modified Date = 7-25-2007 01:41:48 | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 3-5-2008 01:21:14 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe ->  [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 6-20-2004 16:30:58 | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9-6-2007 13:28:18 | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11-28-2005 12:11:36 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.3264.503.0 | Size = 224768 bytes | Modified Date = 12-1-2007 00:26:22 | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3-7-2007 15:47:46 | Attr =	]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 2, 0, 0 | Size = 90112 bytes | Modified Date = 10-25-2001 01:02:00 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2-3-2008 19:14:10 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4-4-2005 00:41:10 | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2-4-2008 14:18:32 | Attr =	]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8-4-2007 03:08:06 | Attr =	]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7-22-2007 20:15:18 | Attr =	]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7-25-2007 02:16:16 | Attr =	]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8-15-2007 12:36:04 | Attr =	]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] ->  -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7-25-2007 01:41:52 | Attr =	]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7-18-2007 15:54:42 | Attr =	]
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.0.214.0 | Size = 23880 bytes | Modified Date = 8-24-2007 04:00:40 | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8-9-2007 02:27:52 | Attr =	]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.1.00.07231  | Size = 65536 bytes | Modified Date = 7-23-2002 04:45:12 | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1-4-2007 16:38:08 | Attr =	]
(0277291204794038mcinstcleanup) McAfee Application Installer Cleanup (0277291204794038) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\027729~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4-1-2002 13:15:00 | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 7-16-2003 15:24:09 | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.071130-1427) | Size = 43008 bytes | Modified Date = 11-30-2007 17:31:08 | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 7-16-2003 15:24:22 | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 7-16-2003 15:24:23 | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.51.0.0 built by: WinDDK | Size = 42368 bytes | Modified Date = 1-15-2003 14:45:06 | Attr =	]
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8-29-2003 04:59:24 | Attr =	]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] ->  -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\PAULTH~1\LOCALS~1\Temp\catchme.sys -> File not found
(CBBCM43) BUFFALO WLI-CB-XXX Series Wireless LAN Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CBG54.SYS -> Broadcom Corporation [Ver = 3.104.64.52 | Size = 372480 bytes | Modified Date = 11-1-2005 03:13:48 | Attr = R  ]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 7-16-2003 15:25:32 | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 7-16-2003 15:26:33 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.3264.503.0 | Size = 799744 bytes | Modified Date = 11-30-2007 17:30:12 | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.3264.503.0 | Size = 153344 bytes | Modified Date = 11-30-2007 17:30:06 | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7-16-2003 15:27:04 | Attr =	]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10-5-2006 16:07:28 | Attr =	]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2-25-2007 12:10:48 | Attr =   S]
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> System32\DRIVERS\el90xbc5.sys -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9-19-2006 14:44:04 | Attr =	]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZid412.sys -> HP [Ver = 10, 1, 0, 2 | Size = 49664 bytes | Modified Date = 4-12-2006 20:04:39 | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 16496 bytes | Modified Date = 4-12-2006 20:04:39 | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 10, 1, 0, 2 | Size = 21568 bytes | Modified Date = 4-12-2006 20:04:39 | Attr = R  ]
(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 161020 bytes | Modified Date = 11-30-2007 15:15:14 | Attr =	]
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12415 bytes | Modified Date = 11-30-2007 15:15:16 | Attr =	]
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12127 bytes | Modified Date = 11-30-2007 15:15:16 | Attr =	]
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11775 bytes | Modified Date = 11-30-2007 15:15:18 | Attr =	]
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 12063 bytes | Modified Date = 11-30-2007 15:15:26 | Attr =	]
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19455 bytes | Modified Date = 11-30-2007 15:15:26 | Attr =	]
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 29311 bytes | Modified Date = 11-30-2007 15:15:20 | Attr =	]
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 19551 bytes | Modified Date = 11-30-2007 15:15:20 | Attr =	]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 33599 bytes | Modified Date = 11-30-2007 15:15:20 | Attr =	]
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 23615 bytes | Modified Date = 11-30-2007 15:15:24 | Attr =	]
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 87803 bytes | Modified Date = 1-14-2003 12:37:30 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 3-29-2000 17:11:20 | Attr =	]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7-24-2007 07:40:36 | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7-21-2007 09:08:24 | Attr =	]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7-21-2007 09:08:24 | Attr =	]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7-24-2007 12:02:36 | Attr =	]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7-21-2007 09:08:24 | Attr =	]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7-13-2007 09:20:24 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 7-16-2003 15:34:22 | Attr =	]
(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.0.1.109 | Size = 28276 bytes | Modified Date = 8-10-2003 17:48:25 | Attr =	]
(Nbf) NetBEUI Protocol [Kernel | Auto | Stopped] -> System32\DRIVERS\nbf.sys -> File not found
(NETMDUSB) Net MD [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NETMDUSB.sys -> Sony Corporation [Ver = 1.2.10.08080 | Size = 38951 bytes | Modified Date = 8-8-2002 14:51:32 | Attr =	]
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 11-30-2007 15:15:26 | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 7-19-2002 10:22:08 | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 4-1-2004 15:30:46 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7-16-2003 15:42:18 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 11-3-2005 03:00:00 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 7-16-2003 15:42:24 | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 7-16-2003 15:42:25 | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 7-16-2003 15:42:26 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11-30-2007 15:21:50 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.071130-1427) | Size = 40960 bytes | Modified Date = 11-30-2007 17:31:08 | Attr =	]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3538 | Size = 539008 bytes | Modified Date = 12-19-2002 17:48:48 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 7-16-2003 15:46:15 | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 7-16-2003 15:47:09 | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 7-16-2003 15:47:09 | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 7-16-2003 15:47:09 | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 7-16-2003 15:47:10 | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2-15-2008 20:43:38 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 7-16-2003 15:48:45 | Attr =	]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 1-15-2008 02:39:58 | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 108736 bytes | Modified Date = 1-14-2003 12:38:36 | Attr =	]
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3442 | Size = 78272 bytes | Modified Date = 1-14-2003 12:38:30 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BCMSMMSG -> BCMSMMSG.exe -> File not found
HotKeysCmds -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 1-19-2008 07:47:55 | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 1-19-2008 07:48:10 | Attr =	]
hpqSRMon -> %ProgramFiles%\HP\Digital Imaging\bin\hpqSRMon.exe -> Hewlett-Packard [Ver = 10.0.0.202 | Size = 80896 bytes | Modified Date = 1-19-2008 07:48:14 | Attr =	]
IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 1-18-2008 23:57:56 | Attr =	]
Ink Monitor -> %ProgramFiles%\EPSON\Ink Monitor\InkMonitor.exe -> BillP Studios [Ver = 3.6 | Size = 258120 bytes | Modified Date = 1-19-2008 07:48:03 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2-27-2008 20:23:15 | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2-27-2008 20:20:57 | Attr =	]
McENUI -> %ProgramFiles%\McAfee\MHN\McENUI.exe -> McAfee, Inc. [Ver = 2,0,169,0 | Size = 1160480 bytes | Modified Date = 2-9-2008 08:08:06 | Attr =	]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 1-19-2008 07:47:55 | Attr =	]
NeroFilterCheck -> %SystemRoot%\SYSTEM32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 1-19-2008 07:47:58 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 1-19-2008 03:34:23 | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 1-19-2008 07:47:59 | Attr =	]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 1-19-2008 07:48:22 | Attr =	]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe -> Safer Networking Limited [Ver = 1, 5, 2, 20 | Size = 5146448 bytes | Modified Date = 2-27-2008 20:23:30 | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 1-19-2008 07:48:09 | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
 ->  -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1-18-2008 23:58:36 | Attr =	]
< Run [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> File not found
< Run [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1-18-2008 23:58:36 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 1-19-2008 03:34:23 | Attr =	]
< Run [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 1-19-2008 03:34:23 | Attr =	]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9-23-2005 22:05:26 | Attr =	]
< Brooke Startup Folder > -> C:\Documents and Settings\Brooke\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Joshua Thorson Startup Folder > -> C:\Documents and Settings\Joshua Thorson\Start Menu\Programs\Startup -> 
< Kelly Thorson Startup Folder > -> C:\Documents and Settings\Kelly Thorson\Start Menu\Programs\Startup -> 
< Paul Thorson Startup Folder > -> C:\Documents and Settings\Paul Thorson\Start Menu\Programs\Startup -> 
< TEMP Startup Folder > -> C:\Documents and Settings\TEMP\Start Menu\Programs\Startup -> 
< Tyler Thorson Startup Folder > -> C:\Documents and Settings\Tyler Thorson\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_ADMINISTRATOR] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_ALL USERS] > -> HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_BROOKE] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_JOSHUA THORSON] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_KELLY THORSON] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\PE_C_PAUL THORSON] > -> HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2023 | Size = 315392 bytes | Modified Date = 1-13-2003 13:52:14 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_ADMINISTRATOR] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_ALL USERS] > -> HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_BROOKE] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_JOSHUA THORSON] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_KELLY THORSON] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\PE_C_PAUL THORSON] > -> HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> http://localhost -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
HKEY_USERS\.DEFAULT\: ProxyOverride -> http://localhost -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: ProxyEnable -> 0 -> 
HKEY_USERS\PE_C_ADMINISTRATOR\: ProxyOverride -> http://localhost; -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_ALL USERS\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_BROOKE\] > -> -> 
HKEY_USERS\PE_C_BROOKE\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\PE_C_BROOKE\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\PE_C_BROOKE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\PE_C_BROOKE\: Main\\Start Page -> http://www.stardoll.com/sv/ -> 
HKEY_USERS\PE_C_BROOKE\: ProxyEnable -> 0 -> 
HKEY_USERS\PE_C_BROOKE\: ProxyOverride -> http://localhost; -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: ProxyEnable -> 0 -> 
HKEY_USERS\PE_C_JOSHUA THORSON\: ProxyOverride -> http://localhost -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_KELLY THORSON\] > -> -> 
HKEY_USERS\PE_C_KELLY THORSON\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\PE_C_KELLY THORSON\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\PE_C_KELLY THORSON\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\PE_C_KELLY THORSON\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_USERS\PE_C_KELLY THORSON\: ProxyEnable -> 0 -> 
HKEY_USERS\PE_C_KELLY THORSON\: ProxyOverride -> http://localhost -> 
< Internet Explorer Settings [HKEY_USERS\PE_C_PAUL THORSON\] > -> -> 
HKEY_USERS\PE_C_PAUL THORSON\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\PE_C_PAUL THORSON\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\PE_C_PAUL THORSON\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_USERS\PE_C_PAUL THORSON\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_USERS\PE_C_PAUL THORSON\: ProxyEnable -> 0 -> 
HKEY_USERS\PE_C_PAUL THORSON\: ProxyOverride -> http://localhost;*.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
HKEY_USERS\S-1-5-18\: ProxyOverride -> http://localhost -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\: ProxyEnable -> 0 -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\: ProxyOverride -> http://localhost -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_ALL USERS\] > -> HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\PE_C_ALL USERS\] > -> HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4222 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\PE_C_PAUL THORSON\] > -> HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4312 domain(s) found. -> 
  .[msn] -> My Computer -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\PE_C_PAUL THORSON\] > -> HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4177 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12-18-2006 04:16:42 | Attr =	]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 12-4-2007 16:02:24 | Attr =	]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\MSK\mcapbho.dll [McAfee Phishing Filter] ->  [Ver =  | Size = 329032 bytes | Modified Date = 9-19-2007 06:15:26 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9-25-2007 01:11:33 | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10-24-2007 05:51:28 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 10-23-2007 17:00:20 | Attr =	]
AutorunsDisabled [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\PE_C_PAUL THORSON\] > -> HKEY_USERS\PE_C_PAUL THORSON\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 12-4-2007 16:02:24 | Attr =	]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\PE_C_PAUL THORSON\] > -> HKEY_USERS\PE_C_PAUL THORSON\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2-3-2008 19:14:05 | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9-25-2007 01:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9-25-2007 01:11:33 | Attr =	]
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\PE_C_ADMINISTRATOR\] > -> HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\PE_C_BROOKE\] > -> HKEY_USERS\PE_C_BROOKE\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\PE_C_JOSHUA THORSON\] > -> HKEY_USERS\PE_C_JOSHUA THORSON\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
< Internet Explorer Extensions [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\PE_C_KELLY THORSON\] > -> HKEY_USERS\PE_C_KELLY THORSON\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
< Internet Explorer Extensions [HKEY_USERS\PE_C_PAUL THORSON\] > -> HKEY_USERS\PE_C_PAUL THORSON\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11-28-2005 12:11:26 | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\] > -> HKEY_USERS\S-1-5-21-1210797529-1897576891-3497809635-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{451D1E6B-696C-4FEC-AC17-A9F089A6E8C5} ->	(1394 Net Adapter) -> 
{7A64255C-BA38-4364-9211-F0701AC368C2} ->	() -> 
{B6D5C8AD-C811-4642-BC31-EC38FFFF4594} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{E8048D5F-FEB9-4D44-BD2F-895EE9CC3A40} ->	(BUFFALO WLI2-PCI-G54S Wireless LAN Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 94208 bytes | Modified Date = 11-28-2005 12:11:28 | Attr =	]
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\PE_C_ADMINISTRATOR\] - Select to Repair > -> HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\PE_C_ALL USERS\] - Select to Repair > -> HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
@ivt -> @ivt protocol not assigned -> 
file -> file protocol not assigned -> 
ftp -> ftp protocol not assigned -> 
http -> http protocol not assigned -> 
https -> https protocol not assigned -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 12-4-2007 16:02:24 | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202619153125[MUWebControl Class] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 299520 bytes | Modified Date = 12-1-2007 00:25:40 | Attr =	]
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 132608 bytes | Modified Date = 12-1-2007 00:25:48 | Attr =	]
schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 144384 bytes | Modified Date = 12-1-2007 00:25:52 | Attr =	]
wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 49152 bytes | Modified Date = 12-1-2007 00:26:08 | Attr =	]
tspkg -> %SystemRoot%\SYSTEM32\tspkg.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 50176 bytes | Modified Date = 12-1-2007 00:26:06 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 876 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 181248 bytes | Modified Date = 12-1-2007 00:25:52 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 132608 bytes | Modified Date = 12-1-2007 00:25:48 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1433) | Size = 118784 bytes | Modified Date = 12-1-2007 00:25:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1427) | Size = 14336 bytes | Modified Date = 12-1-2007 00:26:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11491 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-0108) | Size = 331264 bytes | Modified Date = 12-1-2007 00:25:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1427) | Size = 141312 bytes | Modified Date = 12-1-2007 00:26:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-0108) | Size = 558080 bytes | Modified Date = 11-30-2007 17:44:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1427) | Size = 141312 bytes | Modified Date = 12-1-2007 00:26:48 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe -> C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1-16-2007 13:59:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-0108) | Size = 558080 bytes | Modified Date = 11-30-2007 17:44:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 2-4-2008 14:18:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\aol\Loader\aolload.exe -> C:\Program Files\Common Files\aol\Loader\aolload.exe [C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11-3-2006 02:17:27 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 2-19-2008 21:54:57 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.3264 (xpsp.071130-1427) | Size = 14336 bytes | Modified Date = 12-1-2007 00:26:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.3264 (xpsp.071130-0108) | Size = 6656 bytes | Modified Date = 12-1-2007 00:26:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 803786752 bytes | Modified Date = 3-5-2008 22:07:37 | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 3-4-2008 07:26:17 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2-13-2008 20:55:09 | Attr =	]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Modified Date = 7-16-2003 15:25:05 | Attr =	]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Modified Date = 12-1-2007 00:21:46 | Attr =	]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Modified Date = 7-16-2003 15:28:01 | Attr =	]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Modified Date = 7-16-2003 15:28:01 | Attr =	]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Modified Date = 7-16-2003 15:28:01 | Attr =	]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Modified Date = 7-16-2003 15:22:34 | Attr =	]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Modified Date = 7-16-2003 15:29:36 | Attr =	]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 12-1-2007 00:22:20 | Attr =	]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Modified Date = 7-16-2003 15:29:52 | Attr =	]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Modified Date = 7-16-2003 15:22:39 | Attr =	]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Modified Date = 11-30-2007 15:16:40 | Attr =	]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 7-16-2003 15:22:54 | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Modified Date = 7-16-2003 15:22:57 | Attr =	]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Modified Date = 7-16-2003 15:32:26 | Attr =	]
mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Modified Date = 12-1-2007 00:26:40 | Attr =	]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Modified Date = 7-16-2003 15:37:12 | Attr =	]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Modified Date = 7-16-2003 15:39:24 | Attr =	]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7046 bytes | Modified Date = 7-16-2003 15:54:54 | Attr =	]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Modified Date = 12-1-2007 00:23:42 | Attr =	]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Modified Date = 7-16-2003 15:43:41 | Attr =	]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Modified Date = 7-16-2003 15:43:43 | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Modified Date = 7-16-2003 15:46:22 | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2-15-2008 20:43:38 | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 2-10-2008 01:15:09 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3,0,0,2023 | Size = 151552 bytes | Modified Date = 1-13-2003 13:50:46 | Attr =	]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 12-1-2007 00:25:40 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 2-22-2008 19:41:12 | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2-9-2008 20:09:21 | Attr = RH ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Modified Date = 7-16-2003 15:46:22 | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 2-10-2008 00:30:46 | Attr =  H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 2-10-2008 01:15:12 | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 3-6-2008 04:00:27 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Modified Date = 8-31-2000 08:00:00 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 2-10-2008 07:08:47 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2-16-2008 08:08:21 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3-5-2008 22:23:06 | Attr =  H ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 2-10-2008 01:37:30 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3-5-2008 22:11:34 | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 3-5-2008 22:10:22 | Attr =	]
DRIVERS -> %SystemDrive%\DRIVERS ->  [Folder | Modified Date = 2-9-2008 19:59:01 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 803786752 bytes | Modified Date = 3-5-2008 22:07:37 | Attr =  HS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 2122 bytes | Modified Date = 2-20-2008 07:41:01 | Attr =  H ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM ->  [Ver =  | Size = 47564 bytes | Modified Date = 2-10-2008 00:54:18 | Attr = RHS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 2-10-2008 00:54:16 | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3-5-2008 07:48:21 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 3-5-2008 21:57:48 | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2-11-2008 12:20:26 | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 2-16-2008 13:00:07 | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2-20-2008 19:55:57 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3-6-2008 04:00:27 | Attr =	]
ETC -> %SystemRoot%\System32\drivers\ETC ->  [Folder | Modified Date = 3-5-2008 08:06:52 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\ETC\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 3-5-2008 08:06:52 | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2-15-2008 20:43:38 | Attr =	]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 264 bytes | Modified Date = 2-9-2008 20:29:59 | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 2-9-2008 14:47:06 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 2-9-2008 20:10:44 | Attr =	]
bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 2-10-2008 01:15:08 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2-11-2008 08:13:00 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3-6-2008 04:00:27 | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 2-10-2008 01:05:50 | Attr =	]
CONFIG -> %SystemRoot%\System32\CONFIG ->  [Folder | Modified Date = 3-4-2008 07:38:13 | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 9091 bytes | Modified Date = 3-6-2008 22:53:04 | Attr =	]
DLLCACHE -> %SystemRoot%\System32\DLLCACHE ->  [Folder | Modified Date = 3-4-2008 07:12:40 | Attr = RHS]
DRIVERS -> %SystemRoot%\System32\DRIVERS ->  [Folder | Modified Date = 3-5-2008 21:52:00 | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2-10-2008 16:12:05 | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 23680 bytes | Modified Date = 2-9-2008 20:07:54 | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 2-10-2008 01:15:10 | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2-10-2008 01:15:24 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 435760 bytes | Modified Date = 2-10-2008 07:08:14 | Attr =	]
IAS -> %SystemRoot%\System32\IAS ->  [Folder | Modified Date = 2-9-2008 20:10:02 | Attr =	]
ICSXML -> %SystemRoot%\System32\ICSXML ->  [Folder | Modified Date = 2-9-2008 14:47:57 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 2-22-2008 19:41:12 | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2-9-2008 20:09:21 | Attr = RH ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
NPP -> %SystemRoot%\System32\NPP ->  [Folder | Modified Date = 2-10-2008 01:06:19 | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 2-9-2008 20:10:44 | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
OOBE -> %SystemRoot%\System32\OOBE ->  [Folder | Modified Date = 2-10-2008 01:03:48 | Attr =	]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 53808 bytes | Modified Date = 2-13-2008 09:20:15 | Attr =	]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 382114 bytes | Modified Date = 2-13-2008 09:20:15 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 441882 bytes | Modified Date = 2-13-2008 09:20:13 | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 2-10-2008 00:45:36 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2-11-2008 12:20:26 | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 2-10-2008 07:08:07 | Attr =	]
USMT -> %SystemRoot%\System32\USMT ->  [Folder | Modified Date = 2-10-2008 01:15:23 | Attr =	]
WBEM -> %SystemRoot%\System32\WBEM ->  [Folder | Modified Date = 2-10-2008 07:08:08 | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 2-9-2008 20:09:21 | Attr = RH ]
wmpscheme.xml -> %SystemRoot%\System32\wmpscheme.xml ->  [Ver =  | Size = 25065 bytes | Modified Date = 2-9-2008 20:10:45 | Attr =	]
WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 3-5-2008 22:22:55 | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2-10-2008 00:25:52 | Attr =  H ]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 2-10-2008 00:43:27 | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2-10-2008 07:08:08 | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 3-5-2008 22:07:40 | Attr =   S]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 2-10-2008 09:51:10 | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2-10-2008 07:16:37 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2-22-2008 19:41:16 | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 2-9-2008 14:45:34 | Attr =	]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 2-10-2008 00:30:39 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 3-4-2008 07:37:05 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2-10-2008 07:08:05 | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2-10-2008 14:43:41 | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 2-10-2008 14:35:08 | Attr =  H ]
IME -> %SystemRoot%\IME ->  [Folder | Modified Date = 2-10-2008 01:16:24 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 4566 bytes | Modified Date = 2-10-2008 09:52:52 | Attr =	]
INF -> %SystemRoot%\INF ->  [Folder | Modified Date = 3-7-2008 06:40:09 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3-5-2008 22:11:34 | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 2-10-2008 01:15:14 | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 3-6-2008 04:00:27 | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 2-9-2008 14:48:27 | Attr =	]
MSAGENT -> %SystemRoot%\MSAGENT ->  [Folder | Modified Date = 2-10-2008 01:06:10 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 202 bytes | Modified Date = 3-3-2008 19:07:37 | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2-10-2008 13:40:42 | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 2-9-2008 20:10:31 | Attr =	]
peernet -> %SystemRoot%\peernet ->  [Folder | Modified Date = 2-10-2008 01:15:07 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3-7-2008 07:00:50 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2-16-2008 08:08:21 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3-5-2008 22:23:06 | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2-9-2008 20:38:12 | Attr =	]
SECURITY -> %SystemRoot%\SECURITY ->  [Folder | Modified Date = 2-10-2008 01:49:16 | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 2-10-2008 01:16:48 | Attr =	]
setupapi.old -> %SystemRoot%\setupapi.old ->  [Ver =  | Size = 1129473 bytes | Modified Date = 2-9-2008 18:15:36 | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 2-9-2008 23:50:16 | Attr =	]
SRCHASST -> %SystemRoot%\SRCHASST ->  [Folder | Modified Date = 2-10-2008 01:06:01 | Attr =	]
SYSTEM -> %SystemRoot%\SYSTEM ->  [Folder | Modified Date = 2-10-2008 01:03:43 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 3-5-2008 21:57:57 | Attr =	]
SYSTEM32 -> %SystemRoot%\SYSTEM32 ->  [Folder | Modified Date = 3-6-2008 20:19:52 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2-11-2008 09:49:43 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3-7-2008 06:53:07 | Attr =	]
TWAIN_32 -> %SystemRoot%\TWAIN_32 ->  [Folder | Modified Date = 2-9-2008 14:48:22 | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 2-10-2008 00:55:40 | Attr = R  ]
WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 824 bytes | Modified Date = 2-9-2008 20:10:49 | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 2-9-2008 20:09:12 | Attr = RH ]
WinInit.ini -> %SystemRoot%\WinInit.ini ->  [Ver =  | Size = 2639 bytes | Modified Date = 2-26-2008 07:49:45 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2-10-2008 01:17:35 | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 2-10-2008 07:12:58 | Attr =	]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx ->  [Ver =  | Size = 299552 bytes | Modified Date = 2-9-2008 20:10:43 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3-5-2008 10:14:00 | Attr =	]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 356 bytes | Modified Date = 2-15-2008 01:00:00 | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 348 bytes | Modified Date = 3-1-2008 01:00:00 | Attr =	]
Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job ->  [Ver =  | Size = 424 bytes | Modified Date = 2-9-2008 08:13:19 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3-5-2008 22:07:50 | Attr =  H ]
Filelist00001.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00001.DAT ->  [Ver =  | Size = 2300 bytes | Modified Date = 9-3-2007 17:27:53 | Attr =	]
Filelist00002.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00002.DAT ->  [Ver =  | Size = 1308 bytes | Modified Date = 9-3-2007 17:27:53 | Attr =	]
Filelist00003.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00003.DAT ->  [Ver =  | Size = 5392 bytes | Modified Date = 9-3-2007 17:27:53 | Attr =	]
Filelist00004.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00004.DAT ->  [Ver =  | Size = 19384 bytes | Modified Date = 9-3-2007 17:27:55 | Attr =	]
Filelist00005.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00005.DAT ->  [Ver =  | Size = 9352 bytes | Modified Date = 9-3-2007 17:27:57 | Attr =	]
Filelist00006.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00006.DAT ->  [Ver =  | Size = 10672 bytes | Modified Date = 9-3-2007 17:27:59 | Attr =	]
Filelist00007.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00007.DAT ->  [Ver =  | Size = 12652 bytes | Modified Date = 9-3-2007 17:28:00 | Attr =	]
Filelist00008.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00008.DAT ->  [Ver =  | Size = 9088 bytes | Modified Date = 9-3-2007 17:28:01 | Attr =	]
Filelist00009.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00009.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:02 | Attr =	]
Filelist00010.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00010.DAT ->  [Ver =  | Size = 7636 bytes | Modified Date = 9-3-2007 17:28:03 | Attr =	]
Filelist00011.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00011.DAT ->  [Ver =  | Size = 6184 bytes | Modified Date = 9-3-2007 17:28:03 | Attr =	]
Filelist00012.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00012.DAT ->  [Ver =  | Size = 23212 bytes | Modified Date = 9-3-2007 17:28:05 | Attr =	]
Filelist00013.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00013.DAT ->  [Ver =  | Size = 11596 bytes | Modified Date = 9-3-2007 17:28:05 | Attr =	]
Filelist00014.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00014.DAT ->  [Ver =  | Size = 8824 bytes | Modified Date = 9-3-2007 17:28:06 | Attr =	]
Filelist00015.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00015.DAT ->  [Ver =  | Size = 11596 bytes | Modified Date = 9-3-2007 17:28:07 | Attr =	]
Filelist00016.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00016.DAT ->  [Ver =  | Size = 9484 bytes | Modified Date = 9-3-2007 17:28:07 | Attr =	]
Filelist00017.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00017.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:08 | Attr =	]
Filelist00018.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00018.DAT ->  [Ver =  | Size = 4468 bytes | Modified Date = 9-3-2007 17:28:08 | Attr =	]
Filelist00019.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00019.DAT ->  [Ver =  | Size = 8164 bytes | Modified Date = 9-3-2007 17:28:08 | Attr =	]
Filelist00020.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00020.DAT ->  [Ver =  | Size = 27172 bytes | Modified Date = 9-3-2007 17:28:10 | Attr =	]
Filelist00021.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00021.DAT ->  [Ver =  | Size = 31396 bytes | Modified Date = 9-3-2007 17:28:13 | Attr =	]
Filelist00022.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00022.DAT ->  [Ver =  | Size = 13972 bytes | Modified Date = 9-3-2007 17:28:15 | Attr =	]
Filelist00023.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00023.DAT ->  [Ver =  | Size = 9220 bytes | Modified Date = 9-3-2007 17:28:17 | Attr =	]
Filelist00024.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00024.DAT ->  [Ver =  | Size = 9220 bytes | Modified Date = 9-3-2007 17:28:18 | Attr =	]
Filelist00025.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00025.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:19 | Attr =	]
Filelist00026.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00026.DAT ->  [Ver =  | Size = 3412 bytes | Modified Date = 9-3-2007 17:28:19 | Attr =	]
Filelist00027.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00027.DAT ->  [Ver =  | Size = 10672 bytes | Modified Date = 9-3-2007 17:28:20 | Attr =	]
Filelist00028.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00028.DAT ->  [Ver =  | Size = 22420 bytes | Modified Date = 9-3-2007 17:28:21 | Attr =	]
Filelist00029.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00029.DAT ->  [Ver =  | Size = 24004 bytes | Modified Date = 9-3-2007 17:28:23 | Attr =	]
Filelist00030.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00030.DAT ->  [Ver =  | Size = 25984 bytes | Modified Date = 9-3-2007 17:28:24 | Attr =	]
Filelist00031.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00031.DAT ->  [Ver =  | Size = 22156 bytes | Modified Date = 9-3-2007 17:28:25 | Attr =	]
Filelist00032.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00032.DAT ->  [Ver =  | Size = 18856 bytes | Modified Date = 9-3-2007 17:28:26 | Attr =	]
Filelist00033.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00033.DAT ->  [Ver =  | Size = 12256 bytes | Modified Date = 9-3-2007 17:28:27 | Attr =	]
Filelist00034.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00034.DAT ->  [Ver =  | Size = 6448 bytes | Modified Date = 9-3-2007 17:28:27 | Attr =	]
Filelist00035.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00035.DAT ->  [Ver =  | Size = 5128 bytes | Modified Date = 9-3-2007 17:28:27 | Attr =	]
Filelist00036.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00036.DAT ->  [Ver =  | Size = 13444 bytes | Modified Date = 9-3-2007 17:28:28 | Attr =	]
Filelist00037.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00037.DAT ->  [Ver =  | Size = 9088 bytes | Modified Date = 9-3-2007 17:28:29 | Attr =	]
Filelist00038.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00038.DAT ->  [Ver =  | Size = 11992 bytes | Modified Date = 9-3-2007 17:28:29 | Attr =	]
Filelist00039.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00039.DAT ->  [Ver =  | Size = 26512 bytes | Modified Date = 9-3-2007 17:28:31 | Attr =	]
Filelist00040.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00040.DAT ->  [Ver =  | Size = 16216 bytes | Modified Date = 9-3-2007 17:28:31 | Attr =	]
Filelist00041.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00041.DAT ->  [Ver =  | Size = 9616 bytes | Modified Date = 9-3-2007 17:28:32 | Attr =	]
Filelist00042.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00042.DAT ->  [Ver =  | Size = 6316 bytes | Modified Date = 9-3-2007 17:28:32 | Attr =	]
Filelist00043.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00043.DAT ->  [Ver =  | Size = 6976 bytes | Modified Date = 9-3-2007 17:28:33 | Attr =	]
Filelist00044.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00044.DAT ->  [Ver =  | Size = 16744 bytes | Modified Date = 9-3-2007 17:28:34 | Attr =	]
Filelist00045.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00045.DAT ->  [Ver =  | Size = 18460 bytes | Modified Date = 9-3-2007 17:28:35 | Attr =	]
Filelist00046.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00046.DAT ->  [Ver =  | Size = 18724 bytes | Modified Date = 9-3-2007 17:28:35 | Attr =	]
Filelist00047.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00047.DAT ->  [Ver =  | Size = 9484 bytes | Modified Date = 9-3-2007 17:28:36 | Attr =	]
Filelist00048.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00048.DAT ->  [Ver =  | Size = 8824 bytes | Modified Date = 9-3-2007 17:28:37 | Attr =	]
Filelist00049.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00049.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:37 | Attr =	]
Filelist00050.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00050.DAT ->  [Ver =  | Size = 3412 bytes | Modified Date = 9-3-2007 17:28:37 | Attr =	]
Filelist00051.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00051.DAT ->  [Ver =  | Size = 9484 bytes | Modified Date = 9-3-2007 17:28:38 | Attr =	]
Filelist00052.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00052.DAT ->  [Ver =  | Size = 31924 bytes | Modified Date = 9-3-2007 17:28:41 | Attr =	]
Filelist00053.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00053.DAT ->  [Ver =  | Size = 27304 bytes | Modified Date = 9-3-2007 17:28:42 | Attr =	]
Filelist00054.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00054.DAT ->  [Ver =  | Size = 24400 bytes | Modified Date = 9-3-2007 17:28:43 | Attr =	]
Filelist00055.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00055.DAT ->  [Ver =  | Size = 23344 bytes | Modified Date = 9-3-2007 17:28:44 | Attr =	]
Filelist00056.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00056.DAT ->  [Ver =  | Size = 15820 bytes | Modified Date = 9-3-2007 17:28:45 | Attr =	]
Filelist00057.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00057.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:46 | Attr =	]
Filelist00058.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00058.DAT ->  [Ver =  | Size = 2356 bytes | Modified Date = 9-3-2007 17:28:46 | Attr =	]
Filelist00059.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00059.DAT ->  [Ver =  | Size = 8560 bytes | Modified Date = 9-3-2007 17:28:46 | Attr =	]
Filelist00060.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00060.DAT ->  [Ver =  | Size = 25720 bytes | Modified Date = 9-3-2007 17:28:48 | Attr =	]
Filelist00061.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00061.DAT ->  [Ver =  | Size = 30740 bytes | Modified Date = 9-3-2007 17:28:49 | Attr =	]
Filelist00062.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00062.DAT ->  [Ver =  | Size = 23212 bytes | Modified Date = 9-3-2007 17:28:51 | Attr =	]
Filelist00063.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00063.DAT ->  [Ver =  | Size = 22420 bytes | Modified Date = 9-3-2007 17:28:52 | Attr =	]
Filelist00064.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00064.DAT ->  [Ver =  | Size = 11332 bytes | Modified Date = 9-3-2007 17:28:52 | Attr =	]
Filelist00065.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00065.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:53 | Attr =	]
Filelist00066.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00066.DAT ->  [Ver =  | Size = 904 bytes | Modified Date = 9-3-2007 17:28:53 | Attr =	]
Filelist00067.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00067.DAT ->  [Ver =  | Size = 7636 bytes | Modified Date = 9-3-2007 17:28:53 | Attr =	]
Filelist00068.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00068.DAT ->  [Ver =  | Size = 22288 bytes | Modified Date = 9-3-2007 17:28:54 | Attr =	]
Filelist00069.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00069.DAT ->  [Ver =  | Size = 27964 bytes | Modified Date = 9-3-2007 17:28:56 | Attr =	]
Filelist00070.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00070.DAT ->  [Ver =  | Size = 17272 bytes | Modified Date = 9-3-2007 17:28:57 | Attr =	]
Filelist00071.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00071.DAT ->  [Ver =  | Size = 9748 bytes | Modified Date = 9-3-2007 17:28:57 | Attr =	]
Filelist00072.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00072.DAT ->  [Ver =  | Size = 8824 bytes | Modified Date = 9-3-2007 17:28:58 | Attr =	]
Filelist00073.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00073.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:28:58 | Attr =	]
Filelist00074.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00074.DAT ->  [Ver =  | Size = 1432 bytes | Modified Date = 9-3-2007 17:28:58 | Attr =	]
Filelist00075.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00075.DAT ->  [Ver =  | Size = 8956 bytes | Modified Date = 9-3-2007 17:28:59 | Attr =	]
Filelist00076.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00076.DAT ->  [Ver =  | Size = 20044 bytes | Modified Date = 9-3-2007 17:29:00 | Attr =	]
Filelist00077.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00077.DAT ->  [Ver =  | Size = 21364 bytes | Modified Date = 9-3-2007 17:29:01 | Attr =	]
Filelist00078.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00078.DAT ->  [Ver =  | Size = 25456 bytes | Modified Date = 9-3-2007 17:29:02 | Attr =	]
Filelist00079.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00079.DAT ->  [Ver =  | Size = 15952 bytes | Modified Date = 9-3-2007 17:29:03 | Attr =	]
Filelist00080.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00080.DAT ->  [Ver =  | Size = 12520 bytes | Modified Date = 9-3-2007 17:29:05 | Attr =	]
Filelist00081.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00081.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:29:06 | Attr =	]
Filelist00082.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00082.DAT ->  [Ver =  | Size = 244 bytes | Modified Date = 9-3-2007 17:29:06 | Attr =	]
Filelist00083.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00083.DAT ->  [Ver =  | Size = 6184 bytes | Modified Date = 9-3-2007 17:29:06 | Attr =	]
Filelist00084.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00084.DAT ->  [Ver =  | Size = 17140 bytes | Modified Date = 9-3-2007 17:29:07 | Attr =	]
Filelist00085.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00085.DAT ->  [Ver =  | Size = 22156 bytes | Modified Date = 9-3-2007 17:29:09 | Attr =	]
Filelist00086.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00086.DAT ->  [Ver =  | Size = 15028 bytes | Modified Date = 9-3-2007 17:29:11 | Attr =	]
Filelist00087.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00087.DAT ->  [Ver =  | Size = 25852 bytes | Modified Date = 9-3-2007 17:29:14 | Attr =	]
Filelist00088.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00088.DAT ->  [Ver =  | Size = 22552 bytes | Modified Date = 9-3-2007 17:29:17 | Attr =	]
Filelist00089.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00089.DAT ->  [Ver =  | Size = 8692 bytes | Modified Date = 9-3-2007 17:29:18 | Attr =	]
Filelist00090.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00090.DAT ->  [Ver =  | Size = 508 bytes | Modified Date = 9-3-2007 17:29:18 | Attr =	]
Filelist00091.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00091.DAT ->  [Ver =  | Size = 4600 bytes | Modified Date = 9-3-2007 17:29:18 | Attr =	]
Filelist00092.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00092.DAT ->  [Ver =  | Size = 12784 bytes | Modified Date = 9-3-2007 17:29:19 | Attr =	]
Filelist00093.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00093.DAT ->  [Ver =  | Size = 9220 bytes | Modified Date = 9-3-2007 17:29:20 | Attr =	]
Filelist00094.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00094.DAT ->  [Ver =  | Size = 11596 bytes | Modified Date = 9-3-2007 17:29:20 | Attr =	]
Filelist00095.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00095.DAT ->  [Ver =  | Size = 15424 bytes | Modified Date = 9-3-2007 17:29:21 | Attr =	]
Filelist00096.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00096.DAT ->  [Ver =  | Size = 15160 bytes | Modified Date = 9-3-2007 17:29:22 | Attr =	]
Filelist00097.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00097.DAT ->  [Ver =  | Size = 9880 bytes | Modified Date = 9-3-2007 17:29:22 | Attr =	]
Filelist00098.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00098.DAT ->  [Ver =  | Size = 5392 bytes | Modified Date = 9-3-2007 17:29:23 | Attr =	]
Filelist00099.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00099.DAT ->  [Ver =  | Size = 372 bytes | Modified Date = 9-3-2007 17:29:23 | Attr =	]
Filelist00100.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00100.DAT ->  [Ver =  | Size = 2856 bytes | Modified Date = 9-3-2007 17:29:23 | Attr =	]
Filelist00101.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00101.DAT ->  [Ver =  | Size = 904 bytes | Modified Date = 9-3-2007 17:29:23 | Attr =	]
Filelist00102.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00102.DAT ->  [Ver =  | Size = 644 bytes | Modified Date = 9-3-2007 17:29:23 | Attr =	]
Filelist00103.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00103.DAT ->  [Ver =  | Size = 4844 bytes | Modified Date = 9-3-2007 17:29:24 | Attr =	]
Filelist00104.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00104.DAT ->  [Ver =  | Size = 2880 bytes | Modified Date = 9-3-2007 17:29:25 | Attr =	]
Filelist00105.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00105.DAT ->  [Ver =  | Size = 1952 bytes | Modified Date = 9-3-2007 17:29:25 | Attr =	]
Filelist00106.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00106.DAT ->  [Ver =  | Size = 1956 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00107.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00107.DAT ->  [Ver =  | Size = 508 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00108.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00108.DAT ->  [Ver =  | Size = 376 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00109.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00109.DAT ->  [Ver =  | Size = 252 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00110.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00110.DAT ->  [Ver =  | Size = 408 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00111.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00111.DAT ->  [Ver =  | Size = 252 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00112.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00112.DAT ->  [Ver =  | Size = 256 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00113.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00113.DAT ->  [Ver =  | Size = 2860 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
Filelist00114.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00114.DAT ->  [Ver =  | Size = 252 bytes | Modified Date = 9-3-2007 17:29:26 | Attr =	]
FilelistIndex.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\FilelistIndex.DAT ->  [Ver =  | Size = 53628 bytes | Modified Date = 1-17-2008 23:04:18 | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 787 bytes | Modified Date = 2-9-2008 12:56:18 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2-12-2008 17:39:26 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5531 bytes | Modified Date = 2-12-2008 17:39:26 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11100 bytes | Modified Date = 2-28-2007 17:11:49 | Attr =	]
1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat ->  [Ver =  | Size = 3338 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
24ab97f9-4322-16c0-0a1a-5b3802f053df.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\24ab97f9-4322-16c0-0a1a-5b3802f053df.dat ->  [Ver =  | Size = 5612 bytes | Modified Date = 9-3-2007 17:27:18 | Attr =	]
2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat ->  [Ver =  | Size = 16644 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
325ecd9f-b45c-7657-310d-a3ec69566036.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\325ecd9f-b45c-7657-310d-a3ec69566036.dat ->  [Ver =  | Size = 4324 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat ->  [Ver =  | Size = 4339 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat ->  [Ver =  | Size = 6043 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat ->  [Ver =  | Size = 4190 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
52e1e760-d8e2-8cb0-8e40-c8adb14bc761.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\52e1e760-d8e2-8cb0-8e40-c8adb14bc761.dat ->  [Ver =  | Size = 3037 bytes | Modified Date = 9-3-2007 17:27:13 | Attr =	]
61003c70-2333-4da9-f637-1240e25f9b46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\61003c70-2333-4da9-f637-1240e25f9b46.dat ->  [Ver =  | Size = 5105 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
6d1fc144-430d-92ee-a585-fccf492243f1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\6d1fc144-430d-92ee-a585-fccf492243f1.dat ->  [Ver =  | Size = 16652 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
7fc76939-1749-9389-638e-b057f3111dfe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\7fc76939-1749-9389-638e-b057f3111dfe.dat ->  [Ver =  | Size = 8266 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
81ba9668-2c14-dde9-60b6-246696d7b041.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\81ba9668-2c14-dde9-60b6-246696d7b041.dat ->  [Ver =  | Size = 11340 bytes | Modified Date = 9-3-2007 17:27:20 | Attr =	]
836d2dcb-994e-57f8-1a45-102bdd4ed27d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\836d2dcb-994e-57f8-1a45-102bdd4ed27d.dat ->  [Ver =  | Size = 4248 bytes | Modified Date = 9-3-2007 17:27:18 | Attr =	]
9728020c-33b1-869d-8ca7-2da2673eeba6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\9728020c-33b1-869d-8ca7-2da2673eeba6.dat ->  [Ver =  | Size = 13319 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
af154ab4-7867-7da2-509f-55369e19b78a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\af154ab4-7867-7da2-509f-55369e19b78a.dat ->  [Ver =  | Size = 5259 bytes | Modified Date = 9-3-2007 17:20:20 | Attr =	]
b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat ->  [Ver =  | Size = 11422 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
b63271ae-c613-2d09-eede-d8f740f9fbdc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b63271ae-c613-2d09-eede-d8f740f9fbdc.dat ->  [Ver =  | Size = 3447 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat ->  [Ver =  | Size = 3033 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat ->  [Ver =  | Size = 3448 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat ->  [Ver =  | Size = 11430 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
ea92f6a9-1973-440d-6877-426f74e5755e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\ea92f6a9-1973-440d-6877-426f74e5755e.dat ->  [Ver =  | Size = 6182 bytes | Modified Date = 9-3-2007 17:27:13 | Attr =	]
f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat ->  [Ver =  | Size = 3978 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
f68611eb-e389-1a51-bd94-636faf15e309.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f68611eb-e389-1a51-bd94-636faf15e309.dat ->  [Ver =  | Size = 7371 bytes | Modified Date = 9-3-2007 17:20:21 | Attr =	]
fda68769-b92c-0baa-a72e-cdf551afdbb7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\fda68769-b92c-0baa-a72e-cdf551afdbb7.dat ->  [Ver =  | Size = 13323 bytes | Modified Date = 9-3-2007 17:20:22 | Attr =	]
0277291204794038mcinst.exe -> C:\WINDOWS\Temp\0277291204794038mcinst.exe -> McAfee, Inc. [Ver = 3,0,116,0 | Size = 306528 bytes | Modified Date = 8-28-2007 13:34:18 | Attr =	]

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users