Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wierd Scary Error Messages On Bootup


  • This topic is locked This topic is locked
28 replies to this topic

#1 Booman

Booman

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 08 March 2008 - 10:19 AM

hey! i found over 4000 temp files and deleted them all by hand...it was going by alphabet... posa1...ect...then i was able to runs all my programs...however...i have a great connection with wireless and i cannot connect.....i am on my aunts pc with a log....

here is my HTJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:46 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jeff\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google..com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google..com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: cru629.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6632 bytes

BC AdBot (Login to Remove)

 


m

#2 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 08 March 2008 - 10:27 AM

ohh i see waht you guys did..you locked my other topic and made a new one... THANKS :thumbsup:

#3 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 08 March 2008 - 04:20 PM

ok...i got rid of everything....with vundofix.....xoftspyse.....cureit....spyeraser.... but i have this issue...i cannot get on the internet...i have an excellent wireless conection and it is connected....and i open up the web browser Firefox...and it says "This webpage cannot be displayed"...and i have This Red "X" icon on my hard drive instead of the actual icon...here is the pic

http://i229.photobucket.com/albums/ee189/d...olfman/redX.gif

#4 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 09 March 2008 - 12:44 PM

ok....i fixed the red x thing..but i cannot get on the wireless connection...it says i am connected...54.0 mbs and 4 bars out of 5.....and when i open up firefox or IE it syas "this webpage cannot be displayed" and my homepage is www.google.com

#5 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 09 March 2008 - 03:52 PM

umm i take that back..i hooked up my LAN cord and avast internet mail thingyh kepts saying ever 2 seconds..."CAUTION! A POTENTIAL INFECTION WAS DETECTED!"...from a porno ad sender thingy....can u help me remove them? i am making a video on youtube now


Edited by Booman, 09 March 2008 - 04:13 PM.


#6 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 11 March 2008 - 05:51 PM

another issue...my disc drive will not autoplay anything...i tried to change the settings on it and it wont let me...and my internet is slow...i have roadrunner.....and my passwords on firefox wont remember anymore....and the remember pw pox is checked...oh no....when i double click on my C-Drive....intstead of letting me access the files....it opens up a search window and does not let me access anything

Edited by Booman, 11 March 2008 - 06:03 PM.


#7 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 March 2008 - 06:33 PM

here is a fresh hjt log..... umm this

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

keeps reappearing....i deleted it so many times but it regenerates itself


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:36 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Jeff\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7278 bytes


then when i shutdown...this error dialog displays quickly....i looked it up on the event viewer and here it is

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 3/12/2008
Time: 7:15:13 AM
User: NT AUTHORITY\SYSTEM
Computer: Jeff
Description:
Windows saved user Jeff\Jeff registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Edited by Booman, 12 March 2008 - 07:55 PM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:20 AM

Posted 15 March 2008 - 02:21 AM

Hello Booman and welcome to the BC HijackThis forum. What we have here is an information stealing infection. What I would suggest first is keeping this system off from the Internet and using a different computer to immediately change any passwords to secure sites (like banking sites) if you have any of those types of sites you use.

Next, let's see what else we can find. Follow the steps below in order.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search section click on Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT

Edited by OldTimer, 15 March 2008 - 02:27 AM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 15 March 2008 - 03:05 PM

when i ran the scan. Avast said "Caution! a virus has been detected!" and it found some things...then yesterday it found this winstart.bat and my CA antispy from yahoo toolbar found this BASSMOD.dll as something... well anyway...my firefox will not remember none of my passwords...i have it checked...i have a picture of the virus chest

Posted Image

i hope it helps ^^


OTScanIt logfile created on: 3/15/2008 3:50:37 PM
OTScanIt by OldTimer - Version 1.0.5.2	 Folder = C:\Documents and Settings\Jeff\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
382.48 Mb Total Physical Memory | 44.35 Mb Available Physical Memory | 11.60% Memory free
917.29 Mb Paging File | 396.39 Mb Available in Paging File | 43.21% Paging File free
Paging file location(s): C:\pagefile.sys 2 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.21 Gb Free Space | 71.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 10:08:48 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 7/13/2005 10:05:00 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 1:11:12 PM | Attr =	]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 2:24:20 PM | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 1:12:22 PM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.5.2 | Size = 310784 bytes | Modified Date = 3/14/2008 2:57:26 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/1/2008 9:14:39 PM | Attr =	]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 11/18/2004 1:32:56 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 10:08:48 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 105248 bytes | Modified Date = 3/6/2007 6:55:24 PM | Attr =	]
(NMSAccessU) NMSAccessU [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe ->  [Ver =  | Size = 71096 bytes | Modified Date = 10/12/2007 9:34:56 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr =	]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060618-2337) | Size = 36864 bytes | Modified Date = 6/19/2006 12:37:34 AM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.277 | Size = 109319 bytes | Modified Date = 1/31/2005 6:23:08 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr =	]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1269760 bytes | Modified Date = 7/14/2005 1:37:16 PM | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 10/13/2006 1:26:56 AM | Attr =	]
(Beep) Beep [Kernel | System | Stopped] ->  -> File not found
(BOCDRIVE) BOClean Kernel Monitor. [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Comodo\CBOClean\BOCDRIVE.sys -> File not found
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0575 | Size = 38016 bytes | Modified Date = 4/20/2005 6:45:48 PM | Attr =	]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0575 | Size = 350080 bytes | Modified Date = 4/20/2005 6:46:42 PM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(CSNPD51) CSNPD51 NDIS Protocol Driver [Kernel | On_Demand | Stopped] ->  -> File not found
(CSNPD51a64) CSNPD51a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\eabfiltr.sys -> Hewlett-Packard Company [Ver = 4.20.01.03 | Size = 7432 bytes | Modified Date = 4/14/2004 8:36:50 AM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EabUsb.sys -> Hewlett-Packard Company [Ver = 4.10.02.02 | Size = 5220 bytes | Modified Date = 6/6/2003 12:46:16 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 231424 bytes | Modified Date = 8/23/2005 8:06:00 AM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 8/23/2005 8:07:00 AM | Attr =	]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(itchfltr) iTouch Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\itchfltr.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 12953 bytes | Modified Date = 11/8/2003 6:24:17 PM | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 14092 bytes | Modified Date = 11/7/2003 5:50:00 AM | Attr =	]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 11/7/2003 5:50:00 AM | Attr =	]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Modified Date = 11/7/2003 5:50:00 AM | Attr =	]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 11/7/2003 5:50:00 AM | Attr =	]
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Lvckap.sys ->  [Ver =  | Size = 1669664 bytes | Modified Date = 3/6/2007 6:50:30 PM | Attr =	]
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVMVdrv.sys -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 2261792 bytes | Modified Date = 3/6/2007 6:52:46 PM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 41376 bytes | Modified Date = 3/6/2007 6:54:40 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/6/2005 7:57:08 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lv302af.sys -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 14240 bytes | Modified Date = 3/6/2007 6:48:46 PM | Attr =	]
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LV302V32.SYS -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 1273504 bytes | Modified Date = 3/6/2007 6:48:46 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.681.1120.2007 built by: WinDDK | Size = 104320 bytes | Modified Date = 11/20/2007 12:09:22 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 6:31:34 PM | Attr =	]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 213696 bytes | Modified Date = 9/15/2007 3:09:44 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.33.00 built by: WinDDK | Size = 718464 bytes | Modified Date = 8/23/2005 8:06:10 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.200 | Size = 159744 bytes | Modified Date = 2/8/2005 5:38:10 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 7/13/2005 10:05:00 PM | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 2:24:20 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 1:11:12 PM | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 1:12:22 PM | Attr =	]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 102400 bytes | Modified Date = 9/15/2007 3:29:10 AM | Attr =	]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
Flags ->  -> File not found
Title ->  -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
PrivacyControls -> %ProgramFiles%\ParetoLogic\Privacy Controls\2.X ->  [Folder | Modified Date = 3/15/2008 12:21:42 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
  ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 7/14/2005 1:32:20 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisAllowRun -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\\1 -> braviax.exe -> 
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> www.google.com -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local;localhost -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3230 domain(s) found. -> 
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{20CA1405-A853-471B-91C1-3F9DCC804E6C} ->	(Broadcom 802.11b/g WLAN) -> 
{64E8A60B-E8A4-41DC-8A9B-D47A60785E14} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{7D83DE2E-FE01-4C56-BC3F-6BC9ECF22EDF} ->	() -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://ax.emsisoft.com/asquared.cab[a-squared Scanner] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Reg Error: Value  does not exist or could not be read.] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 840 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 14327 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WheelOfTime\System\WoT.exe -> C:\WheelOfTime\System\WoT.exe [C:\WheelOfTime\System\WoT.exe:*:Enabled:WoT] ->  [Ver =  | Size = 192512 bytes | Modified Date = 11/8/1999 4:29:14 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe -> C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe [C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2/19/2008 2:10:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\kav\kav7\setup.exe -> C:\kav\kav7\setup.exe [C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
ATI -> %SystemDrive%\ATI ->  [Folder | Created Date = 3/12/2008 6:54:52 AM | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 223 bytes | Created Date = 3/6/2008 11:06:06 PM | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 3/6/2008 11:05:32 PM | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 3/6/2008 11:05:57 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/11/2008 9:40:15 PM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401133568 bytes | Created Date = 3/7/2008 9:44:41 PM | Attr =  HS]
WheelOfTime -> %SystemDrive%\WheelOfTime ->  [Folder | Created Date = 3/8/2008 11:31:24 PM | Attr =	]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 3/14/2008 8:16:34 PM | Attr =	]
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 3/14/2008 8:16:30 PM | Attr =	]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 3/14/2008 8:16:30 PM | Attr =	]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 3/14/2008 8:16:37 PM | Attr =	]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 3/14/2008 8:16:35 PM | Attr =	]
itchfltr.sys -> %SystemRoot%\System32\drivers\itchfltr.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 12953 bytes | Created Date = 2/22/2008 12:23:21 PM | Attr =	]
L8042PR2.SYS -> %SystemRoot%\System32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Created Date = 2/22/2008 12:28:20 PM | Attr =	]
LCcfltr.sys -> %SystemRoot%\System32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 14092 bytes | Created Date = 2/22/2008 12:23:22 PM | Attr =	]
LHidFlt2.Sys -> %SystemRoot%\System32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
LHidUsb.sys -> %SystemRoot%\System32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Created Date = 2/22/2008 12:23:22 PM | Attr =	]
LMouFlt2.Sys -> %SystemRoot%\System32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 3/14/2008 8:16:19 PM | Attr =	]
AS-Exp2.ocx -> %SystemRoot%\System32\AS-Exp2.ocx -> Ariad Software [Ver = 2.00.0055 | Size = 265753 bytes | Created Date = 3/7/2008 8:06:18 AM | Attr =	]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 3/14/2008 8:16:19 PM | Attr =	]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 3/14/2008 8:16:32 PM | Attr =	]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Created Date = 2/20/2008 2:25:56 PM | Attr =	]
COMNCTR.DLL -> %SystemRoot%\System32\COMNCTR.DLL -> Logitech Inc. [Ver = 9.79.019 | Size = 104960 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Created Date = 3/7/2008 7:58:32 AM | Attr =	]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
FEELIT.DLL -> %SystemRoot%\System32\FEELIT.DLL -> Immersion Corporation [Ver = 2.0.63 | Size = 94208 bytes | Created Date = 2/22/2008 12:28:40 PM | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
guard32.dll1 -> %SystemRoot%\System32\guard32.dll1 ->  [Ver =  | Size = 139008 bytes | Created Date = 2/21/2008 9:06:09 PM | Attr =	]
ifc21.dll -> %SystemRoot%\System32\ifc21.dll -> Immersion Corporation [Ver = 2.1.8 | Size = 155648 bytes | Created Date = 2/22/2008 12:28:40 PM | Attr =	]
IGUltraGrid20.ocx -> %SystemRoot%\System32\IGUltraGrid20.ocx -> Infragistics, Inc. [Ver = 2.01.0007 | Size = 1140472 bytes | Created Date = 3/7/2008 8:06:22 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Created Date = 3/7/2008 9:44:45 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
LCOINST.DLL -> %SystemRoot%\System32\LCOINST.DLL -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 23372 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
LGUICOM.DLL -> %SystemRoot%\System32\LGUICOM.DLL -> Logitech Inc. [Ver = 9.79.019 | Size = 97792 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
lmoufrc.dll -> %SystemRoot%\System32\lmoufrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Created Date = 2/22/2008 12:28:22 PM | Attr =	]
LMOUSE16.DLL -> %SystemRoot%\System32\LMOUSE16.DLL -> Logitech, Inc. [Ver = 9.79.19.0 | Size = 3568 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
LMOUSE32.DLL -> %SystemRoot%\System32\LMOUSE32.DLL -> Logitech, Inc. [Ver = 9.79.19.0 | Size = 16896 bytes | Created Date = 2/22/2008 12:28:37 PM | Attr =	]
locate.com -> %SystemRoot%\System32\locate.com ->  [Ver =  | Size = 11254 bytes | Created Date = 3/6/2008 10:55:08 PM | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll ->  [Ver =  | Size = 59392 bytes | Created Date = 2/18/2008 4:42:09 PM | Attr = R  ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/8/2008 11:40:38 AM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/8/2008 11:40:37 AM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/8/2008 11:40:37 AM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2652 bytes | Created Date = 3/7/2008 10:11:54 AM | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
XceedZip.dll -> %SystemRoot%\System32\XceedZip.dll -> Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Created Date = 3/11/2008 9:35:43 PM | Attr =	]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Created Date = 3/7/2008 9:44:46 PM | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Created Date = 2/15/2008 9:49:26 PM | Attr =  H ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 24 bytes | Created Date = 3/4/2008 6:42:52 PM | Attr =	]
EntPack.dat -> %SystemRoot%\EntPack.dat ->  [Ver =  | Size = 445 bytes | Created Date = 3/4/2008 12:03:59 AM | Attr =	]
entpack.ini -> %SystemRoot%\entpack.ini ->  [Ver =  | Size = 84 bytes | Created Date = 3/3/2008 11:51:42 PM | Attr =	]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Created Date = 2/26/2008 12:30:10 AM | Attr =	]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Created Date = 2/15/2008 9:46:55 PM | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Created Date = 2/22/2008 1:53:31 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 3/14/2008 10:58:42 PM | Attr =	]
LOGI_MWX.EXE -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Created Date = 2/22/2008 12:28:23 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/8/2008 11:40:39 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/6/2008 11:49:23 PM | Attr =  H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 263 bytes | Created Date = 3/11/2008 6:21:00 PM | Attr =	]
PRCONTROL.ini -> %SystemRoot%\PRCONTROL.ini ->  [Ver =  | Size = 2 bytes | Created Date = 3/13/2008 10:24:44 PM | Attr =	]
rootkitno.ini -> %SystemRoot%\rootkitno.ini ->  [Ver =  | Size = 134 bytes | Created Date = 3/11/2008 7:18:08 PM | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 3/6/2008 11:05:22 PM | Attr =	]
UniFish3.exe -> %SystemRoot%\UniFish3.exe ->  [Ver =  | Size = 45568 bytes | Created Date = 3/11/2008 6:20:36 PM | Attr =	]
WPE PRO.INI -> %SystemRoot%\WPE PRO.INI ->  [Ver =  | Size = 318 bytes | Created Date = 2/17/2008 10:30:33 PM | Attr =	]
ParetoLogic Update.job -> %SystemRoot%\tasks\ParetoLogic Update.job ->  [Ver =  | Size = 414 bytes | Created Date = 3/15/2008 12:12:31 AM | Attr =	]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 446 bytes | Created Date = 3/7/2008 6:52:16 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 312 bytes | Created Date = 3/7/2008 6:52:13 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
comodo -> %AllUsersProfile%\Application Data\comodo ->  [Folder | Created Date = 2/21/2008 9:06:09 PM | Attr =	]
Downloaded Installations -> %AllUsersProfile%\Application Data\Downloaded Installations ->  [Folder | Created Date = 3/10/2008 7:32:15 PM | Attr =	]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier ->  [Folder | Created Date = 2/15/2008 9:49:47 PM | Attr =	]
ParetoLogic -> %AllUsersProfile%\Application Data\ParetoLogic ->  [Folder | Created Date = 3/10/2008 7:57:26 PM | Attr =	]
ParetoLogic Anti-Spyware -> %AllUsersProfile%\Application Data\ParetoLogic Anti-Spyware ->  [Folder | Created Date = 3/10/2008 7:24:17 PM | Attr =	]
PC Drivers HeadQuarters -> %AllUsersProfile%\Application Data\PC Drivers HeadQuarters ->  [Folder | Created Date = 3/11/2008 9:16:28 PM | Attr =	]
PCPitstop -> %AllUsersProfile%\Application Data\PCPitstop ->  [Folder | Created Date = 3/11/2008 10:13:30 PM | Attr =	]
WildTangent -> %AllUsersProfile%\Application Data\WildTangent ->  [Folder | Created Date = 2/17/2008 4:44:20 PM | Attr =	]
CEZEO software -> %AppData%\CEZEO software ->  [Folder | Created Date = 3/14/2008 9:33:58 PM | Attr =	]
Comodo -> %AppData%\Comodo ->  [Folder | Created Date = 2/21/2008 9:06:15 PM | Attr =	]
ParetoLogic -> %AppData%\ParetoLogic ->  [Folder | Created Date = 3/10/2008 7:38:48 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Created Date = 3/2/2008 11:21:36 PM | Attr =	]
Sierra -> %AppData%\Sierra ->  [Folder | Created Date = 2/20/2008 2:48:14 PM | Attr =	]
CDBurnerXP_Soft -> %UserProfile%\Local Settings\Application Data\CDBurnerXP_Soft ->  [Folder | Created Date = 3/4/2008 3:53:55 PM | Attr =	]
Comodo -> %UserProfile%\Local Settings\Application Data\Comodo ->  [Folder | Created Date = 2/21/2008 9:40:56 PM | Attr =	]
Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations ->  [Folder | Created Date = 3/11/2008 9:12:32 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5300502 bytes | Created Date = 3/5/2008 7:49:49 AM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Created Date = 3/10/2008 8:23:31 PM | Attr =	]
Steam -> %UserProfile%\Local Settings\Application Data\Steam ->  [Folder | Created Date = 2/29/2008 9:54:09 PM | Attr =	]
CDBurnerXP Projects -> %UserProfile%\My Documents\CDBurnerXP Projects ->  [Folder | Created Date = 3/4/2008 3:53:54 PM | Attr =	]
crash.wav -> %UserProfile%\My Documents\crash.wav ->  [Ver =  | Size = 188040 bytes | Created Date = 3/13/2008 7:51:06 PM | Attr =	]
egmont overture.mp3 -> %UserProfile%\My Documents\egmont overture.mp3 ->  [Ver =  | Size = 12992960 bytes | Created Date = 3/12/2008 10:38:59 PM | Attr =	]
Empire Earth II The Art of Supremacy -> %UserProfile%\My Documents\Empire Earth II The Art of Supremacy ->  [Folder | Created Date = 2/20/2008 2:48:14 PM | Attr =	]
FLW CD -> %UserProfile%\My Documents\FLW CD ->  [Folder | Created Date = 3/5/2008 8:49:45 PM | Attr =	]
Fractal Forge -> %UserProfile%\My Documents\Fractal Forge ->  [Folder | Created Date = 3/1/2008 12:55:41 PM | Attr =	]
goebels.ppt -> %UserProfile%\My Documents\goebels.ppt ->  [Ver =  | Size = 780288 bytes | Created Date = 3/11/2008 9:13:15 PM | Attr =	]
gruneh parteh 1.gif -> %UserProfile%\My Documents\gruneh parteh 1.gif ->  [Ver =  | Size = 55097 bytes | Created Date = 2/19/2008 3:17:56 PM | Attr =	]
hmmmm.wav -> %UserProfile%\My Documents\hmmmm.wav ->  [Ver =  | Size = 882044 bytes | Created Date = 3/13/2008 7:19:42 PM | Attr =	]
Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01) -> %UserProfile%\My Documents\Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01) ->  [Folder | Created Date = 3/14/2008 7:25:59 PM | Attr =	]
KoRn - Twisted Transistor.wav -> %UserProfile%\My Documents\KoRn - Twisted Transistor.wav ->  [Ver =  | Size = 31564844 bytes | Created Date = 3/4/2008 11:17:06 PM | Attr =	]
MCF -> %UserProfile%\My Documents\MCF ->  [Folder | Created Date = 3/9/2008 1:54:15 PM | Attr =	]
older_open.vbs -> %UserProfile%\My Documents\older_open.vbs ->  [Ver =  | Size = 368 bytes | Created Date = 3/11/2008 9:03:45 PM | Attr =	]
PANDORA.ZIP -> %UserProfile%\My Documents\PANDORA.ZIP ->  [Ver =  | Size = 1104847 bytes | Created Date = 3/1/2008 12:25:14 PM | Attr =	]
ParetoLogic Privacy Controls 2.0.6804 -> %UserProfile%\My Documents\ParetoLogic Privacy Controls 2.0.6804 ->  [Folder | Created Date = 3/15/2008 12:19:48 AM | Attr =	]
ParetoLogic_Privacy_Controls_2.0.6804.rar -> %UserProfile%\My Documents\ParetoLogic_Privacy_Controls_2.0.6804.rar ->  [Ver =  | Size = 4829577 bytes | Created Date = 3/15/2008 12:18:02 AM | Attr =	]
pc take apart manual.pdf -> %UserProfile%\My Documents\pc take apart manual.pdf ->  [Ver =  | Size = 4754276 bytes | Created Date = 3/2/2008 5:42:06 PM | Attr =	]
RegCure.v1.5.0.0.WinAll.Incl.Patch-CU.zip -> %UserProfile%\My Documents\RegCure.v1.5.0.0.WinAll.Incl.Patch-CU.zip ->  [Ver =  | Size = 665048 bytes | Created Date = 3/1/2008 12:15:28 PM | Attr =	]
Role_Playing_Kingdom_banner.gif -> %UserProfile%\My Documents\Role_Playing_Kingdom_banner.gif ->  [Ver =  | Size = 141346 bytes | Created Date = 2/17/2008 3:16:37 PM | Attr =	]
suspic.mp3 -> %UserProfile%\My Documents\suspic.mp3 ->  [Ver =  | Size = 70298 bytes | Created Date = 3/9/2008 8:11:22 PM | Attr =	]
UnHackMe.4.6.0.inc.key.SoftNull.com -> %UserProfile%\My Documents\UnHackMe.4.6.0.inc.key.SoftNull.com ->  [Folder | Created Date = 3/11/2008 8:17:47 PM | Attr =	]
virfound.mp3 -> %UserProfile%\My Documents\virfound.mp3 ->  [Ver =  | Size = 79438 bytes | Created Date = 2/18/2008 7:33:01 PM | Attr =	]
wsInspector -> %UserProfile%\My Documents\wsInspector ->  [Folder | Created Date = 2/21/2008 12:43:24 PM | Attr =	]
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk ->  [Ver =  | Size = 1719 bytes | Created Date = 3/14/2008 8:16:38 PM | Attr =	]
Launch Privacy Controls.lnk -> %AllUsersProfile%\Desktop\Launch Privacy Controls.lnk ->  [Ver =  | Size = 1982 bytes | Created Date = 3/15/2008 12:12:10 AM | Attr =	]
RegCure.lnk -> %AllUsersProfile%\Desktop\RegCure.lnk ->  [Ver =  | Size = 441 bytes | Created Date = 3/11/2008 8:24:22 PM | Attr =	]
CFP_Setup_3.0.19.318_XP_Vista_x32.exe -> %UserProfile%\Desktop\CFP_Setup_3.0.19.318_XP_Vista_x32.exe -> COMODO [Ver = 1.0.0.1 | Size = 21018368 bytes | Created Date = 3/15/2008 12:37:38 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CFP_Setup_3.0.19.318_XP_Vista_x32.exe:Zone.Identifier
Convert.lnk -> %UserProfile%\Desktop\Convert.lnk ->  [Ver =  | Size = 1996 bytes | Created Date = 2/23/2008 3:53:06 PM | Attr =	]
cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 9248552 bytes | Created Date = 3/2/2008 12:23:12 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 3/15/2008 3:48:33 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 481560 bytes | Created Date = 3/15/2008 3:47:39 PM | Attr =	]
XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk ->  [Ver =  | Size = 692 bytes | Created Date = 3/7/2008 6:51:50 PM | Attr =	]
Logitech -> %CommonProgramFiles%\Logitech ->  [Folder | Created Date = 2/22/2008 12:22:40 PM | Attr =	]
ParetoLogic -> %CommonProgramFiles%\ParetoLogic ->  [Folder | Created Date = 3/15/2008 12:12:02 AM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Created Date = 3/4/2008 6:38:37 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
ATI -> %SystemDrive%\ATI ->  [Folder | Modified Date = 3/12/2008 6:54:52 AM | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 223 bytes | Modified Date = 3/6/2008 8:11:01 PM | Attr =  HS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 294 bytes | Modified Date = 3/11/2008 7:33:45 PM | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 3/6/2008 11:06:07 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/15/2008 12:12:13 AM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/22/2008 2:20:54 AM | Attr =	]
DVDVideoSoft -> %SystemDrive%\DVDVideoSoft ->  [Folder | Modified Date = 3/5/2008 8:42:52 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401133568 bytes | Modified Date = 3/14/2008 8:57:50 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/15/2008 10:03:15 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/22/2008 2:20:55 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/26/2008 5:35:37 PM | Attr =  HS]
WheelOfTime -> %SystemDrive%\WheelOfTime ->  [Folder | Modified Date = 3/9/2008 12:14:25 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/15/2008 1:37:20 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 3/8/2008 12:01:52 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 736 bytes | Modified Date = 3/8/2008 7:33:22 PM | Attr =	]
hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak ->  [Ver =  | Size = 27 bytes | Modified Date = 3/7/2008 6:36:42 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Modified Date = 3/11/2008 7:13:33 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/14/2008 10:58:52 PM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:58 PM | Attr = RH ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 2/20/2008 2:25:56 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/14/2008 7:46:44 PM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 3/14/2008 8:16:34 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 3/7/2008 7:58:32 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/1/2008 1:25:50 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/8/2008 1:03:38 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/14/2008 8:16:37 PM | Attr =	]
guard32.dll1 -> %SystemRoot%\System32\guard32.dll1 ->  [Ver =  | Size = 139008 bytes | Modified Date = 2/21/2008 9:06:05 PM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 3/7/2008 9:44:45 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 2/20/2008 2:51:55 PM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:55 PM | Attr = RH ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:56 PM | Attr = RH ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 68806 bytes | Modified Date = 3/10/2008 8:24:31 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 436328 bytes | Modified Date = 3/10/2008 8:24:32 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 511348 bytes | Modified Date = 3/10/2008 8:24:21 PM | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 3/12/2008 6:57:56 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/11/2008 9:23:40 AM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:56 PM | Attr = RH ]
streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll ->  [Ver =  | Size = 59392 bytes | Modified Date = 2/18/2008 4:42:21 PM | Attr = R  ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2652 bytes | Modified Date = 3/7/2008 6:37:06 PM | Attr =	]
VITrans -> %SystemRoot%\System32\VITrans ->  [Folder | Modified Date = 3/7/2008 8:12:26 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/10/2008 8:24:51 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/11/2008 10:04:21 PM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:57 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Modified Date = 3/7/2008 9:44:46 PM | Attr =	]
zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat ->  [Ver =  | Size = 4212 bytes | Modified Date = 2/15/2008 10:17:38 PM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/11/2008 9:20:04 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/14/2008 8:57:54 PM | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 24 bytes | Modified Date = 3/4/2008 6:42:52 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 3/14/2008 7:09:39 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/13/2008 9:59:11 PM | Attr =   S]
EntPack.dat -> %SystemRoot%\EntPack.dat ->  [Ver =  | Size = 445 bytes | Modified Date = 3/4/2008 12:03:59 AM | Attr =	]
entpack.ini -> %SystemRoot%\entpack.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 3/4/2008 8:25:30 AM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 3/8/2008 11:59:13 AM | Attr =	]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/26/2008 12:30:17 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/14/2008 11:01:30 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/15/2008 12:12:28 AM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2/20/2008 10:40:04 PM | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Modified Date = 2/22/2008 5:40:20 PM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 3/14/2008 10:58:43 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/12/2008 10:27:32 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/1/2008 1:25:43 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 2541 bytes | Modified Date = 3/11/2008 9:08:54 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/6/2008 11:49:23 PM | Attr =  H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 263 bytes | Modified Date = 3/11/2008 6:49:04 PM | Attr =	]
PRCONTROL.ini -> %SystemRoot%\PRCONTROL.ini ->  [Ver =  | Size = 2 bytes | Modified Date = 3/13/2008 10:24:44 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/15/2008 3:49:20 PM | Attr =	]
rootkitno.ini -> %SystemRoot%\rootkitno.ini ->  [Ver =  | Size = 134 bytes | Modified Date = 3/11/2008 8:19:52 PM | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 3/6/2008 11:05:22 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 435 bytes | Modified Date = 3/11/2008 7:33:45 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/15/2008 12:35:47 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/15/2008 12:12:31 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/15/2008 3:26:15 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 582 bytes | Modified Date = 3/11/2008 7:33:45 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/11/2008 9:04:59 PM | Attr = RH ]
WPE PRO.INI -> %SystemRoot%\WPE PRO.INI ->  [Ver =  | Size = 318 bytes | Modified Date = 3/4/2008 11:50:06 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/12/2008 9:20:19 PM | Attr =	]
ParetoLogic Update.job -> %SystemRoot%\tasks\ParetoLogic Update.job ->  [Ver =  | Size = 414 bytes | Modified Date = 3/15/2008 12:33:09 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/14/2008 8:58:04 PM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 446 bytes | Modified Date = 3/14/2008 8:58:35 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 312 bytes | Modified Date = 3/7/2008 7:03:15 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/11/2008 10:07:44 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5504 bytes | Modified Date = 3/11/2008 10:07:43 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8432 bytes | Modified Date = 3/12/2008 9:31:40 PM | Attr =	]
Perflib_Perfdata_94.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_94.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/15/2008 11:00:32 AM | Attr =	]
Perflib_Perfdata_104.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_104.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/14/2008 8:58:31 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
comodo -> %AllUsersProfile%\Application Data\comodo ->  [Folder | Modified Date = 3/14/2008 6:48:12 PM | Attr =	]
Downloaded Installations -> %AllUsersProfile%\Application Data\Downloaded Installations ->  [Folder | Modified Date = 3/10/2008 7:56:41 PM | Attr =	]
MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier ->  [Folder | Modified Date = 2/15/2008 10:19:01 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 3/14/2008 11:32:52 PM | Attr =   S]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 3/11/2008 10:34:53 PM | Attr =	]
ParetoLogic -> %AllUsersProfile%\Application Data\ParetoLogic ->  [Folder | Modified Date = 3/15/2008 12:12:02 AM | Attr =	]
ParetoLogic Anti-Spyware -> %AllUsersProfile%\Application Data\ParetoLogic Anti-Spyware ->  [Folder | Modified Date = 3/10/2008 7:24:17 PM | Attr =	]
PC Drivers HeadQuarters -> %AllUsersProfile%\Application Data\PC Drivers HeadQuarters ->  [Folder | Modified Date = 3/11/2008 9:46:57 PM | Attr =	]
PCPitstop -> %AllUsersProfile%\Application Data\PCPitstop ->  [Folder | Modified Date = 3/11/2008 10:13:31 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 3/9/2008 2:35:49 PM | Attr =	]
@Alternate Data Stream - 95 bytes -> %AllUsersProfile%\Application Data\TEMP:D31BE97C
WildTangent -> %AllUsersProfile%\Application Data\WildTangent ->  [Folder | Modified Date = 2/17/2008 5:40:34 PM | Attr =	]
CEZEO software -> %AppData%\CEZEO software ->  [Folder | Modified Date = 3/14/2008 9:33:58 PM | Attr =	]
Comodo -> %AppData%\Comodo ->  [Folder | Modified Date = 3/14/2008 6:58:15 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 3/10/2008 8:23:59 PM | Attr =   S]
ParetoLogic -> %AppData%\ParetoLogic ->  [Folder | Modified Date = 3/10/2008 7:38:48 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Modified Date = 3/10/2008 7:11:03 PM | Attr =	]
Sierra -> %AppData%\Sierra ->  [Folder | Modified Date = 2/20/2008 2:48:14 PM | Attr =	]
SiteAdvisor -> %AppData%\SiteAdvisor ->  [Folder | Modified Date = 3/15/2008 3:45:10 PM | Attr =	]
wsInspector -> %AppData%\wsInspector ->  [Folder | Modified Date = 3/14/2008 9:21:16 PM | Attr =	]
CDBurnerXP_Soft -> %UserProfile%\Local Settings\Application Data\CDBurnerXP_Soft ->  [Folder | Modified Date = 3/4/2008 3:53:55 PM | Attr =	]
Comodo -> %UserProfile%\Local Settings\Application Data\Comodo ->  [Folder | Modified Date = 2/21/2008 9:40:56 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 7680 bytes | Modified Date = 3/9/2008 4:58:02 PM | Attr =	]
Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations ->  [Folder | Modified Date = 3/11/2008 9:12:32 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 5300502 bytes | Modified Date = 3/11/2008 7:51:24 PM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Modified Date = 3/10/2008 8:23:31 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/14/2008 10:58:33 PM | Attr =	]
Steam -> %UserProfile%\Local Settings\Application Data\Steam ->  [Folder | Modified Date = 2/29/2008 10:09:25 PM | Attr =	]
Airport Tycoon 3 -> %UserProfile%\My Documents\Airport Tycoon 3 ->  [Folder | Modified Date = 2/16/2008 10:40:10 PM | Attr =	]
Camtasia Studio -> %UserProfile%\My Documents\Camtasia Studio ->  [Folder | Modified Date = 3/9/2008 4:50:15 PM | Attr =	]
CDBurnerXP Projects -> %UserProfile%\My Documents\CDBurnerXP Projects ->  [Folder | Modified Date = 3/4/2008 4:09:47 PM | Attr =	]
egmont overture.mp3 -> %UserProfile%\My Documents\egmont overture.mp3 ->  [Ver =  | Size = 12992960 bytes | Modified Date = 3/12/2008 10:39:44 PM | Attr =	]
Empire Earth II The Art of Supremacy -> %UserProfile%\My Documents\Empire Earth II The Art of Supremacy ->  [Folder | Modified Date = 2/26/2008 5:55:44 PM | Attr =	]
FLW CD -> %UserProfile%\My Documents\FLW CD ->  [Folder | Modified Date = 3/5/2008 9:58:14 PM | Attr =	]
Fractal Forge -> %UserProfile%\My Documents\Fractal Forge ->  [Folder | Modified Date = 3/1/2008 12:56:07 PM | Attr =	]
goebels.ppt -> %UserProfile%\My Documents\goebels.ppt ->  [Ver =  | Size = 780288 bytes | Modified Date = 3/12/2008 11:15:58 PM | Attr =	]
gruneh parteh 1.gif -> %UserProfile%\My Documents\gruneh parteh 1.gif ->  [Ver =  | Size = 55097 bytes | Modified Date = 2/19/2008 3:17:56 PM | Attr =	]
hmmmm.wav -> %UserProfile%\My Documents\hmmmm.wav ->  [Ver =  | Size = 882044 bytes | Modified Date = 3/13/2008 7:19:44 PM | Attr =	]
Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01) -> %UserProfile%\My Documents\Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01) ->  [Folder | Modified Date = 3/14/2008 7:28:17 PM | Attr =	]
KoRn - Twisted Transistor.wav -> %UserProfile%\My Documents\KoRn - Twisted Transistor.wav ->  [Ver =  | Size = 31564844 bytes | Modified Date = 3/4/2008 11:17:49 PM | Attr =	]
libmp3lame-3.97 -> %UserProfile%\My Documents\libmp3lame-3.97 ->  [Folder | Modified Date = 2/18/2008 7:32:42 PM | Attr =	]
MCF -> %UserProfile%\My Documents\MCF ->  [Folder | Modified Date = 3/9/2008 1:54:22 PM | Attr =	]
My Documents -> %UserProfile%\My Documents\My Documents ->  [Folder | Modified Date = 2/26/2008 5:56:13 PM | Attr =	]
My Games -> %UserProfile%\My Documents\My Games ->  [Folder | Modified Date = 3/2/2008 12:45:51 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 3/4/2008 11:15:37 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 3/14/2008 10:43:25 PM | Attr =	]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 3/15/2008 12:06:44 AM | Attr =	]
older_open.vbs -> %UserProfile%\My Documents\older_open.vbs ->  [Ver =  | Size = 368 bytes | Modified Date = 3/11/2008 9:03:45 PM | Attr =	]
PANDORA.ZIP -> %UserProfile%\My Documents\PANDORA.ZIP ->  [Ver =  | Size = 1104847 bytes | Modified Date = 3/1/2008 12:25:12 PM | Attr =	]
ParetoLogic Privacy Controls 2.0.6804 -> %UserProfile%\My Documents\ParetoLogic Privacy Controls 2.0.6804 ->  [Folder | Modified Date = 3/15/2008 12:19:59 AM | Attr =	]
ParetoLogic_Privacy_Controls_2.0.6804.rar -> %UserProfile%\My Documents\ParetoLogic_Privacy_Controls_2.0.6804.rar ->  [Ver =  | Size = 4829577 bytes | Modified Date = 3/15/2008 12:18:30 AM | Attr =	]
pc take apart manual.pdf -> %UserProfile%\My Documents\pc take apart manual.pdf ->  [Ver =  | Size = 4754276 bytes | Modified Date = 3/2/2008 5:42:11 PM | Attr =	]
RegCure.v1.5.0.0.WinAll.Incl.Patch-CU -> %UserProfile%\My Documents\RegCure.v1.5.0.0.WinAll.Incl.Patch-CU ->  [Folder | Modified Date = 3/1/2008 12:19:51 PM | Attr =	]
RegCure.v1.5.0.0.WinAll.Incl.Patch-CU.zip -> %UserProfile%\My Documents\RegCure.v1.5.0.0.WinAll.Incl.Patch-CU.zip ->  [Ver =  | Size = 665048 bytes | Modified Date = 3/1/2008 12:15:28 PM | Attr =	]
Role_Playing_Kingdom_banner.gif -> %UserProfile%\My Documents\Role_Playing_Kingdom_banner.gif ->  [Ver =  | Size = 141346 bytes | Modified Date = 2/17/2008 3:16:38 PM | Attr =	]
suspic.mp3 -> %UserProfile%\My Documents\suspic.mp3 ->  [Ver =  | Size = 70298 bytes | Modified Date = 3/9/2008 8:11:24 PM | Attr =	]
UnHackMe.4.6.0.inc.key.SoftNull.com -> %UserProfile%\My Documents\UnHackMe.4.6.0.inc.key.SoftNull.com ->  [Folder | Modified Date = 3/11/2008 8:17:48 PM | Attr =	]
virfound.mp3 -> %UserProfile%\My Documents\virfound.mp3 ->  [Ver =  | Size = 79438 bytes | Modified Date = 2/18/2008 7:33:04 PM | Attr =	]
wsInspector -> %UserProfile%\My Documents\wsInspector ->  [Folder | Modified Date = 2/21/2008 12:43:24 PM | Attr =	]
avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk ->  [Ver =  | Size = 1719 bytes | Modified Date = 3/14/2008 8:16:38 PM | Attr =	]
Launch Privacy Controls.lnk -> %AllUsersProfile%\Desktop\Launch Privacy Controls.lnk ->  [Ver =  | Size = 1982 bytes | Modified Date = 3/15/2008 12:12:10 AM | Attr =	]
RegCure.lnk -> %AllUsersProfile%\Desktop\RegCure.lnk ->  [Ver =  | Size = 441 bytes | Modified Date = 3/11/2008 8:24:22 PM | Attr =	]
CFP_Setup_3.0.19.318_XP_Vista_x32.exe -> %UserProfile%\Desktop\CFP_Setup_3.0.19.318_XP_Vista_x32.exe -> COMODO [Ver = 1.0.0.1 | Size = 21018368 bytes | Modified Date = 3/15/2008 12:38:26 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CFP_Setup_3.0.19.318_XP_Vista_x32.exe:Zone.Identifier
Convert.lnk -> %UserProfile%\Desktop\Convert.lnk ->  [Ver =  | Size = 1996 bytes | Modified Date = 2/23/2008 3:53:08 PM | Attr =	]
cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 9248552 bytes | Modified Date = 3/8/2008 12:08:02 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 3/15/2008 3:48:34 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 481560 bytes | Modified Date = 3/15/2008 3:47:37 PM | Attr =	]
Revo Uninstaller.lnk -> %UserProfile%\Desktop\Revo Uninstaller.lnk ->  [Ver =  | Size = 927 bytes | Modified Date = 2/28/2008 7:20:59 PM | Attr =	]
XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk ->  [Ver =  | Size = 692 bytes | Modified Date = 3/7/2008 6:51:50 PM | Attr =	]
DVDVideoSoft -> %CommonProgramFiles%\DVDVideoSoft ->  [Folder | Modified Date = 3/4/2008 6:02:53 PM | Attr =	]
Logitech -> %CommonProgramFiles%\Logitech ->  [Folder | Modified Date = 2/22/2008 12:22:59 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/15/2008 10:13:47 PM | Attr =	]
ParetoLogic -> %CommonProgramFiles%\ParetoLogic ->  [Folder | Modified Date = 3/15/2008 12:12:02 AM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Modified Date = 3/10/2008 7:12:16 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x1a90\x22d\x1a90\x22d\1"
"DeviceDesc"="\x1a90\x22d\x1a90\x22d\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x40c"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\swsetup\sp31101\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C 95 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\My Pictures\Anime\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\My Pictures\cool backgrounds\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\WreckedVan Feb 22 2008 1AM\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 7

< End of report >

Edited by Booman, 15 March 2008 - 03:07 PM.


#10 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 16 March 2008 - 01:10 PM

hey...sorry for the code box...it just happened...hey..is there anyway i can make the folders in MY PC all arrange by name forever..instead of having to rightclick and hit arrange by name?

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:20 AM

Posted 16 March 2008 - 10:46 PM

Hi Booman. It is supposed to be in a codebox ;).

I don't see alot of anything in there. Just a bit of housekeeping to take care of. It looks like most of the junk that was in there originally has laready been removed. Just follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
YN -> Flags -> 
YN -> Title -> 
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe -> C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe [C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\kav\kav7\setup.exe -> C:\kav\kav7\setup.exe [C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 95 bytes -> %AllUsersProfile%\Application Data\TEMP:D31BE97C

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new OTScanIt scan report (just use the default settings)
  • the SUPERAntiSpyware report
  • the latest .log file from the OTScanIt/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 17 March 2008 - 06:11 AM

there is this paretologic folder that keeps poppingup on startup..i have disabled it and yet it keeps coming back...

here is the results of the fix

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\kav\kav7\setup.exe deleted successfully.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C deleted successfully.
File not found!
< End of fix log >
OTScanIt by OldTimer - Version 1.0.5.2 fix logfile created on 03172008_070910

#13 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 17 March 2008 - 06:13 AM

here is the OTscanit...btw did you make this program?

OTScanIt logfile created on: 3/17/2008 7:11:27 AM
OTScanIt by OldTimer - Version 1.0.5.2	 Folder = C:\Documents and Settings\Jeff\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
382.48 Mb Total Physical Memory | 55.36 Mb Available Physical Memory | 14.47% Memory free
917.18 Mb Paging File | 531.31 Mb Available in Paging File | 57.93% Paging File free
Paging file location(s): C:\pagefile.sys 2 1152;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.71 Gb Free Space | 71.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFF
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 10:08:48 PM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 7/13/2005 10:05:00 PM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 1:11:12 PM | Attr =	]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 2:24:20 PM | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 1:12:22 PM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 2:10:32 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/2/2008 6:07:41 AM | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 2/29/2008 4:03:46 PM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.5.2 | Size = 310784 bytes | Modified Date = 3/14/2008 2:57:26 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 7/14/2005 1:31:16 PM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/1/2008 9:14:39 PM | Attr =	]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HPQ\shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 11/18/2004 1:32:56 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 6/20/2006 10:08:48 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Labtec Inc. [Ver = 10.5.1.1130 | Size = 105248 bytes | Modified Date = 3/6/2007 6:55:24 PM | Attr =	]
(NMSAccessU) NMSAccessU [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe ->  [Ver =  | Size = 71096 bytes | Modified Date = 10/12/2007 9:34:56 AM | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.200 | Size = 159744 bytes | Modified Date = 2/8/2005 5:38:10 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 7/13/2005 10:05:00 PM | Attr =	]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr =	]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12/3/2004 2:24:20 PM | Attr =	]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 12/13/2005 5:45:58 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =	]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2/2/2005 1:11:12 PM | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2/2/2005 1:12:22 PM | Attr =	]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.13.2 14Sep07 | Size = 102400 bytes | Modified Date = 9/15/2007 3:29:10 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
  ->  -> File not found
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr =	]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 7/14/2005 1:32:20 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisAllowRun -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\\1 -> braviax.exe -> 
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local;localhost -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3230 domain(s) found. -> 
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{20CA1405-A853-471B-91C1-3F9DCC804E6C} ->	(Broadcom 802.11b/g WLAN) -> 
{64E8A60B-E8A4-41DC-8A9B-D47A60785E14} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{7D83DE2E-FE01-4C56-BC3F-6BC9ECF22EDF} ->	() -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://ax.emsisoft.com/asquared.cab[a-squared Scanner] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Reg Error: Value  does not exist or could not be read.] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 



[Files/Folders - Created Within 30 days]
ATI -> %SystemDrive%\ATI ->  [Folder | Created Date = 3/12/2008 6:54:52 AM | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 223 bytes | Created Date = 3/6/2008 11:06:06 PM | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 3/6/2008 11:05:32 PM | Attr = RHS]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 3/6/2008 11:05:57 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 3/11/2008 9:40:15 PM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401133568 bytes | Created Date = 3/7/2008 9:44:41 PM | Attr =  HS]
WheelOfTime -> %SystemDrive%\WheelOfTime ->  [Folder | Created Date = 3/8/2008 11:31:24 PM | Attr =	]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 3/14/2008 8:16:34 PM | Attr =	]
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 3/14/2008 8:16:30 PM | Attr =	]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 3/14/2008 8:16:30 PM | Attr =	]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 3/14/2008 8:16:37 PM | Attr =	]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 3/14/2008 8:16:35 PM | Attr =	]
itchfltr.sys -> %SystemRoot%\System32\drivers\itchfltr.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 12953 bytes | Created Date = 2/22/2008 12:23:21 PM | Attr =	]
L8042PR2.SYS -> %SystemRoot%\System32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Created Date = 2/22/2008 12:28:20 PM | Attr =	]
LCcfltr.sys -> %SystemRoot%\System32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 14092 bytes | Created Date = 2/22/2008 12:23:22 PM | Attr =	]
LHidFlt2.Sys -> %SystemRoot%\System32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
LHidUsb.sys -> %SystemRoot%\System32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Created Date = 2/22/2008 12:23:22 PM | Attr =	]
LMouFlt2.Sys -> %SystemRoot%\System32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 3/15/2008 7:52:36 PM | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 3/15/2008 7:52:37 PM | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 3/15/2008 7:52:38 PM | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 3/15/2008 7:52:39 PM | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 3/15/2008 7:52:39 PM | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 3/15/2008 7:52:34 PM | Attr =	]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 3/14/2008 8:16:19 PM | Attr =	]
AS-Exp2.ocx -> %SystemRoot%\System32\AS-Exp2.ocx -> Ariad Software [Ver = 2.00.0055 | Size = 265753 bytes | Created Date = 3/7/2008 8:06:18 AM | Attr =	]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 3/14/2008 8:16:19 PM | Attr =	]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 3/14/2008 8:16:32 PM | Attr =	]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Created Date = 2/20/2008 2:25:56 PM | Attr =	]
COMNCTR.DLL -> %SystemRoot%\System32\COMNCTR.DLL -> Logitech Inc. [Ver = 9.79.019 | Size = 104960 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Created Date = 3/7/2008 7:58:32 AM | Attr =	]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
FEELIT.DLL -> %SystemRoot%\System32\FEELIT.DLL -> Immersion Corporation [Ver = 2.0.63 | Size = 94208 bytes | Created Date = 2/22/2008 12:28:40 PM | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
guard32.dll1 -> %SystemRoot%\System32\guard32.dll1 ->  [Ver =  | Size = 139008 bytes | Created Date = 2/21/2008 9:06:09 PM | Attr =	]
ifc21.dll -> %SystemRoot%\System32\ifc21.dll -> Immersion Corporation [Ver = 2.1.8 | Size = 155648 bytes | Created Date = 2/22/2008 12:28:40 PM | Attr =	]
IGUltraGrid20.ocx -> %SystemRoot%\System32\IGUltraGrid20.ocx -> Infragistics, Inc. [Ver = 2.01.0007 | Size = 1140472 bytes | Created Date = 3/7/2008 8:06:22 AM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Created Date = 3/7/2008 9:44:45 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/11/2008 7:14:30 AM | Attr =	]
LCOINST.DLL -> %SystemRoot%\System32\LCOINST.DLL -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 23372 bytes | Created Date = 2/22/2008 12:28:21 PM | Attr =	]
LGUICOM.DLL -> %SystemRoot%\System32\LGUICOM.DLL -> Logitech Inc. [Ver = 9.79.019 | Size = 97792 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
lmoufrc.dll -> %SystemRoot%\System32\lmoufrc.dll -> Logitech Inc. [Ver = 9.41.0 | Size = 152064 bytes | Created Date = 2/22/2008 12:28:22 PM | Attr =	]
LMOUSE16.DLL -> %SystemRoot%\System32\LMOUSE16.DLL -> Logitech, Inc. [Ver = 9.79.19.0 | Size = 3568 bytes | Created Date = 2/22/2008 12:28:38 PM | Attr =	]
LMOUSE32.DLL -> %SystemRoot%\System32\LMOUSE32.DLL -> Logitech, Inc. [Ver = 9.79.19.0 | Size = 16896 bytes | Created Date = 2/22/2008 12:28:37 PM | Attr =	]
locate.com -> %SystemRoot%\System32\locate.com ->  [Ver =  | Size = 11254 bytes | Created Date = 3/6/2008 10:55:08 PM | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 3/15/2008 7:52:05 PM | Attr =	]
streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll ->  [Ver =  | Size = 59392 bytes | Created Date = 2/18/2008 4:42:09 PM | Attr = R  ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/8/2008 11:40:38 AM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/8/2008 11:40:37 AM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/8/2008 11:40:37 AM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2652 bytes | Created Date = 3/7/2008 10:11:54 AM | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
XceedZip.dll -> %SystemRoot%\System32\XceedZip.dll -> Xceed Software Inc		(450) 442-2626		support@xceedsoft.com		www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Created Date = 3/11/2008 9:35:43 PM | Attr =	]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Created Date = 3/7/2008 9:44:46 PM | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2/22/2008 12:03:01 AM | Attr =	]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 24 bytes | Created Date = 3/4/2008 6:42:52 PM | Attr =	]
EntPack.dat -> %SystemRoot%\EntPack.dat ->  [Ver =  | Size = 445 bytes | Created Date = 3/4/2008 12:03:59 AM | Attr =	]
entpack.ini -> %SystemRoot%\entpack.ini ->  [Ver =  | Size = 84 bytes | Created Date = 3/3/2008 11:51:42 PM | Attr =	]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Created Date = 2/26/2008 12:30:10 AM | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Created Date = 2/22/2008 1:53:31 PM | Attr =	]
LOGI_MWX.EXE -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Created Date = 2/22/2008 12:28:23 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/8/2008 11:40:39 AM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 3/6/2008 11:49:23 PM | Attr =  H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 263 bytes | Created Date = 3/11/2008 6:21:00 PM | Attr =	]
PRCONTROL.ini -> %SystemRoot%\PRCONTROL.ini ->  [Ver =  | Size = 2 bytes | Created Date = 3/13/2008 10:24:44 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 3/16/2008 10:16:35 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 3/16/2008 10:16:35 AM | Attr =  H ]
rootkitno.ini -> %SystemRoot%\rootkitno.ini ->  [Ver =  | Size = 134 bytes | Created Date = 3/11/2008 7:18:08 PM | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 3/6/2008 11:05:22 PM | Attr =	]
UniFish3.exe -> %SystemRoot%\UniFish3.exe ->  [Ver =  | Size = 45568 bytes | Created Date = 3/11/2008 6:20:36 PM | Attr =	]
WPE PRO.INI -> %SystemRoot%\WPE PRO.INI ->  [Ver =  | Size = 318 bytes | Created Date = 2/17/2008 10:30:33 PM | Attr =	]
ParetoLogic Update.job -> %SystemRoot%\tasks\ParetoLogic Update.job ->  [Ver =  | Size = 414 bytes | Created Date = 3/15/2008 12:12:31 AM | Attr =	]
SmartDefrag.job -> %SystemRoot%\tasks\SmartDefrag.job ->  [Ver =  | Size = 344 bytes | Created Date = 3/15/2008 7:36:09 PM | Attr =	]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 446 bytes | Created Date = 3/7/2008 6:52:16 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 312 bytes | Created Date = 3/7/2008 6:52:13 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
ATI -> %SystemDrive%\ATI ->  [Folder | Modified Date = 3/12/2008 6:54:52 AM | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 223 bytes | Modified Date = 3/6/2008 8:11:01 PM | Attr =  HS]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 294 bytes | Modified Date = 3/16/2008 9:21:45 AM | Attr =  HS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 3/6/2008 11:06:07 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/17/2008 7:06:37 AM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/22/2008 2:20:54 AM | Attr =	]
DVDVideoSoft -> %SystemDrive%\DVDVideoSoft ->  [Folder | Modified Date = 3/5/2008 8:42:52 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 401133568 bytes | Modified Date = 3/17/2008 6:57:22 AM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/17/2008 7:06:24 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/22/2008 2:20:55 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/26/2008 5:35:37 PM | Attr =  HS]
WheelOfTime -> %SystemDrive%\WheelOfTime ->  [Folder | Modified Date = 3/9/2008 12:14:25 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/16/2008 10:16:35 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 3/8/2008 12:01:52 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 736 bytes | Modified Date = 3/8/2008 7:33:22 PM | Attr =	]
hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak ->  [Ver =  | Size = 27 bytes | Modified Date = 3/7/2008 6:36:42 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Modified Date = 3/11/2008 7:13:33 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/14/2008 10:58:52 PM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:48 PM | Attr = RH ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 2/20/2008 2:25:56 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/14/2008 7:46:44 PM | Attr =	]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 3/14/2008 8:16:34 PM | Attr =	]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 3/7/2008 7:58:32 AM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 3/1/2008 1:25:50 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/8/2008 1:03:38 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/16/2008 11:15:07 AM | Attr =	]
guard32.dll1 -> %SystemRoot%\System32\guard32.dll1 ->  [Ver =  | Size = 139008 bytes | Modified Date = 2/21/2008 9:06:05 PM | Attr =	]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 3/7/2008 9:44:45 PM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 2/20/2008 2:51:55 PM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:47 PM | Attr = RH ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:47 PM | Attr = RH ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 68806 bytes | Modified Date = 3/10/2008 8:24:31 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 436328 bytes | Modified Date = 3/10/2008 8:24:32 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 511348 bytes | Modified Date = 3/10/2008 8:24:21 PM | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 3/12/2008 6:57:56 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/11/2008 9:23:40 AM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:48 PM | Attr = RH ]
streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll ->  [Ver =  | Size = 59392 bytes | Modified Date = 2/18/2008 4:42:21 PM | Attr = R  ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2652 bytes | Modified Date = 3/7/2008 6:37:06 PM | Attr =	]
VITrans -> %SystemRoot%\System32\VITrans ->  [Folder | Modified Date = 3/7/2008 8:12:26 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 3/10/2008 8:24:51 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/11/2008 10:04:21 PM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:48 PM | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Modified Date = 3/7/2008 9:44:46 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 3/11/2008 9:20:04 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/17/2008 6:57:26 AM | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 24 bytes | Modified Date = 3/4/2008 6:42:52 PM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 3/17/2008 6:57:19 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/13/2008 9:59:11 PM | Attr =   S]
EntPack.dat -> %SystemRoot%\EntPack.dat ->  [Ver =  | Size = 445 bytes | Modified Date = 3/4/2008 12:03:59 AM | Attr =	]
entpack.ini -> %SystemRoot%\entpack.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 3/4/2008 8:25:30 AM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 3/8/2008 11:59:13 AM | Attr =	]
EurekaLog.ini -> %SystemRoot%\EurekaLog.ini ->  [Ver =  | Size = 73 bytes | Modified Date = 2/26/2008 12:30:17 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 3/16/2008 1:51:17 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/14/2008 11:01:30 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/17/2008 7:06:36 AM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2/20/2008 10:40:04 PM | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 51 bytes | Modified Date = 2/22/2008 5:40:20 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 3/12/2008 10:27:32 PM | Attr =	]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 3/1/2008 1:25:43 PM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 2541 bytes | Modified Date = 3/16/2008 4:17:43 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 3/6/2008 11:49:23 PM | Attr =  H ]
PowerReg.dat -> %SystemRoot%\PowerReg.dat ->  [Ver =  | Size = 263 bytes | Modified Date = 3/11/2008 6:49:04 PM | Attr =	]
PRCONTROL.ini -> %SystemRoot%\PRCONTROL.ini ->  [Ver =  | Size = 2 bytes | Modified Date = 3/13/2008 10:24:44 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/17/2008 7:06:49 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 3/16/2008 10:16:36 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/17/2008 6:58:55 AM | Attr =  H ]
rootkitno.ini -> %SystemRoot%\rootkitno.ini ->  [Ver =  | Size = 134 bytes | Modified Date = 3/11/2008 8:19:52 PM | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 3/6/2008 11:05:22 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 435 bytes | Modified Date = 3/16/2008 9:21:45 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/16/2008 4:15:50 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/15/2008 7:36:09 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/17/2008 6:59:45 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 582 bytes | Modified Date = 3/16/2008 9:21:45 AM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 3/16/2008 10:10:48 PM | Attr = RH ]
WPE PRO.INI -> %SystemRoot%\WPE PRO.INI ->  [Ver =  | Size = 318 bytes | Modified Date = 3/4/2008 11:50:06 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/12/2008 9:20:19 PM | Attr =	]
ParetoLogic Update.job -> %SystemRoot%\tasks\ParetoLogic Update.job ->  [Ver =  | Size = 414 bytes | Modified Date = 3/15/2008 12:33:09 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/17/2008 6:57:29 AM | Attr =  H ]
SmartDefrag.job -> %SystemRoot%\tasks\SmartDefrag.job ->  [Ver =  | Size = 344 bytes | Modified Date = 3/16/2008 10:00:02 PM | Attr =	]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 446 bytes | Modified Date = 3/17/2008 6:58:04 AM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 312 bytes | Modified Date = 3/7/2008 7:03:15 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 3/11/2008 10:07:44 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5504 bytes | Modified Date = 3/11/2008 10:07:43 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8432 bytes | Modified Date = 3/12/2008 9:31:40 PM | Attr =	]
Perflib_Perfdata_1b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/17/2008 6:57:42 AM | Attr =	]

< End of report >


#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:20 AM

Posted 17 March 2008 - 10:42 AM

Hi Booman, everything looks fine in the log. I still need the report from the SuperAntiSpyware scan.

Paretologic makes a number of security programs, some of which have been installed on this system. XSoftSpy and Paretologic's Antispyware. If they start up automatically then most of those types of apps have options to disable automatically starting at system start. Look under the options or tools items. If not, then the only other option is to uninstall them.

If there are still problems with Firefox and passwords, uninstall it completely and then reinstall it.

As for OTScanIT, yes I did write it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Booman

Booman
  • Topic Starter

  • Banned
  • 525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 17 March 2008 - 05:43 PM

yeah but the folder pops up..not the program




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2008 at 07:36 AM

Application Version : 4.0.1154

Core Rules Database Version : 3420
Trace Rules Database Version: 1412

Scan type : Complete Scan
Total Scan Time : 00:25:02

Memory items scanned : 444
Memory threats detected : 0
Registry items scanned : 5850
Registry threats detected : 0
File items scanned : 14577
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Jeff\Cookies\jeff@ad.yieldmanager[2].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users